PCI DSS: Merchant level
Sep 29th, 2007 by Jesper Kråkhede
Apparently there is a ongoing misunderstanding regarding the difference in what you have to do when you are a level 1 or level 4 merchant. It is important to understand that ALL rules apply no matter your level but the way you prove it to the auditor differs. The main issue is that if there is a breach that is tracked back to you there will be a fullscale audit. If you have taken the short road and only made yourself compliant to reach the selfassesment questions you are in for a bad surprise when the auditors finds what you have missed. Just in a flash you are not compliant anymore and that will be very costly.