|
| |
|
|
|
|
|
|
|
Visa to Push on Compliant Applications |
|
|
|
Beginning January 1, 2008, Visa will implement a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system. These mandates require acquirers to ensure their merchants and agents do not use payment applications known to retain prohibited data elements and require the use of payment applications that adhere to Visa’s Payment Application Best Practices (“PABP”). PABP-compliant applications help merchants and agents mitigate compromises, prevent storage of prohibited data and support overall compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) and the Visa U.S.A. Inc. Operating Regulations. A list of PABP-validated applications is available at www.visa.com/pabp.
Vulnerable payment applications have proved to be the leading cause of compromise incidents, particularly among small merchants. Visa U.S.A. Inc. Operating Regulations prohibit the storage of the full content of any magnetic-stripe, CVV2 or PIN data and require compliance with the PCI DSS. Merchants and agents that use payment applications that store prohibited data or have inherent security weaknesses will not be compliant with the PCI DSS and are at high risk of being compromised.
|
|
|
ETA Members Only |
| member information
membership status
member-only content | |
|
|
|
|
