Visa may offer incentives for merchants to comply with security standard

Visa USA is considering offering incentives to encourage merchants to comply with the Payment Card Industry Data Security Standard, according to CEO John Philip Coghlan.

In a speech last month to attendees at the Electronic Transactions Association annual meeting, Coghlan said that only 20% of merchants were in compliance with the standards mandated by the card associations to protect customers’ confidential data.

IRCE 2008 Conference Multi-Media CD-ROM

“We’re seeing improved compliance,” Coghlan said, noting that only 2% of the top 200 merchants were PCI compliant in April 2005. Visa expects two-thirds of those merchants to be compliant by year-end.

“While that’s substantial progress, it’s insufficient to the task,” he said. “We have to work with merchants and (merchant acquirers) to identify roadblocks and to eliminate them.”

Visa is exploring new measures to encourage compliance, Coghlan said. “I think we could be more effective if we could add incentives—not just penalties—to the mix,” he said. “For example, I’d like to find ways to provide benefits to merchants and acquirers that comply with PCI and to software providers that make sure that their code doesn’t inappropriately store customer data.”

Retailers who aren’t PCI compliant could be fined up to $500,000. Merchants have complained that the PCI standard—which has 12 rules and 200 detailed sub-requirements—is too complex and confusing.