PCI DSS and Regulatory Compliance Blog

Carrot and Stick of PCI Compliance

January 26th, 2007 Posted in Card Brands, Compliance

carrotstick.jpgDavid Press has a nice article in the Green Sheet that outlines the Visa PCI Compliance Acceleration Program (CAP). We have written about this before and provide digest details for non-compliance fines.

It is important to note that Level 1 merchants and service providers remember the following dates:

  • March 31, 2007 - must complete attestation, signed by an officer of the corporation, stating that no: Track data, PIN block data, or CVV2/CVC2 data is stored — else fines of $10,000 per month.
  • Sept. 30, 2007 - must be compliant or monthly fines of $5,000 are levied.
  • Dec. 31, 2007 - must be compliant or monthly fines of $25,000 are levied.

It has been almost 2.5 years since the original deadline for compliance on September 30, 2004. Companies that have not met the compliance requirements are in for a rude awakening. Hopefully you started the process long ago and are just finishing up now.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

  1. 2 Trackback(s)

  2. Feb 17, 2007: PCI Awareness Month at PCI and Data Security Compliance
  3. Mar 2, 2007: The “multiples” of not complying at PCI Compliance Demystified

Post a Comment