Deliver Your News to the World

Visa Inc. Sets Software Security Deadlines


Use of Secure Payment Applications Required Across Visa Regions.

Visa Inc. (NYSE: V) today announced global requirements for financial institutions to ensure their merchant customers and agents use secure payment applications that do not store prohibited data elements and adhere to the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS).

The PA-DSS is a global set of security requirements for software vendors who develop payment applications. PA-DSS compliant applications do not store prohibited data such as track data, sensitive authentication data, or PIN data, helping merchants and agents who use them mitigate compromises and support overall compliance with the Payment Card Industry Data Security Standard (PCI DSS).

In Asia Pacific (AP); Central and Eastern Europe, Middle East and Africa (CEMEA); and Latin America and the Caribbean (LAC), Visa acquirers must ensure that newly signed merchants use PA-DSS compliant applications by 1 July 2010. By 1 July 2012, those acquirers must ensure existing merchants and agents in the Visa network use PA-DSS compliant applications.

As previously communicated to U.S. and Canada financial institutions, Visa acquirers must ensure that all new and existing merchants and agents in the Visa network use PA-DSS compliant applications by 1 July 2010.

Visa research confirms that vulnerable payment applications are a major cause of compromise incidents, particularly among small merchants. “Criminals are targeting certain versions of software known to have security vulnerabilities,” said Eduardo Perez, head of global data security, Visa Inc. “It’s essential that every business that handles payment card information adhere to the highest data protection standards to protect the security and privacy of their customers’ financial information,” Perez said.

Visa recommends that merchants and agents ask their payment application vendors, resellers or system integrators to confirm that software versions used do not store magnetic-stripe, PIN data or security codes. “Merchants with vulnerable payment applications should move quickly to either patch or upgrade their systems,” Perez said.

A list of products that have been independently validated against Visa’s Payment Application Best Practices (PABP) or the PA-DSS can be found at or


This news content was configured by WebWire editorial staff. Linking is permitted.

News Release Distribution and Press Release Distribution Services Provided by WebWire.