Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, December 14, 2006

Visa U.S.A. adds financial incentives, fines to PCI program

Visa U.S.A. Inc. is adopting a carrot-and-stick approach to help drive merchant compliance with the Payment Card Industry (PCI) data security standard that it—along with other credit card companies such as MasterCard International Inc. and American Express Co.—is pushing.  The company announced that it has created a new $20 million incentive program under which it will monetarily reward “acquiring” financial institutions if their members are fully compliant with PCI requirements by Aug. 31, 2007.  At the same time, acquiring banks that fail to ensure compliance by Sept. 30, 2007, will be assessed fines starting at $5,000 a month for each noncompliant merchant.

Visa’s new Visa PCI Compliance Acceleration Program is designed to spur entities that are covered by PCI rules to comply in a speedy fashion, said Jennifer Fischer, a director at Visa U.S.A. “This program is part of our larger strategy for protecting cardholder data and to ensure that we are doing everything we can to protect it from compromise,” she said.

It targets the financial institutions responsible for the largest 1,200 merchants—known in PCI-speak as Level 1 and Level 2 merchants—which together account for about two-thirds of Visa’s total transaction volumes, she said.

Though nearly 18 months have passed since PCI rules went into full effect, only 36% of Tier 1 merchants and 15% of Tier 2 merchants are currently compliant with the requirements, according to Visa.

As part of the compliance validation process, merchants will need to show that they have purged all magnetic stripe data, Card Verification Value data and PIN data from their point-of-sale (POS) and other systems, Fischer said.

Posted on 12/14