Secure Payments, PCI DSS, Regulatory Compliance Blog

Archive for the ‘Card Brands’ Category

Trust but Verify your POS system

Thursday, February 28th, 2008 Posted in Banking, Card Brands, Merchant, Payment Applications, pa-dss | 3 Comments »

Jay from the USA asks: If our acquirer provided POS systems, do we need to make sure that the acquirer’s equipment and websites are PCI DSS compliant? I've always said that you should "Trust but Verify"!  It is very common for a ...

Can’t we all just not store cardholder data?

Friday, February 8th, 2008 Posted in Card Brands, Merchant, PCI DSS | 6 Comments »

I was talking today with someone about the fact that you really don't need to store the cardholder data (not even the PAN) after authorization and was reminded of the the PDF that's online regarding something similar.  Eliminating Storage of ...

What is a Level 4 merchant?

Wednesday, February 6th, 2008 Posted in Card Brands, Compliance, Merchant | No Comments »

Since Visa has been reporting significantly higher compliance levels among Level 1-2 merchants, it is important to focus on the smaller merchant community. I was discussing this with a friend who asked, "What is a Level 4 merchant?" ...

Visa reports high compliance numbers

Thursday, January 24th, 2008 Posted in Card Brands, Compliance, Merchant | 4 Comments »

Visa announced in a press release (1/22/2007) that their compliance numbers for 2007 are very high. Visa Inc. announced today that as of the end of 2007, more than three-fourths of the largest U.S. merchants [Level 1] and nearly two-thirds of ...

TJX and Issuer Banks settlement

Monday, December 3rd, 2007 Posted in Banking, Card Brands, Credit Card Fraud, Merchant | 2 Comments »

Many of you have already heard about the TJX settlement with the Issuing Banks (not-Visa).  Although the case may involve Visa, it is only as an intermediary.  It is the Issuing banks that had to cover fraudulent charges that are ...

PCI SSC adopts PABP as PA-DSS

Wednesday, November 7th, 2007 Posted in Card Brands, Merchant, PCI PIN, Payment Applications, Point of Sale, pa-dss | 4 Comments »

In early September the PCI SSC added the PIN Entry Device (PED) standard to its dossier of oversight items. Then at the end of September they announced the success of the first ever Community Meeting for Participating Organizations. Now in ...

Visa Payment Application Mandates and Deadlines

Tuesday, October 30th, 2007 Posted in Card Brands, Merchant, Payment Applications | 4 Comments »

As many people have noted, Visa released their Payment Application Security Mandates last week. Visa will implement a series of mandates, beginning January 1, 2008, to eliminate the use of vulnerable payment applications from the Visa payment system. ... These mandates ...

Compliance Stats Q3 2007

Friday, October 19th, 2007 Posted in Card Brands, Compliance | 2 Comments »

You should check out the newly released compliance statistics for Q3 2007. 98% of Level 1 and 2 merchants confirmed that they do not store prohibited data. Acquirers of Level 1 and 2 merchants that continue to store prohibited data are ...

Visa CAP deadlines and end of quarter changes

Thursday, October 11th, 2007 Posted in Card Brands, Compliance, Payment Applications | No Comments »

As you may have noticed things have been slow here, due mainly to all the work happening in September. The end of Q3 2007 has been one of the busiest times for PCI DSS compliance. Visa consolidated many of their ...

Electron and Maestro cards in scope for PCI DSS compliance

Saturday, September 15th, 2007 Posted in Card Brands, Compliance, Europe, PCI DSS | 11 Comments »

After teaching a class of QSAs in Prague, one of the questions asked was if Visa Electron and Maestro cards are considered in-scope for PCI DSS compliance. This is a very important question because many, if not all, of the bank/debit ...
« Previous Entries
Next Entries »