New Merchants must use PA-DSS Compliant Applications by this time next year but "Existing Merchants" still have 2 more years to put your cardholder data at risk!
Visa has announced global requirements for financial institutions to ensure their merchant customers and agents use secure payment applications, that do not store prohibited data elements and adhere to the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS).
As per the deadlines, in addition to the US and Canada financial institutions, in Asia Pacific, Central and Eastern Europe, Middle East and Africa (CEMEA) and Latin America and the Caribbean (LAC), Visa acquirers must ensure that newly signed merchants use PA-DSS compliant applications by July 2010.
By July 2012, those acquirers must ensure that existing merchants and agents in the Visa network use PA-DSS compliant applications.
Eduardo Perez, head of global data security, Visa, commented: "Criminals are targeting certain versions of software known to have security vulnerabilities. It's essential that every business that handles payment card information adhere to the highest data protection standards to protect the security and privacy of their customers' financial information.”
The PA-DSS is a global set of security requirements for software vendors who develop payment applications. PA-DSS compliant applications do not store prohibited data such as track data, sensitive authentication data, or PIN data, helping merchants and agents mitigate compromises and support overall compliance with the Payment Card Industry Data Security Standard (PCI DSS).