|
| |
|
|
|
|
|
|
|
Visa Requires Level 4 Merchant PCI Compliance Plans by July 31 |
|
|
|
Visa will give aquirers with Level 4 merchants until July 31 to have PCI compliance plans in place. Level 4 merchants handle less than a third of transactions in the Visa system but represent more than 99 percent of the merchants that accept Visa cards. Because the group is so large and relatively less sophisticated, it represents more potential for cardholder data compromises than Level 1, 2, and 3 merchants combined.
The Visa CISP Bulletin—“Level 4 Merchant Compliance Program Requirements”—issued May 14, 2007, provides an outline of what is expected from each acquirer and illustrative guidance on developing a plan. Each compliance plan “must include: (1) a timeline of critical events; (2) a risk-profiling strategy; (3) a merchant education strategy; (4) a compliance strategy; and (5) compliance reporting.”
Many acquires may have already submitted Level 4 compliance plans as part of the PCI Compliance Acceleration Program (CAP); however, those that do not meet the July 31 deadline will be subject to costly risk control measures.
|
|
|
ETA Members Only |
| member information
membership status
member-only content | |
|
|
Upcoming Events |
Compliance Day | September 21, 2010
Orlando, FL | | |  | | | | October 26-28, 2010
The Breakers
Palm Beach, FL | | |  | | | | May 10-12, 2011
San Diego, CA |
|
|
|
|
