Visa Steps Up PCI Enforcement

Visa U.S.A. has stepped up enforcement of the Payment Card Industry (PCI) Data Security Standard (DSS) against major retailers. "Visa and the industry as a whole are moving aggressively to broaden compliance efforts," the card association stated. Enforcement measures include the threat of fines against level-one and level-two merchants.

The association is getting tough with its biggest revenue generators due to the risks posed by repeated lapses at retail and nonretail companies and government agencies with the personal identity data of customers, employees and private citizens.

"Today's security environment demands that locking down sensitive cardholder data be a top priority for all parties entrusted with such data," Visa stated. Level-one merchants must have validated compliance prior to Sept. 30, 2006, Visa stated. Approximately 20 level-one merchants are currently eligible for fines, which can range from $10,000 to $100,000 a month.

Acquiring banks are ultimately liable for fines levied against their merchants. "Acquiring banks' eligibility for fines is based on their merchants' failure to validate compliance with the PCI DSS or for not providing a timeline for doing so," Visa stated.

In July, Visa also began the process for ramping up enforcement efforts for level-two merchants. "We also continue to explore merchant incentives in addition to fines, as a way to help merchants implement these important security measures." The association did not elaborate on the types of incentives it contemplates using.

This issue home | Back | Next

© 2006-2008 ACH Direct, Inc. All rights reserved.
ACH Direct, Inc. is a registered ISO and MSP of HSBC Bank USA NA, Buffalo, N.Y.

Legal Information | Privacy Statement