Tag Archives: visa

Visa excludes U.S. merchants to spur secure card adoption – Computerworld

Visa has excluded U.S. businesses from a worldwide program that encourages merchants to deploy more secure payment terminals, because of what it claims is the uncertainty surrounding new debit card rules.

via Visa excludes U.S. merchants to spur secure card adoption – Computerworld.

PCI for Corporate Franchise Servicer

Last week, Visa officially brought corporate franchisors into the world of Level 1 merchant service providers by requiring them to register as Third-Party Agents, with all that that implies. At one level, the increased visibility, attention to PCI compliance and stricter validation regime should reduce data breaches at unsecure franchise locations.

via StorefrontBacktalk » Search Results » corporate franchise servicer.

Roundup of largest data breaches / incidents

records date organizations
130,000,000 2009-01-20 Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank
94,000,000 2007-01-17 TJX Companies Inc.
90,000,000 1984-06-01 TRW, Sears Roebuck
76,000,000 2009-10-05 National Archives and Records Administration
40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express
26,500,000 2006-05-22 U.S. Department of Veterans Affairs
25,000,000 2007-11-20 HM Revenue and Customs, TNT
17,000,000 2008-10-06 T-Mobile, Deutsche Telekom
16,000,000 1986-11-01 Canada Revenue Agency
12,500,000 2008-03-26 LaSalle Bank, BNY Mellon Shareowner Services, Archive Systems Inc, The Walt Disney Company, SYNOVUS

Visa Raises The Bar For PA-DSS Applications And Vendors

For example, using a PA-DSS validated application by itself does not make you PCI compliant. Rather, you still need to implement the application according to the vendor’s implementation guide (which is sometimes an issue when resellers are involved), and you have to implement it in a PCI-compliant environment.

via StorefrontBacktalk » Blog Archive » Visa Raises The Bar For PA-DSS Applications And Vendors.

Visa offers new guidance on securing payment applications – Computerworld

Visa on Tuesday announced a set of security best practices for vendors of payment applications and for the systems integrators and resellers responsible for implementing and managing them.

The guidelines are designed to address continuing vulnerabilities in the payment chain stemming from insecure implementations of the applications that are used in credit and debit card transactions, according to Eduardo Perez, Visa’s head of global payment system security.

via Visa offers new guidance on securing payment applications – Computerworld.

Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ —

Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS).

via Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ —.

Visa Clarifies Security Rules

This week Visa Inc. said it’s going to reduce unnecessary storage of sensitive card information in merchant payment systems. Specifically, Visa is clarifying that existing operating regulations ensure acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit card number.

“By reducing the amount of vulnerable data in merchant systems that must be protected from compromise, merchants can see greater security as well as more streamlined compliance needs,” said Visa’s Eduardo Perez, head of global payment system security, in a statement.

via Visa Clarifies Security Rules.

Visa tightens rules for small sellers • The Register

From 1 July small and medium enterprises using electronic point of sale terminals and e-commerce systems need to reach basic compliance with an entry-level version of the standard or face higher merchant fees or, in extreme cases such as in the aftermath of security breaches, the withdrawal of merchant statuses.

Larger firms need to comply with the full versions of the PCI DSS standard by 30 September.

via Visa tightens rules for small sellers • The Register.

Tokenization and encryption for #PCI compliance

Tokenization and encryption may be the best solution to one of the biggest data-security challenges facing merchants: how to protect confidential payment card information against emerging threats without disrupting normal business operations. That’s according to a security brief released on Tuesday by RSA, the Security Division of EMC. Security experts from processor First Data Corp. and Visa Inc. also contributed to the report

via News.