February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Identity Management in Big Business | Main | 5 Hard Security Lessons Learned »

October 30, 2007
Visa Sets Own PCI Standard

With another PCI standard having come and gone this past Sep. 30th, and my blog at the time read, Many Companies Will Fail PCI Deadline, and with most of the headlines reading, it was high time someone stepped up to do something to secure credit card data.

Visa has done exactly that, calling it Payment Application Best Practices (PABP). All companies who collect credit card data will have to adhere to the following, with the final deadline July 1, 2010. And while Visa really cannot force software payment vendors to do anything, Visa customers will be prohibited from buying the software unless it meets the following requirements on said date:

Jan 1. 2008: Any new merchants that want to be authorized for payment card transactions will have to be using only PABP-validated applications. After this date, VisaNet processors and agents cannot certify new payment applications to their platforms if they are known to vulnerable.
July 1, 2008: VisaNet processors and agents must only certify new payment applications to their platforms that are PABP-compliant.
Oct. 1, 2008: Level 3 and 4 merchants that have just been authorized to accept card transactions must be PCI DSS compliant or use PABP-compliant applications. Level 3 merchants process between 20,000 and 1 million e-commerce transactions a year through Visa. Level 4 merchants have fewer than 20,000 e-commerce transactions per year -- and all other merchants, regardless of acceptance channel, which process fewer than 1 million Visa transactions annually. Acceptance channels refers to how transactions are conducted, online, in person or by phone, for instance.
Oct. 1, 2009: VisaNet processors and agents are required to decertify all vulnerable payment applications, meaning that companies still using them will no longer be PCI compliant.
July 1, 2010: After this date, all merchants, VisaNet processors and agents are require to use only PABP-compliant payment applications.

For more information directly from Visa, click here.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2815

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map