Tuesday, November 11, 2008

Visa Sets Global PCI DSS Deadlines

If you store cardholder data this affects you. Please read this press release from Visa.

"Visa Inc. (NYSE: V) today announced global mandates for compliance with the Payment Card Industry Data Security Standard (PCI DSS), creating a consistent framework for compliance among merchants, service providers and their agents.

The enhancements include a global set of requirements for merchants to validate their compliance with PCI DSS; and for the largest merchants, dates by which they must achieve validation. Deadlines are also set for large and mid-level merchants to demonstrate that they are not storing certain types of sensitive card data. Service provider levels and PCI DSS validation requirements have likewise been aligned under a global standard and compliance timeline. Compliance with PCI DSS will help protect businesses from financial and reputational harm that often results from cardholder data compromises. Visa data security compliance programs have provided compelling incentives for merchants and agents to properly secure cardholder data.
The new framework establishes the minimum requirements for Visa Inc. regions. As an independent company and licensee of Visa International for the business operations in European markets, Visa Europe's PCI DSS framework requires compliance validation and risk mitigation for Level 1 merchants; however the region will be adhering to a different timeline and process for executing compliance validation.
"Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc. "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."
MERCHANT VALIDATION REQUIREMENTS
Alignment of Merchant Levels and PCI DSS Validation RequirementsA comprehensive set of international security requirements for safeguarding cardholder data, PCI DSS was developed by Visa along with the four other founding payment brands of the PCI Security Standards Council. Compliance is required of all merchants and any entity that stores, processes or transmits cardholder data. " more...

No comments: