More mandates coming from Visa

Visa Inc. will issue a series of five security mandates pertaining to payment applications starting Jan. 1, 2008. In a bulletin issued Oct., 23, 2007, Visa stated the mandates "require acquirers to ensure their merchants and agents do not use payment applications known to retain prohibited data elements and require the use of payment applications that adhere to Visa's Payment Application Best Practices (PABP)."

The mandates take effect over three years. Visa provided a summary of each:

• Jan. 1, 2008: Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications.

• July 1, 2008: VNPs and agents must only certify new payment applications to their platforms that are PABP-compliant.

• Oct. 1, 2008: Newly boarded level 3 and 4 merchants must be Payment Card Industry (PCI) Data Security Standard (DSS) compliant or use PABP-compliant applications.

• Oct. 1, 2009: VNPs and agents must decertify all vulnerable payment applications.

• July 1, 2010: Acquirers must ensure their merchants, VNPs and agents use only PABP-compliant applications.

To download Visa's full Oct. 23 bulletin, visit www.greensheet.com/mc/visacisp_oct2007.pdf . For a list of PABP-validated applications, visit www.visa.com/pabp .

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.