Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)"

Transcription

1 (For use in Asia Pacific, Central Europe, Middle East and Africa) January 2012

2 Contents 1 INTRODUCTION BACKGROUND PURPOSE OF DOCUMENT WHO NEEDS TO BE REGISTERED? WHY IS IT NECESSARY TO REGISTER THE AGENT? REGISTRATION PROCESS REGISTRATION PROCESS WHEN TO REGISTER HOW TO ACCESS THE VMM SYSTEM REGISTRATION FEES REGISTRATION NON-COMPLIANCE OTHER COMPLIANCE REQUIREMENTS VISA PROGRAM COMPLIANCE FREQUENTLY ASKED QUESTIONS REFERENCES AGENT WEBSITE THIRD PARTY COMPLIANCE REQUIREMENTS OTHER PROGRAM LINKS CONTACT GLOSSARY... 20

3 1 Introduction 1.1 Background Agents can be an effective resource for Visa clients to use when managing their acquiring and issuing programs. The Agent Registration Program is a Visa-mandated program enacted to ensure that Visa clients are in compliance with Visa Inc. Operating Regulations ( VIOR ) and policies regarding their use of Agents. Visa clients are required to perform due diligence reviews to ensure that they understand the Agent s business model, financial conditions, background and Payment Card Industry Data Security Standard (PCI DSS) compliance status (where applicable). Agent registration is required for all entities that provide Visa payment related services, directly or indirectly, to a Visa client (or on behalf of their merchants). January

4 1.2 Purpose of Document This document explains the Agent registration requirements for Visa clients and their agents. Visa s Agent registration program is intended to help the clients and Agents: Understand their accountabilities and responsibilities to the Visa payment system; Ensure their compliance with the Visa International Operating Regulations (VIOR) and regional operating regulation. These guidelines for Agent registration should serve as a reference for Visa clients and Agents when outsourcing Visa payment related services to Agents within and outside the Asia Pacific region. January

5 1.3 Who needs to be registered? Generally, an agent is an entity engaged to provide Visa paymentrelated services, directly or indirectly, to a Visa client (or on behalf of their merchants). An Agent can be a VisaNet Processor (VNP), Third Party, or both. A VisaNet Processor (VNP) is a Visa client or Visa approved non- Visa client that is directly connected to VisaNet and provides Authorization, Clearing, Settlement, or payment-related processing services for merchants or other Visa clients. A Third Party Agent (TPA) is an entity, not defined as a VisaNet Processor, that provides payment related services, directly or indirectly, to a Visa client and/or stores, transmits, or processes cardholder data. The different types of TPAs are: Independent Sales Organization (ISO) Merchant or cardholder solicitation activities and/or customer service Prepaid program solicitation activities and/or customer service Deploying and/or servicing ATMs High Risk Merchant solicitation, sales, customer service, merchant transaction solicitation and/or customer training for the following Merchant Category Codes (MCC): 5962, 5966, 5967, 7995, 5912, 5122 Encryption Support Organization (ESO) Deploys ATM, POS or kiosk PIN acceptance devices that process and accept cardholder PINs Manages encryption keys Third Party Servicers (TPS) Storing, processing or transmitting Visa account numbers on behalf of Visa clients Merchant Servicers (MS) Storing, processing or transmitting Visa account numbers on behalf of Visa clients acquired merchants January

6 Corporate Franchise Servicers (CFS) A CFS owns or operates a centralized or hosted network environment used by franchisees that can affect the franchisee s cardholder data environment if accessed by unauthorized parties. In some cases CFS entities also provide card payment processing services to franchisees through these network environments. Payment Service Providers (PSP) Contracting with Visa client to provide payment services to sponsored merchants. The term PSP replaces the old terminology IPSP which now includes all commerce type aggregation, including face-to-face in addition to ecommerce merchant aggregation. High Risk IPSPs (HRIPSP) Providing services to High Risk Internet Merchants (MCCs 5962, 5966, 5967, 7995, 5912, 5122) and stores, processes or transmits cardholder data and has a direct contract with the client Distribution Channel Vendors (DCV) Packaging, storing and shipping of non-personalized Visa products (e.g. warehouses, wholesalers, logistics companies) Instant Card Personalization Issuance Agent (ICPIA) Performs instant card personalization and issuance for the issuer that is generally a retailer or kiosk location Dynamic Currency Conversion (DCC) Providing currency conversion services to sponsored merchants at checkout 3-D Secure Access Control Services (ACS) Providing software protocol that enables secure processing of Verified by Visa transactions over the internet and other networks January

7 A third party does not include: Co branding partners Vendors listed on the list of Visa Approved Card Vendors (available from Visa Online) Exemption: A Third Party is exempted from the registration requirement and any associated fees if it provides services only on behalf of its affiliates (includes parents and subsidiaries) and those affiliates are Visa clients that own and control at least 25 percent of the third party agent. January

8 1.4 Why is it necessary to register the agent? Compliance with VIOR Under the Visa International Operating Regulations (VIOR), the Visa client has an obligation to register Agents with Visa. Agent Relationship The Agent registration database provides Visa and Visa clients with records of Agent relationships. This will help ensure that any obligations and liabilities as required by the VIOR relating to activities performed by the agents are recognized and are clearly associated to a Visa client. Risk Controls and Brand Protection It is the client s responsibility and liability to monitor the practices of its Agents. Visa clients are responsible that their Agents comply with the relevant standards and requirements, as specified in the VIOR and in the Third Party Agent Due Diligence Risk Standards (a copy can be downloaded from the Agent website). This reduces the risk to Visa, Visa clients, and Visa cardholders from brand damage and financial losses due to Agent compromises, operational errors, contractual issues, or other non-compliance with VIOR. January

9 2 Registration Process 2.1 Registration Process A Visa client using an Agent must: Step 1: Complete due diligence of the VisaNet Processor or Third Party Step 2: Register the Agent via the Visa Membership Management (VMM) system, a web-based workflow tool, which will replace the paper-based agent registration process, including the Exhibit 5E form Visa will dispatch a confirmation letter via to the client upon completion of the registration. Visa s acknowledgement of the registration does not imply that Visa approves or endorses the relationship with the Agent, or that the Agent complies with Visa requirements. 2.2 When to register BEFORE: Visa clients are required to properly register the Agent with Visa before the entity provides Visa-related services for the client. AFTER: Visa clients are required to notify Visa when: Designating additional services for the Agent Terminating the contract with the Agent Changing the status of the Agent, e.g. Change of Ownership and Name of entity (due to acquisition, merger, etc.) Change of Address (due to relocation, addition or closure of additional site within the same country) Change of Visa-related services Visa clients are required to notify Visa of any change of status within 5 business days of the change.

10 2.3 How to access the VMM system Visa client must first be enrolled with a Visa Online (VOL) login ID Click one of the following links for your regional VOL: o o Asia Pacific CEMEA You will need to register as a user of VMM as a Submitter or an Officer: o Submitter an employee of the institution that generally is not an Officer. A Submitter is granted access in the system, to create (but not approve) cases in the system. The Submitter submits the case to the Officer for approval before it is forwarded to Visa. o Officer an employee of the institution who is granted access in the system, to submit and approve changes, additions, and terminations. Generally, the Officer is the one who will forward the case to Visa. Every institution must designate at least one Officer. The Submitter role is not compulsory. January

11 3 Registration Fees There is no Agent registration fee for Visa clients in Asia Pacific, Central Europe, Middle East and Africa, but, Visa reserves the right in future to impose registration fees. January

12 4 Registration Non- Compliance A Visa client may be subject to fines starting at US$10,000 for the first violation in the following situations: Using a Third Party Agent or VisaNet Processor that has not been registered Using a Third Party Agent or VisaNet Processor that fails to comply with the VIOR. The schedule of fines is specified in the VIOR. January

13 5 Other Compliance Requirements 5.1 Visa Program Compliance Depending on the Visa payment related services the Agent provides, Visa may require the Agent to comply with one or more of Visa s compliance programs. The table below outlines the applicable Visa program and compliance standards per payment related service. The compliance standards can be downloaded from Payment Related Service Process Verified by Visa passwords Any Agent that that stores, processes and/or transmits: - Visa Account Numbers - CVV, CVV2, icvv2 - Other cardholder data Processes PINs for Visa Transactions Instant Card Issuance personalization Warehousing, packaging, distribution of prepaid cards (Distribution Channel Vendors) Visa Program Compliance Access Control Server (ACS) Account Information Security Program (AIS) PIN Security Program Instant Card Issuance Program (ICPIA) Approved Card Vendor Program (optional) 1 Applicable Security Standards PCI Data Security Standards 3-D Secure Security Requirements - Enrollment and Access Control Servers PCI Data Security Standards PCI PIN Security Standards Visa Global Instant Card Personalization Issuance Security Standards Visa Global Physical Security Validation Requirements for Data Preparation, Encryption Support and Fulfillment Card Vendors After registration, a Visa program manager will contact the Visa client to discuss compliance validation of the Agent. The Visa client is expected to complete the necessary due diligence of the Agent to ensure the Agent complies with the VIOR and the applicable security standards prior to Agent registration with Visa. 1 It is up to the Visa client and the Agent if they want the Agent to be enrolled and reviewed annually via the Visa Approved Card Vendor Program. Card Vendor Program participation is not mandatory. January

14 6 Frequently Asked Questions Q: What is the Agent Registration Program? A: The Agent Registration Program is a Visa-mandated program enacted to ensure that Visa clients are in compliance with Visa International Operating Regulations ( Visa Inc. rules ) and policies regarding their use of Agents. Q: What is a Third Party Agent? A: A Third Party Agent (also referred to as TPA ) is an entity, not directly connected to VisaNet, that provides payment-related services, directly or indirectly, to a Visa client (or their merchants) and/or stores, processes or transmits Visa account numbers. TPAs perform multiple functions on the issuing and acquiring side of a Visa client s business. Each function performed by the TPA must be registered by each Visa client that is utilizing those services. TPA functions that require registration are listed under item 1.3 of the Agent Registration Guidelines. Depending on the function the TPA performs, the TPA may be required to be approved under one or many of Visa s compliance programs. Visa clients will be notified by the individual program owner for further follow-up. Q: Why do I need to register the Agent? A: Visa wants to ensure that clients attest to having completed the required due diligence reviews, and that they are engaged with the Agent in a manner that is compliant with the VIOR. Q: Who needs to be registered? A: Agent registration is required for all entities performing solicitation activities and / or storing, processing or transmitting Visa account numbers for Visa clients (or on behalf of their merchants). January

15 Clients must register all Agents 2 regardless of whether the Agent has registered directly with Visa via the Visa Registry of Service Provider program. Visa client may be assessed a fine per Agent for not registering an Agent. Q: Who can register Agents? A: Only Visa clients can register Agents (including any Agents their merchants are using). Q: How does a Visa client register an Agent? A: Effective January 2012, Visa clients can register their Agents via the Visa Membership Management (VMM) system, a webbased workflow tool, which will replace the current paperbased agent registration process, including the Exhibit 5E form. Q: How do I access VMM? A: 1. You must first be enrolled with a Visa Online (VOL) login ID. 2. Click one of the following links for your regional VOL: Asia Pacific CEMEA 3. You will need to register as a user of VMM as a Submitter or an Officer: Submitter an employee of the institution that generally is not an Officer. A Submitter is granted access in the system, to create (but not approve) cases in the system. The Submitter submits the case to the Officer for approval before it is forwarded to Visa. Officer an employee of the institution who is granted access in the system, to submit and approve changes, additions, and terminations. Generally, the Officer is the one who will forward the case to Visa. Every institution must designate at least one Officer. The Submitter role is not compulsory. 2 An Agent is exempted from the registration requirements and any associated fees if it provides services only on behalf of its affiliates (includes parents and subsidiaries) and those affiliates are Visa client that own and control at least 25 percent of the third party agent. January

16 Q: Can I continue to use the current paper-based registration process, including the Exhibit 5E form? A: The VMM rollout will be implemented in six phases. Beginning on the effective date 3 for each country, clients will be required to register Agents using the online system. Registrations filed using the Exhibit 5E form, following a country s effective date, will be rejected, and clients will need to resubmit their registration using VMM. Q: How do I know my registration is accepted? A: Upon completion of the registration, a confirmation letter will arrive via to the Officer of the institution. Q: Can Agents register directly with Visa? A: Yes but this is a separate program to the Agent Registration program. In Asia Pacific an Agent can register directly with Visa via the Visa Registry of Service Providers program (VRSP). The Registry is a listing of service providers that provide payment related services to Visa client banks and the merchants. It serves as a source of reference for Visa client banks and merchants when selecting service providers for outsourcing Visa payment related services. For detailed information on the VRSP Program, please visit Note, clients must register all Agents regardless of whether the Agent has registered directly with Visa via the VRSP program. Q: What is the Visa client s responsibility in relation to Agents? A: Visa clients are responsible for their Agents; therefore, a Visa client must perform its own due diligence and weigh the operational and financial risks of utilizing the Agent. Visa clients are responsible for ensuring that their Agents comply with PCI DSS (where applicable) and Visa International Operating Regulations. Visa clients may be 3 Please refer to Visa Business News dated 1 December 2011 on Visa to Launch Online Agent Registration System for the Rollout Timeline. January

17 subject to fines and penalties for any Agent found to be out of compliance with the PCI DSS or Visa International Operating Regulations. Q: Is there a fee for Visa clients to register Agents? A: Currently, there are no fees applicable to Visa clients to register an Agent in Asia Pacific, Central Europe, Middle East and Africa, but Visa reserves the right in future to impose registration fees. Q: Prior to registering an Agent, what due diligence must a Visa client perform? A: Visa provides a minimum due diligence standard that all Visa clients must perform prior to registering an Agent. Visa s minimum standard includes basic background, financial and operational reviews. However, each Visa client is encouraged to increase the scope of review based on the Agent business type, services performed, relative program risk, Visa account data held or processed and the individual Visa client s internal risk appetite and requirements. Q: Can a Visa client register an Agent before the Agent validates PCI DSS compliance? A: Yes, if the Visa client registers an Agent prior to the Agent validating compliance, the Agent must be contracted with an approved Qualified Security Assessor (QSA), or commit to completing a Self Assessment Questionnaire (SAQ) and have an expected date of compliance. A list of QSAs can be found at Q: What does an Agent have to do to get registered? A: To start the registration process, Agents should contact their contracted Visa client. If the Agent has a contract with a Visa client s merchant, the Agent can pursue two avenues: 1) they can directly contact the merchant s Visa client (usually identified by asking the merchant for their acquiring/merchant bank contact information); or 2) Visa can facilitate the registration by contacting the merchant s Visa client on behalf of the Agent. January

18 Also, the Agent has the option to enroll in Visa s Registry of Service Providers (VRSP) Program. The Registry is a listing of service providers that provide payment related services to Visa client banks and the merchants. It serves as a source of reference for Visa client banks and merchants when selecting service providers for outsourcing Visa payment related services. For detailed information on the VRSP Program, please visit January

19 7 References 7.1 Agent Website For Agent Registration, go to Third Party Compliance Requirements For PCI DSS requirements, go to For PIN Security requirements, go to For 3-D Secure Access Control Server security requirements, go to Other Program Links For Account Information Security (AIS), go to For Visa Registry of Service Providers (Registry), go to For Adobe Reader download and installation, go to For Visa Online access application, go to Asia Pacific - CEMEA Contact For Agent Registration queries, please contact us at January

20 Glossary 3-D Secure Access Control Services (ACS) Account Number Acquirer Agent Application processing services ATM/POS terminal deployment services ATM/POS terminal maintenance services ATM transaction processing services Attestation of Compliance (AOC) Authorization Provider of a software protocol that enables secure processing of Verified by Visa transactions over the Internet and other networks. The 16-digit number that appears on the front of all valid Visa cards. The number is one of the card security features that should be checked by merchants to ensure that a cardpresent transaction is valid. A financial institution that enters into agreements with merchants to accept Visa cards as payment for goods and services. Commonly referred to as the merchant bank. An entity that acts as a VisaNet Processor (VNP), Third Party Agent (TPA), or both. A Third Party that processes applications for Visa cards on behalf of the issuer. A Third Party that installs ATMs or POS terminals. A Third Party that performs maintenance of ATMs or POS terminals, both hardware and software. A Third Party that processes Visa transactions originating through ATMs. This document, which is maintained by the PCI SSC, denotes who the QSA was that completed the ROC and includes the services that are provided by the entity being reviewed. An office of the entity being reviewed signs this to confirm the accuracy of the ROC. A process where an issuer, a VisaNet Processor, or Stand-In Processing approves a Transaction. This includes: Domestic Authorization International Authorization Offline Authorization January

21 Cardholder Cardholder Data Chargeback Customer Service Distribution Channel Vendor Encryption Support Organization (ESO) Independent Sales Organization (ISO) Instant Card Personalization Instant Card Issuance services Internet Payment An individual to whom a card is issued, or who is authorized to use this card. Data encoded in the card magnetic stripe such as cardholder name, card expiry date, CVV, etc. A formal process that allows an Issuer to charge the amount of sale back to the acquirer, because the acquirer or merchant has not complied with requirements for a Visa transaction. A Third Party that provides support for cardholder or merchant queries. A Third Party responsible for storage and shipping of premanufactured, commercially ready Visa Products (warehouses, card packagers, logistic companies) An ESO maintains a business relationship with a Plus/Interlink client that includes loading or injecting encryption keys into ATMs, terminals or PIN Pads and kiosks or loading software into a terminal or ATM which will accept Visa branded cards, merchant help desk support, including re-programming of terminal software. Entities using vendor supplied Remote Key Distribution techniques must ensure that such vendors are registered with Visa as ESOs. An organization that has a direct relationship with issuing and/or acquiring clients. Clients contract with ISOs to provide specific services such as merchant solicitation, cardholder solicitation, customer service and card application processing. ISOs act on behalf of Visa clients to deploy and/or service qualified ATMs, solicit other entities (i.e. merchant, corporate members, government entities, etc.) to sell, activate or load prepaid cards. The ability to instantly personalize Visa cards as the customer waits or to respond immediately to the request for an emergency replacement of a cardholder s lost or stolen card. A Third Party Agent that performs instant card personalization and issuance for the issuer. A Third Party that contracts with an acquirer to provide e- January

22 Service Provider (IPSP) Issuer Key management Loyalty program management Mail Order/Telephone Order Merchant (MO/TO) Managed Services Merchant Merchant Agreement Merchant Servicer (MS) Merchant Training Services Payment Card Industry Data Security Standard (PCI DSS) commerce payment services to a Sponsored Merchant. Also referred to as a Merchant Aggregator. A financial institution that issues Visa cards. The generation, transmission, storage, loading, safeguarding, use, and replacement of keys in a cryptography system. A Third Party Agent that provides management services for a Visa Clients loyalty program and has access to cardholder data. Business where the primary or a major source of income comes from merchandise or services sold by mail or telephone. Such transactions are frequently charged to customers payment card accounts. Services that are provided or facilitated by the CFS agent over centralized or hosted network environments to the franchisees such as property management systems, inventory control systems, menu distribution systems, etc. A principal or entity entering into a card acceptance agreement with a Visa member financial institution. A contract between a merchant and an acquirer containing their respective rights, duties, and obligations for participation in the acquirer s Visa or Visa Electron Program. An organization that stores, processes, or transmits Visa account numbers on behalf of the member s merchant. A Merchant Servicer has a contract with a client s merchant (although not necessarily with the client) and provides specific merchant services (e.g. online shopping carts, payment gateways, hosting facilities, data storage, and authorization and/or clearing and settlement messages). A Third Party who provides terminal, fraud, or card acceptance training for merchants. A comprehensive set of international security requirements established by the Payment Card Industry to protect cardholder data. These requirements apply to all Visa clients, merchants, and Third Party Agents that store, process, or January

23 transmit cardholder data. Payment Card Industry Security Standards Council (PCI SSC) The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. Payment Gateway Payment Service Provider (PSP) Personal Identification Number (PIN) PIN transaction processing at POS Terminal Prepaid Card Prepaid solicitation, sales, activation, and/or loading Report of Compliance (ROC) Self-Assessment Questionnaire (SAQ) A system that provides electronic commerce services to merchants for the Authorization and Clearing of Electronic Commerce Transactions. An entity that contracts with an Acquirer to provide payment services to a Sponsored Merchant. A personal identification alpha or numeric code that identifies a cardholder in an Authorization Request originating at a terminal with Authorization-Only or Data Capture-Only Capability. A third party that processes Visa transactions containing PINs originating from Point-of-Sale (POS) terminals A card used to access funds in a Prepaid Account or a card where monetary value is stored on a Chip. A Third Party that distributes prepaid Visa cards to merchants or end sellers, provides prepaid activation or load services. Report containing details documenting an entity s compliance status with the PCI DSS. The PCI DSS SAQ is a validation tool for merchants and service providers that are not required to undergo an on-site data security assessment per the PCI DSS Security Assessment Procedures. The purpose of the SAQ is to assist organizations in self-evaluating compliance with the PCI DSS, January

24 and you may be required to share it with your acquiring bank. The SAQ version D has been developed for all service providers defined by a payment brand as eligible to complete an SAQ. Settlement Sponsored Merchant Solicitation Third Party Agent (TPA) Third Party Agent Registration Third Party Servicer (TPS) Verified by Visa Visa Client The reporting and transfer of Settlement Amounts owed by one Client to another, or to Visa, as a result of Clearing. An electronic-commerce merchant that contracts with a Payment Service Provider (PSP). The PSP performs some or all of the sponsored merchant s payment-related operations on its behalf. The sponsored merchant must meet all card acceptance requirements in the Visa International Operating Regulations, with the single exception that it may have a contract with a PSP, rather than an acquirer. A Third Party that solicits for new cardholders or merchants. An entity that is not defined as a VisaNet Processor that provides payment-related services, directly or indirectly, to a Visa client and/or stores, transmits, or processes cardholder data. A TPA must be registered by all Visa clients utilizing their services, directly or indirectly. Third Party Agents must enroll with Visa prior to providing any services on behalf of a financial institution or merchant. This process is completed through the Visa Membership Management tool (VMM). An organization that stores, processes, or transmits Visa account numbers. The TPS has a direct relationship with the Visa client. Validates a cardholder s ownership of an account in real time during an online Visa card transaction. When the cardholder clicks buy at the checkout of a participating merchant, the merchant server recognizes the registered Visa card and the Verified by Visa screen automatically appears on the cardholder s desktop. The cardholder enters a password to verify his or her identity and the Visa card. The issuer then confirms the cardholder s identity. An organization which is a client of Visa and which issues cards and/or signs merchants. January

25 VisaNet VisaNet Processor (VNP) The data processing systems, networks and operations which are used to support and deliver authorization services, exception file services, clearing and settlement services and any other services. A Visa client or Visa-approved non-client that is directly connected to VisaNet and provides authorization, clearing, or settlement services to merchants and/or clients. January

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa) Agent Registration Program Guide (For use in Asia Pacific, Central Europe, Middle East, Africa) Version 1 April 2014 Contents 1 INTRODUCTION... 3 1.1 ABOUT THIS GUIDE... 3 1.2 WHO NEEDS TO BE REGISTERED?...

More information

THIRD PARTY AGENT REGISTRATION PROGRAM

THIRD PARTY AGENT REGISTRATION PROGRAM THIRD PARTY AGENT REGISTRATION PROGRAM Frequently Asked Questions For the U.S., Canada and Latin America & Caribbean Regions General Information Q. What is the Third Party Agent Registration Program? A.

More information

Third Party Agent Registration Program Frequently Asked Questions

Third Party Agent Registration Program Frequently Asked Questions Third Party Agent Registration Program Frequently Asked Questions U.S., Canada and Latin America & Caribbean Regions General Information What is the Third Party Agent Registration Program? The Third Party

More information

Guide to Visa Inc. Agents

Guide to Visa Inc. Agents Guide to Visa Inc. Agents AGENT VisaNet Processor Third Party Agent Client Acquiring VNP PF HRIPSP DCC ESO Client VNP acting as Service Provider ISO DCV Third Party VNP ISO-Merchant ICPIA ISO-Cardholder

More information

Registry of Service Providers

Registry of Service Providers Registry of Service Providers Program Guide Contents 1 2 1.1 What is the Registry of Service Providers? 2 1.2 Who can register? 3 1.3 Why register with Visa? 3 1.4 Implications for Visa Clients 4 2 5 2.1

More information

Guide to Visa Inc. Agents

Guide to Visa Inc. Agents Guide to Visa Inc. Agents AGENT VisaNet Processor Third Party Agent PF DCC Client Acquiring VNP HRIPF ESO Client VNP acting as Service Provider ISO-Merchant ISO DCV ICPIA Third Party VNP ISO-Cardholder

More information

Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions

Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions Independent Sales Organizations (ISO) ISO Merchant (ISO M) Conducts merchant account or transaction processing solicitation,

More information

Third Party Agent Registration and PCI DSS Compliance Validation Guide

Third Party Agent Registration and PCI DSS Compliance Validation Guide Visa Europe Third Party Agent Registration and PCI DSS Compliance Validation Guide May 2016 Version 1.3 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration Process...

More information

Registration and PCI DSS compliance validation

Registration and PCI DSS compliance validation Visa Europe A Guide for Third Party Agents Registration and PCI DSS compliance validation October 2015 Version 1.1 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

University Policy Accepting Credit Cards to Conduct University Business

University Policy Accepting Credit Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance

More information

A Compliance Overview for the Payment Card Industry (PCI)

A Compliance Overview for the Payment Card Industry (PCI) A Compliance Overview for the Payment Card Industry (PCI) Many organizations are aware of the Payment Card Industry (PCI) and PCI compliance but are unsure if they are doing everything necessary. This

More information

Your Compliance Classification Level and What it Means

Your Compliance Classification Level and What it Means General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February

More information

University Policy Accepting and Handling Payment Cards to Conduct University Business

University Policy Accepting and Handling Payment Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

Frequently Asked Questions

Frequently Asked Questions I ccount Information System (IS) Program Frequently sked Questions Q What is IS? ccount Information Security, or IS, is a Risk Management program by Visa aimed to protect account and/or transaction information

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 1.1 February 2008 Table of Contents About this Document... 1 PCI Data Security Standard

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

PCI DSS Compliance. 2015 Information Pack for Merchants

PCI DSS Compliance. 2015 Information Pack for Merchants PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document

More information

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY Acquiring Bank The bank or financial institution that accepts credit and/or debit card payments for products or services on behalf

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Third Party Risk Management Basics. Webinar. 26 February 2015

Third Party Risk Management Basics. Webinar. 26 February 2015 Third Party Risk Management Basics Webinar 26 February 2015 Stan Hui Payment System Security Oscar Munoz Third Party Risk Roxanne Baumann Third Party Risk Disclaimer The information or recommendations

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Why Is Compliance with PCI DSS Important?

Why Is Compliance with PCI DSS Important? Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder

More information

Global PCI DSS Framework. Emöke Bitter Business Leader, Risk Management 26 February 2009

Global PCI DSS Framework. Emöke Bitter Business Leader, Risk Management 26 February 2009 Global PCI DSS Framework Emöke Bitter Business Leader, Risk Management 26 February 2009 Agenda Introduction Merchants Service Providers Registry of Service Providers Payment Applications Resources Information

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

Merchant Service Group, LLC Compliance Q & A

Merchant Service Group, LLC Compliance Q & A GENERAL ISO INFORMATION 1. What name(s) can an ISO use when selling? * ISO can only solicit using their corporate or DBA name that has been registered and approved with the Associations. * All additional

More information

P R O G R E S S I V E S O L U T I O N S

P R O G R E S S I V E S O L U T I O N S PCI DSS: PCI DSS is a set of technical and operational mandates designed to ensure that all organizations that process, store or transmit credit card information maintain a secure environment and safeguard

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Adyen PCI DSS 3.0 Compliance Guide

Adyen PCI DSS 3.0 Compliance Guide Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

WHITE PAPER. PCI Basics: What it Takes to Be Compliant WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard Abhinav Goyal, B.E.(Computer Science) MBA Finance Final Trimester Welingkar Institute of Management ISACA Bangalore chapter 13 th February 2010 Credit Card

More information

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as

More information

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP cliftonlarsonallen.com PCI Compliance What is New in Payment Card Industry Compliance Standards October 2015 Overview PCI DSS In the beginning Each major card brand had its own separate criteria for implementing

More information

Securing The Data. Payment System Forum Bank Negara Malaysia. 27 th November 2014. Murugesh Krishnan Head of Risk, South & Southeast Asia

Securing The Data. Payment System Forum Bank Negara Malaysia. 27 th November 2014. Murugesh Krishnan Head of Risk, South & Southeast Asia Securing The Data Payment System Forum Bank Negara Malaysia 27 th November 2014 Murugesh Krishnan Head of Risk, South & Southeast Asia Disclaimer Case studies, statistics, research and recommendations

More information

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0 Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission

More information

Frequently Asked Questions

Frequently Asked Questions Contents CISP Program Overview... 2 1. To whom does CISP apply?...2 2. What does VISA define as "cardholder data"?...2 3. What if a merchant or service provider does not store Visa cardholder data?...2

More information

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m. Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

AISA Sydney 15 th April 2009

AISA Sydney 15 th April 2009 AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks

More information

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,

More information

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to: What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International

More information

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.

More information

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education PCI in Higher Education Walter Conway, QSA 403 Labs, LLC Walt Conway PCI consultant, blogger, trainer, speaker, author Former Visa VP Help schools become PCI compliant Represent Higher Education at PCI

More information

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW David Kittle Chief Information Officer Chris Ditmarsch Network & Security Administrator Smoker Friendly International / The Cigarette Store Corp

More information

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines? Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

Section 1: Assessment Information

Section 1: Assessment Information Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the service provider s self-assessment with the Payment Card Industry Data

More information

Payment Security teleconference

Payment Security teleconference Payment Security teleconference PCI DSS Compliance Validation Options 27 th March 2014 Michael Christodoulides and Louise Hunt All information correct at time of presentation Introduction Barclaycard has

More information

Visa PIN Security Program Webinar May 2015. Alan Low PIN Risk Representative AP and CEMEA. Visa Public

Visa PIN Security Program Webinar May 2015. Alan Low PIN Risk Representative AP and CEMEA. Visa Public Visa PIN Security Program Webinar May 2015 Alan Low PIN Risk Representative AP and CEMEA Disclaimer The information or recommendations contained herein are provided "AS IS" and are intended to be information

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP 2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate

More information

Visa MasterCard Registration Procedures

Visa MasterCard Registration Procedures Effective May Visa Term Definition Registration Requirements Forms Initial Registration Annual Renewal An organization or individual, which is not a Member, whose *Enhanced /Service Provider bankcard-related

More information

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry

More information

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council. PCI FAQ And MYTHS FREQUENTLY ASKED QUESTIONS (FAQ): Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process,

More information

PAI Secure Program Guide

PAI Secure Program Guide PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you

More information

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information

More information

D. DFA: Mississippi Department of Finance and Administration.

D. DFA: Mississippi Department of Finance and Administration. MISSISSIPPI DEPARTMENT OF FINANCE AND ADMINISTRATION ADMINISTRATIVE RULE PAYMENTS BY CREDIT CARD, CHARGE CARD, DEBIT CARDS OR OTHER FORMS OF ELECTRONIC PAYMENT OF AMOUNTS OWED TO STATE AGENCIES The Department

More information

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

PCI DSS Gap Analysis Briefing

PCI DSS Gap Analysis Briefing PCI DSS Gap Analysis Briefing The University of Chicago October 1, 2012 Walter Conway, QSA 403 Labs, LLC Agenda The PCI DSS ecosystem - Key players, roles - Cardholder data - Merchant levels and SAQs UofC

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) Q1: What is the purpose of the AIS programme? Q2: What exactly is the Payment Card Industry (PCI) Data Security

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level. Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

Merchant guide to PCI DSS

Merchant guide to PCI DSS Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009 AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Information Technology

Information Technology Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing

More information

PCI DSS. CollectorSolutions, Incorporated

PCI DSS. CollectorSolutions, Incorporated PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted

More information

IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES

IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES Currently there are three University approved e-commerce website configurations: (1) MERCHANT-MANAGED E-COMMERCE IMPLEMENTATION (2) SHARED-MANAGEMENT

More information

PCI Data Security Standards

PCI Data Security Standards PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million

More information

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI

More information

PCI DSS and SSC what are these?

PCI DSS and SSC what are these? PCI DSS and SSC what are these? What does PCI DSS mean? PCI DSS is the English acronym for Payment Card Industry Data Security Standard. What is the PCI DSS programme? The bank card data, which are the

More information

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS: Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal

More information

PCI Compliance. Top 10 Questions & Answers

PCI Compliance. Top 10 Questions & Answers PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements

More information

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,

More information

PC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA

PC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?

More information

Josiah Wilkinson Internal Security Assessor. Nationwide

Josiah Wilkinson Internal Security Assessor. Nationwide Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges

More information

Payment Card Security

Payment Card Security Payment Card Security January 31, 2008 Kieran Norton, Senior Manager Security & Privacy Services, Deloitte & Touche LLP Focus of the Presentation PCI Overview Background Current Environment Key Considerations

More information

Achieving PCI Compliance for Your Site in Acquia Cloud

Achieving PCI Compliance for Your Site in Acquia Cloud Achieving PCI Compliance for Your Site in Acquia Cloud Introduction PCI Compliance applies to any organization that stores, transmits, or transacts credit card data. PCI Compliance is important; failure

More information

Processing e-commerce payments A guide to security and PCI DSS requirements

Processing e-commerce payments A guide to security and PCI DSS requirements Processing e-commerce payments A guide to security and PCI DSS requirements August 2014 Contents Foreword by Peter Bayley 3 The systems involved 4 The key steps involved 4 The Payment Industry (PCI) Data

More information