Tag Archives: visa

Visa targets online marketing ‘scam’

Retailers will no longer be able to allow third parties to charge a customer’s card without the card owner re-entering credit card information, Visa said Tuesday. This is Visa’s response to one of the biggest scandals to rock online retailing in years.

via Visa targets online marketing ‘scam’ | Media Maverick – CNET News.

PCI Conundrum Of The Week: When Plastic Meets Paper

This situation involves the U.S. government’s General Services Administration GSA and some GSA interactions enjoyed by Benjamin Moore & Co. the paint people. The conflict cropped up when the chain was dealing with some military accounts in Hawaii. The issue comes down to needing that payment card copy in the files tax-exempt rules but being unable to save the copy of a Visa payment card PCI rules.

via StorefrontBacktalk » Blog Archive » PCI Conundrum Of The Week: When Plastic Meets Paper.

3-D Secure (3DS) – Verified by Visa insecure

Security Researchers in the UK say that the 3-D Secure (3DS) system for credit card authorization, a protocol that was “developed by Visa to improve the security of Internet payments,” has significant security weaknesses. It is used by both of the ginormous card brands, known as “Verified by Visa” and “MasterCard SecureCode.”

via The Forrester Blog For Security & Risk Professionals.

Heartland Agrees to $60M Settlement with Visa over Breach

Heartland Payment Systems agrees to pay as much as $60 million to Visa to address losses by credit and debit cardholders affected by the data breach Heartland suffered in 2008.

Heartland Payment Systems on Jan. 8 announced that it has agreed to pay up to $60 million to Visa to cover losses to credit and debit cardholders affected by the massive data breach Heartland suffered in 2008

via Heartland Agrees to $60M Settlement with Visa over Breach – Security from eWeek.

MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline

The first MasterCard change made this month was pushing the Dec. 31, 2010, deadline back six months, to June 30, 2011. But MasterCard has also made two other key PCI changes. It has redefined what Level a retailer is (Level 1, 2, 3 or 4) to explicitly mirror whatever level Visa has determined. (The language used to say “competing brand.”) The last of the changes is to allow Level 1 and Level 2 retailers to perform their own assessments—using the retailer’s own salaried audit staff—as long as those audit staffers have passed PCI-approved training courses.

via StorefrontBacktalk » Blog Archive » MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline.

Visa creates guidance for merchants wanting to encrypt #PCI

Visa on Monday released a best practices document for merchants considering adoption of end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing.

The guidance is meant to fill a temporary void until industry standards are established by the American National Standards Institute, Jennifer Fischer, senior business leader in Visa’s payment system risk division, told SCMagazineUS.com on Monday.

via Visa creates guidance for merchants wanting to encrypt – SC Magazine US.

PCI Report Poses a Quandary: Where Did 1.5 Million Merchants Go?

Visa’s latest report, posted in mid-August, reveals another curious numerical quirk. It estimates the number of Level 4 merchants at about 5 million. But in a PCI report for June 2007, Visa estimated the number of Level 4 merchants at about 6.5 million, says Gartner Inc. technology and security analyst Avivah Litan. She interprets that reduction to be a result of PCI causing networks and acquirers to look hard at where their transactions come from and thus make their counting more accurate. “PCI is forcing Visa to get a better handle on who’s connecting to them,” she says.

via News.

MasterCard Vs. Visa: Dueling Compliance Philosophies

People don’t seem to “get” MasterCard. For most of the last 4 years, MasterCard has been criticized for their apparent willingness to let Visa play the “bad guy” who issues fines to acquiring banks (and, through them, to merchants), who extends the PCI standards to application vendors (through PABP, now PA-DSS) and who generally takes the heat for PCI.

via StorefrontBacktalk » Blog Archive » MasterCard Vs. Visa: Dueling Compliance Philosophies.

Making PCI Stand For Coordination & Impact : Daniel Wallace

Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement.

Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand.

For example, a merchant that processes 2 million credit card transactions will not necessarily be a Level 2 retailer. What matters for purposes of this requirement is the number of MasterCard transactions. You may have 800,000 MasterCard transactions, 600,000 Visa transactions, and 600,000 transactions with American Express.

via Making PCI Stand For Coordination & Impact : Information Security Resources.