Visa PCI CAP Program

Visa is the first credit card company to start a program that combines fines with incentives for acquirers to make their merchants PCI compliant, no matter the level.

Visa has invested over $20 million dollars in order to pay Level 1 and Level 2 acquirers a one-time payment, for each merchant, if each Level 1 and Level 2 merchant is compliant by March 31, 2007. Acquirers whose Level 1 and Level 2 merchants validate compliance after March 31 and prior to August 31, 2007 will be eligible to receive a reduced one-time payment for each qualifying merchant.

"Locking down cardholder data is an important security component that will benefit financial institutions and merchants, and is equally important to maintain consumer trust in Visa," said Michael E. Smith, senior vice president of Enterprise Risk and Compliance at Visa USA, in a Visa press release.

"By combining both incentives and fines, we expect acquirers to increase their efforts with merchants to accelerate their progress toward becoming PCI compliant and eliminating the storage of sensitive card data. Nothing is more important to Visa than securing commerce."

As well, under the CAP plan, acquirers are required to validate Level 1 and 2 merchant compliance with PIN security. This means that Level 1 and Level 2 merchants must not use payment devices such as PIN pads, and encourages the use of unique encryption keys for every device.

For Level 3 and 4 merchants, acquirers must establish a thorough compliance program for those merchants. According to Visa, as of October 1, 2007, acquirers whose transactions qualify for lower interchange rates available in the Visa and Interlink tiers must ensure that the merchants generating the transactions are PCI compliant in order to receive this benefit.

Suggested Links:

• www.visa.com/cisp
• http://usa.visa.com/about_visa/press_resources/news/press_releases/nr367.html
• http://usa.visa.com/download/merchants/changes_to_merchant_levels_bulletin.pdf
• www.controlscan.com

                    

Print this page

Send this page to a friend

PCI DSS: 5 Guidelines for Gaining PCI Compliance Step 1: An Introduction to PCI Compliance PCI Compliance Introduction Who Put the DSS in PCI? Step 2: Finding The PCI DSS Merchant, Service and Compliance Level Should Your Organization be Concerned about PCI Compliance? PCI DSS: The Visa CISP Program MasterCard SDA Program Defining Merchant Validation Levels Level 4 Merchant Compliance Visa PCI CAP Program Defining Service Provider Validation Levels Acquirer Responsibility Calculating Merchant Transactions PCI DSS: Visa and MasterCard Quick Reference Guide Step 3: Attaining PCI DSS Compliance-Merchant Security Audits: 12 Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV) Do You Need an ASV? Merchant and Service Provider Scanning Requirements Compliance Reporting Visa and Compliance Reporting MasterCard and Compliance Reporting Step 5: Completing the PCI DSS Self Questionnaire Completing the PCI DSS Self Questionnaire PCI Compliance Polls Are you currently PCI Compliant? Yes No Working towards compliance Why are you looking at PCI Compliance Required By Credit Card Processor Required By Bank Want to meet industry standards Looking to secure network What merchant level do you fall under for PCI Compliance? Level 1 Level 2 Level 3 Level 4 I have no idea View PCI Merchant Level Results View All PCI Compliance Poll Results EV SSL Certificate Guide Sponsored Listing: