As noted on this page, this now deletes the use of “gateway” as part of the definition. This was always an incredibly confusing and ambiguous term. I had actually spoken with the leader of the CISP compliance team years ago about this definition. That’s when I made the post that you are referring to.

Now, SP’s are strictly classified by volume. However, a level 2 provider does not have to have an independent audit. Practically speaking, this means that they have not had their compliance validated. From a competitive standpoint, I think that a level 2 SP would have a very difficult time competing in a market with level 1 SP’s.

Thanks for your comments. I am hoping to resurrect this blog soon and resume regular posts.

I realise that this is an old entry but you say

>By Visa’s definition, any service provider that stores, processes,
>and/or transmits cardholder data as part of a payment transaction
>is a Level 1 Service Provider. So in other words, a company that
>has access to cardholder data as part of a payment is automatically
>defined to be Level 1.

I’ve had a look at the linked Visa article and can’t see how you are coming to this conclusion.

Maybe the linked article has changed since?

Paschal.