Visa sets PCI compliance deadlines for rest of world

Share this article:
The largest merchants operating overseas will have less than two years to secure credit card transactions, Visa announced on Monday.

Level-one retailers -- those processing more than six million Visa transactions per year -- must prove adherence to the Payment Card Industry Data Security Standard (PCI DSS) by Sept. 30, 2010, Visa said in a news release. After that date, Visa may begin issuing fines to acquiring banks, which typically pass the penalties down to the merchants.

Visa also announced that as of Sept. 30, 2009, level-one and level-two merchants -- which process between one and six million Visa transactions -- cannot retain any data encoded on the magnetic stripe on the back of the card, such as PINs or security codes.

"Hackers are looking for this type of data because of its use in counterfeiting payment cards, and that is why Visa prohibits its storage," said Eduardo Perez, head of global data security at Visa.

Deadlines for U.S.-based level-one and level-two merchants to comply with PCI DSS already have passed.

Jon Oltsik, senior analyst at Enterprise Strategy Group, said the extension of Visa deadlines to the rest of the world shows the PCI standard has evolved into "a model of best practices."

"The threat isn't a North American threat," Oltsik told "The threat is a global threat. The bad guys are going to go where they think it's easiest to break into. Visa wants to make sure (the standard) gets spread around the world as quickly as possible."

He said most U.S.-based firms with outlets overseas likely have already implemented PCI specifications across their companies.

"If you're a large multinational, typically you don't do these things on a geographic basis," Oltsik said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.