What's new

Visa to Push for End of Non-Secure Payment Applications
Beginning January 1, 2008, Visa will implement a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system. These mandates require acquirers to ensure their merchants and agents do not use payment applications known to retain prohibited data elements and require the use of payment applications that adhere to Visa’s Payment Application Best Practices (“PABP”). PABP-compliant applications help merchants and agents mitigate compromises, prevent storage of prohibited data and support overall compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) and the Visa U.S.A. Inc. Operating Regulations.

Visa says : "Vulnerable payment applications have proved to be the leading cause of compromise incidents, particularly among small merchants. Visa U.S.A. Inc. Operating Regulations prohibit the storage of the full content of any magnetic-stripe, CVV2 or PIN data and require compliance with the PCI DSS. Merchants and agents that use payment applications that store prohibited data or have inherent security weaknesses will not be compliant with the PCI DSS and are at high risk of being compromised."

Read more...

Mastercard Merchant Education Program
This PCI Merchant Education Program is a complimentary offer by MasterCard to its Acquiring Bank Members and to their merchants to provide assistance in broadening adoption of the Payment Card Industry Data Security Standard (PCI DSS).  The Merchant Education Program provides a holistic view of the PCI DSS through an informative series of industry topics designed to fit acquirers’ and merchants’ needs.

MasterCard has worked with several of the leading security vendors, forensics investigators, Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) in the Payment Card Industry to deliver these insightful modules. Available on demand and by area of interest, the modules can be easily accessed at the viewer’s convenience by clicking on this link.

Inaugural PCI Security Standards Council Community Meeting Confronts Latest Security Threats Facing the Payment Card Industry
The PCI Security Standards Council, an independent industry standards body providing management of the Payment Card Industry Data Security Standard on a global basis, today announced the successful completion of the first PCI Security Standards Council Community Meeting, held in Toronto, Ontario on September 17-19, 2007. This highly anticipated event attracted hundreds of Council supporters and payment data security advocates from around the globe. The meeting served as a platform for collaboration in the evolution of data security standards, where participants shared best practices, heard about the security experiences of representatives from across the payment industry and planned for the future of credit card data security.

Read more...

Industry Compliance Information

Visa

• Visa Merchant Rules
• Visa Operating Regulations
• Cardholder Information Security Program

MasterCard

• MasterCard Member Service Provider Rules (PDF)
• MasterCard Merchant Rules
• MasterCard Site Data Protection Program

Discover Network

• Discover Network Merchant Resources
• Acquirer Resource Center

American Express

• Merchant Acceptance Resources

PCI Security Standards Council

• PCI SSC Website
• PCI Data Security Standard

Automated Clearing House (ACH)

• ACH Rule Annoucements and Operations Bulletins
• ACH Operating Rules and Guidelines (subscription required)