The information below is from First Data
"Several of you have asked questions about SecurityMetrics and the phone calls they are making to our merchants. Here is the campaign that is currently underway:
We recently started an official Level 4 PCI compliance program for FDS. SecurityMetrics is the preferred security vendor for the Level 4 program and is helping to manage it which includes a phone campaign. Communications in regards to PCI compliance were included in the Spring release letter and info regarding SecurityMetrics has been included as statement messages for the past couple of months for our merchants. As you know, all merchants are required to be PCI compliant.
While SecurityMetrics is the preferred vendor, the merchants are not required to use them. For those merchants who require scans, they have to be completed by an Approved Scanning Vendor (ASV). A listing of ASVs can be found by visiting the card association websites or at http://www.pcisecuritystandards.org/. Merchants who decide to use SecurityMetrics’ services would receive a preferred discount (if they don’t already have the Annual Compliance Fee of $94.75 listed on their MPA).
Please see below for additional PCI compliance information:
Merchant Level Description
Level 1:
Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 2:
Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.
Level 3:
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
Level 4:
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year."
Additional information can be found on these websites:
www.pcisecuritystandards.org - Includes a complete list of PCI DSS requirements, the self assessment questionnaire, and approved security assessors/scan vendors.
www.visa.com/cisp - Additional compliance and validation information, and lists of validated payments applications and compliant service providers.
www.mastercard.com/sdp - Additional compliance and validation information.
If you have any questions regarding this information, please contact Richard Del Valle, First Data Account Executive, Western Region at (408) 274-2206.