The Green Sheet Online Edition
August 8, 2007 • 07:08:02
Visa's vigilance pays off, PCI compliance takes off
Visa U.S.A. took the lead in launching the Payment Card Industry (PCI) Data Security Standard Compliance Acceleration Program (CAP) in 2006. Now the campaign to boost data security is bearing fruit. PCI CAP uses incentives and fines to compel errant merchants to change lax security practices.
And in July 2007, Visa reported that 96% of the largest businesses accepting Visa bankcards confirm they no longer store sensitive account data, including security codes and PINs.
Michael E. Smith, Visa's Senior Vice President of Enterprise Risk and Compliance, said that by removing "prohibited data" from payment systems, businesses "are denying hackers the data they covet for use in counterfeiting payment cards and are thus making their businesses and the payments system more secure."
Acquirers reported to Visa the following levels of compliance with PCI CAP as of July:
- Level 1 merchants: 40% had validated compliance; 50% had submitted initial validation reports and were working to remedy deficiencies.
- Level 2 merchants: 33% had validated compliance; 42% had submitted initial validation reports and were working to remedy deficiencies.
- Level 3 merchants: 52% had validated compliance; 22% had submitted initial validation reports and were working to remedy deficiencies.
Expanded scrutiny ahead
Visa's early compliance efforts focused on larger businesses. Recently, the company zeroed in on smaller businesses (level 4 merchants), as well as the acquirers and processors that service them. (See "Who's minding the small-business store, Visa wants to know," The Green Sheet, Aug. 13, 2007, issue 07:08:01.)
"Although some progress has been made among large merchants, it's clear that fraud will migrate to the weakest link," said Avivah Litan, Vice President and Distinguished Analyst for research firm Gartner Inc. "Any efforts by the industry to reinforce the system's armor, especially among small businesses, is a good approach," she said.
To this end, Visa has partnered with the National Federation of Independent Business to offer on the Web site www.nfib.org educational materials, webinars and other online tools to help businesses achieve PCI compliance.
Additionally, the card Association has a list of comp-liant service providers online at www.usa.visa.com/download/merchants/cisp_list_of_cisp_compliant_service_providers.pdf.
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
