VISA USA GIVES ACQUIRERS DEADLINE TO SUBMIT PCI PLANS FOR LEVEL 4 MERCHANTS
July 07, 2007Merchant acquirers working with Visa USA have until July 31 to submit a summary of their plans for small-merchant compliance with the Payment Card Industry data-security standard. Those smaller, so-called Level 4 merchants, which process fewer than 20,000 card transactions per year, have accounted for 80% of the known data compromises since Jan. 1, 2005.
Visa wants acquirers to detail how they will identify, prioritize and manage overall risk among Level 4 merchants. Separately, Visa and the National Federation of Independent Business are teaming to offer the federation's approximately 350,000 members free data-security information. Visa is placing the highest priority on ensuring small businesses are not retaining prohibited cardholder data, such as magnetic stripe information, after a transaction has been authorized.
Scheduled to launch Aug. 1 on the federation's Web site, the service will include educational materials and tools, such as a federation-developed booklet on data security. The booklet incorporates security information from Visa but uses words that are easier for individuals not familiar with the payments industry to understand, a federation spokesperson tells CardLine sister publication ISO&Agent Weekly. The Washington, D.C.-based trade group also is considering producing Web seminars or presentations that can be used locally to educate small-business owners, the spokesperson adds.