Security standards get tighter for smaller merchants

Mppx - digital security and IT Support for pci details.

The credit card game is changing for small to medium sized businesses. Visa recently announced that it will require all Level 4 merchants in the U.S. and Canada to validate PCI DSS compliance annually starting January 31, 2017.

Level 4 merchants are those businesses that process less than 20,000 Visa eCommerce transactions per year or that process up to 1 million total transactions regardless of acceptance channel. That pretty much means any small to medium sized business that takes Visa.

Why it‘s necessary

Small businesses sometimes assume that data security and PCI compliance is less of a concern for them because they handle smaller volumes of credit card data. But that just is not the case — data is data and stealing from less secure businesses happens all the time.

Visa has always required Level 4 merchants to comply with the PCI DSS. But now the credit card company is also requiring annual validation of that compliance.

The change comes as a result of the EMV shift last year in the U.S. and Canada. EMV, which stands for Europay, MasterCard, and Visa, is a new global standard for credit cards equipped with computer chips and security technology to authenticate transactions, making card present transactions more secure.

The shift in technology can leave smaller merchants, which have not installed chip card readers or better information security, vulnerable to attacks on Internet-based purchases. That risk has prompted Visa to take action to encourage smaller businesses to tighten security and avoid the uptick in fraud, similar to what was seen in Europe after merchants there shifted to EMV cards.

What does it mean?

Beginning Jan. 31, 2017, all Level 4 merchants must use only PCI-certified Qualified Integrators and Reseller (QIR) professionals for point-of-sale application, and terminal installation and integration. That’s meant to ensure all technology is installed correctly and is therefore more secure.

After that date, Level 4 Merchants must annually validate PCI DSS compliance or participate in the Technology Innovation Program, an alternative to the PCI assessment. If the new requirements are not fulfilled, Level 4 merchants may possibly face fines and penalties, especially if credit card data is stolen.

This might seem like an imposition on small businesses, but ask yourself this: What’s worse, spending a little money to be more secure, or spending a lot of money to clean up a data breach?

How does ZZ Servers fit in?

ZZ Servers’ PCI hosting packages are available for PCI Level 1 though 4 merchants, offering a fully PCI compliant hosting solution built in a dedicated environment that contains all necessary controls and features to meet current and future PCI compliance requirements.

Questions? Contact us.



What do you think?

Leave a Reply

Related articles

Two business people sitting at a desk in an office.

Integris Health Patients Face Shocking Extortion Emails Following Devastating Cyberattack

Integris Health, an Oklahoma-based healthcare provider, is notifying patients they may receive extortion emails after suffering a cyberattack. The attack targeted the systems of NoMoreClipboard, an online patient portal, affecting 102,000 patients. Cybercriminals are demanding $2,000 in Bitcoin for the return of patient data, including medical records and contact information.

Read more
Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?

We Schedule a call at your convenience 


We do a discovery and consulting meting 


We prepare a proposal 

Schedule a Free Consultation