Retailers will no longer be able to allow third parties to charge a customer’s card without the card owner re-entering credit card information, Visa said Tuesday. This is Visa’s response to one of the biggest scandals to rock online retailing in years.
This situation involves the U.S. government’s General Services Administration GSA and some GSA interactions enjoyed by Benjamin Moore & Co. the paint people. The conflict cropped up when the chain was dealing with some military accounts in Hawaii. The issue comes down to needing that payment card copy in the files tax-exempt rules but being unable to save the copy of a Visa payment card PCI rules.
Security Researchers in the UK say that the 3-D Secure (3DS) system for credit card authorization, a protocol that was “developed by Visa to improve the security of Internet payments,” has significant security weaknesses. It is used by both of the ginormous card brands, known as “Verified by Visa” and “MasterCard SecureCode.”
Heartland Payment Systems agrees to pay as much as $60 million to Visa to address losses by credit and debit cardholders affected by the data breach Heartland suffered in 2008.
Heartland Payment Systems on Jan. 8 announced that it has agreed to pay up to $60 million to Visa to cover losses to credit and debit cardholders affected by the massive data breach Heartland suffered in 2008
The first MasterCard change made this month was pushing the Dec. 31, 2010, deadline back six months, to June 30, 2011. But MasterCard has also made two other key PCI changes. It has redefined what Level a retailer is (Level 1, 2, 3 or 4) to explicitly mirror whatever level Visa has determined. (The language used to say “competing brand.”) The last of the changes is to allow Level 1 and Level 2 retailers to perform their own assessments—using the retailer’s own salaried audit staff—as long as those audit staffers have passed PCI-approved training courses.
Visa on Monday released a best practices document for merchants considering adoption of end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing.
The guidance is meant to fill a temporary void until industry standards are established by the American National Standards Institute, Jennifer Fischer, senior business leader in Visa’s payment system risk division, told SCMagazineUS.com on Monday.
Rising processing costs and Visa Inc.’s mandate that point-of-sale terminals be upgraded to do Triple-DES encryption for PIN-based debit transactions are prompting gas sellers to rethink PIN debit acceptance.
Visa’s latest report, posted in mid-August, reveals another curious numerical quirk. It estimates the number of Level 4 merchants at about 5 million. But in a PCI report for June 2007, Visa estimated the number of Level 4 merchants at about 6.5 million, says Gartner Inc. technology and security analyst Avivah Litan. She interprets that reduction to be a result of PCI causing networks and acquirers to look hard at where their transactions come from and thus make their counting more accurate. “PCI is forcing Visa to get a better handle on who’s connecting to them,” she says.
People don’t seem to “get” MasterCard. For most of the last 4 years, MasterCard has been criticized for their apparent willingness to let Visa play the “bad guy” who issues fines to acquiring banks (and, through them, to merchants), who extends the PCI standards to application vendors (through PABP, now PA-DSS) and who generally takes the heat for PCI.
Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement.
Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand.
For example, a merchant that processes 2 million credit card transactions will not necessarily be a Level 2 retailer. What matters for purposes of this requirement is the number of MasterCard transactions. You may have 800,000 MasterCard transactions, 600,000 Visa transactions, and 600,000 transactions with American Express.