Edits to fix issues with PCI DSS levels

[seanlane]

I'm not sure these edits should necessarily be accepted, but there's a few fundamental issues with some of the PCI documentation.

1. PCI DSS levels are determined by number of transactions per year, not per month
2. PCI DSS levels are determined by number of transactions per payment network, not the number in aggregate. For example, 4 million transactions on MasterCard and 4 million on Visa would still have you considered as a Level 2 provider for both networks
3. PCI DSS levels are not specifically defined as a common number of transactions. The current documentation indicates that as long as you are under 6 million transactions monthly in aggregate, you will be at Level 2 or lower. This is incorrect, because it's determined per payment network. Visa and MasterCard set Level 1 compliance as 6 million transactions, but American Express sets Level 1 at 2.5 million annual transactions. It's also possible that this differs by the country of operation as well, but I'm not certain of that.

I'd highly recommend revisiting this documentation, and adjusting it to accurately reflect the requirement for achieving PCI compliance.