The new Payment Card Industry (PCI) Data Security Standard, disclosed to the companies' members in December, aligns Visa's Cardholder Information Security Program (CISP) technical requirements, compliance criteria and validation processes with those of MasterCard's Site Data Protection (SDP) program.
John Verdeschi, vice-president of e-business and emerging technologies for MasterCard, said that while the programs were similar and shared the same goal of protecting cardholder data, they had different documentation, definitions and standards. "It became clear that this was a noncompetitive issue and that a single approach would benefit everyone," he said.
The move will simplify security for merchants, eliminate overlap, and should result in cost savings, said John Shaughnessy, Visa senior vice-president, fraud management.
Chris Noell, vice president of business development at security-services firm Solutionary said: "People in the industry can now read one standard and have confidence if they comply with that, they've addressed security across all the card brands."