December 29, 2006, 12:00 AM

Visa`s security deal: Cash in if you comply

Following a series of database breaches at U.S. retailers in 2006, Visa U.S.A. last month stepped up the pressure on merchant banks to bring the largest U.S. retailers into compliance with the Payment Card Industry Data Security Standard.

Internet Retailer

Following a series of database breaches at U.S. retailers in 2006, Visa U.S.A. last month stepped up the pressure on merchant banks to bring the largest U.S. retailers into compliance with the Payment Card Industry Data Security Standard, which requires retailers to protect credit card account data.

Prior to this latest effort, Visa had levied $4.6 million in 2006 fines, up 35% from $3.4 million in 2005, with only 15% of “Level 2” merchants-those doing 1-6 million Visa transactions a year-complying with the security standard. Compliance is at 36% for Level 1 merchants, or those doing more than 6 million transactions.

“We have had a number of cardholder data compromises with large merchants and small merchants and what we want to do is to ensure that our merchants that present the greatest exposure to us are properly secured,” Eduardo Perez, vice president of payment system risk, Visa USA, says.

The standard, developed by Visa and other major credit card companies, requires retailers to protect credit card account data. It specifically requires merchants to limit their use of magnetic stripe and other information to validate transactions, but to avoid storing that information in a database where it could be stolen.

Under the new penalties, Visa will fine merchant acquirers from $5,000 to $25,000 a month for each Level 1 or Level 2 merchant that is not compliant with the standard by Sept. 30, and Dec. 31, respectively. In addition, acquirers face monthly fines of up to $10,000 if they fail to confirm by March 31 that their Level 1 and 2 merchants are not storing magnetic stripe data.

As part of the new program-the PCI Compliance Acceleration Program-merchants will not qualify for lower interchange rates for card transactions if they fail to comply with the standard.

Visa also will offer $20 million in incentives to merchant acquirers if their retailers comply by Aug. 31 and have not been involved in a data compromise. The goal is to promote faster compliance, Perez says.

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Advertisement

Advertisement

Advertisement

Relevant Commentary

FPO

Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...

FPO

Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...

Advertisement