Resources for Federal Financial Institutions Examination Council (FFIEC)

PCI Compliance: Visa Marks Progress In Securing Merchant Systems

www.retailsolutionsonline.com

Visa USA recently announced that 96 percent of the largest businesses[1] that accept Visa cards for payment have confirmed they are not storing sensitive account data. Storing prohibited account data including security codes and PINs violates Visa rules and increases a business' risk by making it a target for hackers.

"We know that merchants that store full magnetic-stripe data expose themselves to risk exponentially," said Michael E. Smith, senior vice president of Enterprise Risk and Compliance at Visa USA. "By removing prohibited data from their payment systems, large and small businesses alike are denying hackers the data they covet for use in counterfeiting payment cards and are thus making their businesses and the payments system more secure." Smith also noted that ensuring that prohibited data is not retained is an important step toward achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Purging sensitive data such as magnetic stripe (also known as track data), CVV2 (the security code on the back of the card) and PIN data from merchant payment systems and growing compliance with the PCI DSS were the stated goals of Visa's PCI Compliance Acceleration Program (PCI CAP) launched in December 2006. Through PCI CAP, Visa became the first payment brand to use a unique combination of incentives as well as fines to promote data security.

View the Resource

Share or bookmarklet this web page at: