Merchants to get PCI DSS compliance before February 1, as required by Visa

February 1 is the deadline set by Visa for merchants and service providers that accept credit cards - particularly those that store customer credit card details in an electronic format and handle online credit card payments to undergo the registration for compliance with the Payment Card Industry Data Security Standards and thus join Visa’s list of verified safe providers. Visa reports that it has created a consistent framework for compliance among merchants, service providers and their agents which includes a global set of requirements for merchants to validate compliance with PCI DSS, as well as dates for the largest merchants to reach full compliance.

Earlier this month Visa which operates the world's largest retail electronic payment network introduced a Registry of Service Providers in Asia Pacific for payment service providers to report PCI DSS compliance. An annual registration fee charged by the credit card company is US$5000. Validation requirements vary according to such factors as transaction volume. Merchants processing over 6 million Visa transactions annually (Level 1) are required to file an annual compliance report as assessed by a qualified security assessor and submit to a quarterly network scan by Approved Scan Vendor. Merchants processing 1 million to 6 million transactions (Level 2) must submit an annual self assessment and a quarterly network scan.

In addition Visa also set the deadlines for large and mid-level merchants to demonstrate they are not storing certain types of sensitive card data. Starting from September 30, 2009 Visa will require Level 1 and 2 merchants cease retaining sensitive payment card data such as full magnetic stripe, security codes or PIN data after transaction authorisation. After the deadline those providers who failed to provide confirmation to Visa that each of the acquirer's Level 1 and 2 merchants do not retain prohibited data will be imposed impose risk controls including fines on the part of Visa.