Visa Data Security Alert Malicious Software and Internet Protocol Addresses



Similar documents
For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Global Partner Management Notice

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

What To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures

PCI Security Scan Procedures. Version 1.0 December 2004

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

How To Protect A Web Application From Attack From A Trusted Environment

Franchise Data Compromise Trends and Cardholder. December, 2010

Visa Data Security Bulletin (AP)

What To Do If Compromised

V ISA SECURITY ALERT 13 November 2015

LogRhythm and PCI Compliance

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Credit Card (PCI) Security Incident Response Plan

Guideline on Auditing and Log Management

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Data Security for the Hospitality

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

A Decision Maker s Guide to Securing an IT Infrastructure

Josiah Wilkinson Internal Security Assessor. Nationwide

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

Payment Card Industry (PCI) Data Security Standard

Bradley University Credit Card Security Incident Response Team (Response Team)

How To Secure An Extended Enterprise

PCI Requirements Coverage Summary Table

How To Manage Security On A Networked Computer System

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Payment Card Industry (PCI) Data Security Standard PFI Final Incident Report. Template for PFI Final Incident Report. Version 1.0.

Appendix 1 - Credit Card Security Incident Response Plan

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Why Is Compliance with PCI DSS Important?

Payment Card Industry (PCI) Data Security Standard PFI Final Incident Report. Template for PFI Final Incident Report. Version 1.1.

Thoughts on PCI DSS 3.0. September, 2014

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

Template for PFI Final Incident Report for Remote Investigations

Payment Processing Threats Impacting Grocery Store Merchants. April 2013

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

KEY STEPS FOLLOWING A DATA BREACH

05.0 Application Development

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

Getting Ahead of Malware

PCI Requirements Coverage Summary Table

FairWarning Mapping to PCI DSS 3.0, Requirement 10

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Our Security. History of IDS Cont d In 1983, Dr. Dorothy Denning and SRI International began working on a government project.

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

How To Protect Your Credit Card Information From Being Stolen

PCI Compliance Top 10 Questions and Answers

PCI Compliance for Cloud Applications

How to effectively respond to an information security incident

PCI Compliance. Top 10 Questions & Answers

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

The Comprehensive Guide to PCI Security Standards Compliance

Reporting and Incident Management for Firewalls

March

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

MITIGATING LARGE MERCHANT DATA BREACHES

GFI White Paper PCI-DSS compliance and GFI Software products

Project Title slide Project: PCI. Are You At Risk?

Frequently Asked Questions

Accepting Payment Cards and ecommerce Payments

Technical breakout session

Top Ten Cyber Threats

How To Protect Visa Account Information

Passing PCI Compliance How to Address the Application Security Mandates

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

P Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Breach Found. Did It Hurt?

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Architecture Overview

Ohio Supercomputer Center

Guidelines for Web applications protection with dedicated Web Application Firewall

CorreLog Alignment to PCI Security Standards Compliance

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Security Incident Procedures Response and Reporting Policy

CREDIT CARD SECURITY POLICY PCI DSS 2.0

FISMA / NIST REVISION 3 COMPLIANCE

Becoming PCI Compliant

Enforcing PCI Data Security Standard Compliance

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

A Rackspace White Paper Spring 2010

Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: March Information Supplement: Protecting Telephone-based Payment Card Data

Compliance Guide: PCI DSS

Transcription:

Risk Management Data Security April 1, 2009 Visa Data Security Alert Malicious Software and Internet Protocol Addresses The protection of account information is a responsibility shared by all participants in the Visa payment system. Visa is committed to providing educational information to its key stakeholders about potential vulnerabilities and urges financial institution clients to share this information with their vendors, processors, and other agents. This information is being provided to better equip Visa clients, merchants and agents in mitigating the threat of a network intrusion and data compromise. Related Information Visa Business News Archive Key Dates Visa Online This alert includes updated information on malicious software (see Table 1 attachment) and Internet Protocol (IP) addresses (see Table 2 attachment) identified during Visa s computer forensic investigations. Malicious Software Malicious software or malware is designed to damage or infiltrate computer systems. An example of a malware is a packet sniffer. A packet sniffer, also known as a network analyzer, captures and interprets a stream or a block of data (referred to as a packet ) as it travels on the network. Packet sniffers can have legitimate or illegitimate use on a network. Intruders can sniff packets being sent between network users, and can collect sensitive information such as usernames, passwords, payment card data, or social security numbers. Visa recommends that Visa clients, merchants, and agents review this list of malicious software and work with their internal information security team to determine if malware exists within their network. An updated list of malware and MD5 and SHA-1 hash values can also be found in the Table 1 attachment. Malicious IP Addresses Every computer operating on the Internet is assigned a unique number comprised of four octets called an IP address. Based on Visa s forensic investigations, we have identified IP addresses being used by intruders to gain unauthorized access to an entity s network. Visa recommends that Visa clients, merchants, and agents review this list of malicious IPs to monitor and block these IPs from their firewall rule sets. Prior to blocking IPs, Visa recommends that entities perform due diligence and ensure that blocking will not cause connectivity issues on legitimate access. An updated list of malicious IPs can be found in the Table 2 attachment. Mitigation Strategies To guard your network against malware and malicious IP addresses, Visa clients, merchants, and agents should review the network vulnerabilities identified below and implement mitigating controls where appropriate. While these essential security

practices do mitigate critical vulnerabilities, there are many factors that may affect an actual implementation. These measures alone may not be appropriate or sufficient depending on the implementation of an entity s IT infrastructure and its business needs. Visa provides this information solely to build awareness of data security and industry best practices, and disclaims any opinion of effectiveness or responsibility for any data compromise or other consequences as a result of these measures. Payment system participants should ensure that they are aware of these vulnerabilities and should take steps, where appropriate, to mitigate risk. It is important that all payment system participants continue to be diligent and maintain Payment Card Industry Data Security Standard (PCI DSS) compliance at all times. 1. Configure firewalls to scan for the attached IPs and determine whether or not to block IPs Prior to blocking IPs, Visa recommends that entities perform due diligence and ensure that blocking will not cause connectivity issues on legitimate access. Firewalls are typically used to prevent unauthorized Internet users from accessing networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. 2. Utilize a Network-based Intrusion Detection System Network-based intrusion detection systems (NIDS) are designed to monitor network traffic to distinguish between normal network activity and abnormal or suspicious activity that may identify an attack. 3. Utilize a Host-based Intrusion Detection System Host-based intrusion detection systems (HIDS) are designed to monitor the behavior of host/computer systems to distinguish between normal activity and abnormal or suspicious activities. A key function of HIDS is to detect unknown activities caused by malware, packet sniffers or rootkits by monitoring incoming and outgoing communications traffic. HIDS will then check the integrity of critical system files and directories and watch for suspicious processes and executables. HIDS can also monitor the usage of system accounts with elevated or administrative privilege. Unexpected use of accounts with administrative privilege is often a sign of a larger compromise. 4. Properly Segment Network Payment card account information can be compromised at Visa clients, merchants, and agents that lack proper network segmentation. 5. SQL Injection A review of recent data security breaches suggests Structured Query Language (SQL) injection attacks on e-commerce websites and web-based applications that manage card accounts (e.g., PIN updates, monetary additions, and account holder updates) have become more prevalent. SQL injection attacks are caused primarily by applications that lack input validation checks, unpatched web servers, and poorly configured web and database servers. These attacks pose serious additional risks to cardholder data stored or transmitted within systems and networks connected to the affected environment.

Summary Visa recommends that clients, merchants and agents review the information contained in this alert and perform a vulnerability scan to determine if their networks and hosts have been exposed to these malicious software and IP addresses. This information was recently used by several entities to discover security breaches that were otherwise undetected. In the event of a security incident, Visa clients and their agents must take immediate action to investigate the incident, limit the exposure of cardholder data, notify Visa and report investigation findings. The following steps used in conjunction with the instructions delineated in Visa s What To Do If Compromised document should be adhered to in the event of a security incident. These steps include: Immediately contain and limit the exposure Isolate compromised systems (do not log on to or access systems) Preserve evidence for forensic investigation Work with your internal information security and incident response team Keep a log of all actions taken and follow the chain of custody control Be on high alert and monitor traffic on all systems with cardholder data Notify your acquiring bank if you are a merchant Notify Visa Fraud Control Group (Asia Pacific) at (65) 9630-7672 if you are a financial institution Notify your banking regulator if you are a financial institution Notify local law enforcement Consult with your legal department regarding state and federal notification laws Visa may require the compromised entity to engage a Visa-approved Qualified Incident Response Assessor (QIRA). Table 1 Malicious Software, Tools, Hash Values, and Registry Keys Table 2 Malicious IP Addresses Please refer to the What To Do If Compromised document available on www.visa-asia.com/secured.

Please contact Visa Fraud Control Group (Asia Pacific) at (65) 9630-7672 or send an e-mail to APInvestigations@visa.com. Notice: This Visa communication is furnished to you solely in your capacity as a customer of Visa Inc. and member of the Visa payments system. By accepting this Visa communication, you acknowledge that the information contained herein (the "Information") is confidential and subject to the confidentiality restrictions contained in Visa's operating regulations, which limit your use of the Information. You agree to keep the Information confidential and not to use the Information for any purpose other than in your capacity as a customer of Visa Inc. or as a member of the Visa payments system. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in the Visa payments system. Please be advised that the Information may constitute material nonpublic information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc. while being aware of material nonpublic information would constitute a violation of applicable U.S. federal securities laws. This information may change from time to time. Please contact your Visa representative to verify current information. Visa is not responsible for errors in this publication. The Visa Non-Disclosure Agreement can be obtained from your VisaNet Account Manager or the nearest Visa Office.

Table 1 Malicious Software, Tools, Hash Values, and Registry Keys Filename Purpose File Size MD5/SHA-1 Hash Values or Registry Key Malicious Software (As of February/March 2009) wiadebyld.dll Password collector 23,552 089AC4794A3E257146405EF791AC60F4 Win32.exe Hider.sys Rh.exe winsrv32.exe Application that instantiates the wpcap file to sniff network packets, accepts a string argument specifying the pattern to search for packed WinPcap Pro or WinPcap Rootkit used to hide malicious code Rootkit Hunter application that is used to look for rootkits on systems and can also perform memory dumps for running processes Application that starts at runtime and runs in the background to handle the win32.exe file 41,984 Not available MD5: 59F020586B486637A38CFD421B828DF9 SHA1: 651e81997ec837b2df1a1efb472076f0509102f7 MD5: 2dd6d91c651218b36b30e2e7c5c232d6 SHA1: 704c49121b9b9ff529eb62edc8e86af3ad859b14 5,744 a043df46903c717093972609721c7da5 254,646 1862f325333ba82651704ad36ff130bd wpcap.dll File from WinPcap Pro software 231,952 c5d497b91d5a28b7988101926721b154 packet.dll File from WinPcap Pro software 479,232 7d34f9aeff5c1ddefe948f71b85d885d Wns.exe A reverse shell like smn.exe. Full capabilities are unknown 45,056 738A8C8B86C8099988C84626E274C094 Stamp.exe Tool to change time stamps of files 45,568 1D16656700DC68584C82B5F84F8BC230 Malicious Software (As of December 2008 /January 2009) appsqlio.exe Reverse shell tool Not available 387cda6eb91f0b3a054de20c02320338 obsqlio.exe SQL output redirector Not available f640e53718bc83cb8bb10b1eafb50edf blobsqlio.exe Packed version of gsecdump Not available 959523fc10584da9bfb31a524ff472aa sn.exe Packet sniffer Not available e07b83abda5b566b3e9a30515a59ecc3 msdtsc.exe Packet sniffer 79,872 4724103b13e6ce832fbb2c08a419eac6 svclhost.exe Network communication tool Not available da4ab50185c7b246d1d2c8fa7bd7a5ed rexesvr.exe Command line execution Not available 003f6cda98a40529cc87fd1387714fd7 svcl.exe Renamed version of sn.exe Not available e07b83abda5b566b3e9a30515a59ecc3 eqslquery.exe Script that automates the installation of rexesvr.exe Not available bc354dcf5221aea9fae8a3283c09504d rarx.exe Compression tool Not available fd729427144044730c572fd5b9be7dd9 Soft.exe Backdoor Not available ea75939da539a3879e5b442b11b51f24 lsasstd.exe Backdoor 1,536 07536e77ece9e70f5bf3d6f357c77b04

Filename Purpose File Size MD5/SHA-1 Hash Values or Registry Key lsasstm.exe Backdoor 23,568 e2736b8e0628a07fc3a6dcccad99245e smn.exe Backdoor 1,536 b0ff54c190455feda3f67b53c4a4453d mstsk.exe Utility used to inject code on running processes 7,680 ddfd9073a5f222e223f5f2156c71629d For information on securing cardholder data, please visit www.visa-asia.com/secured. Notice: This Visa communication is furnished to you solely in your capacity as a customer of Visa Inc. and member of the Visa payments system. By accepting this Visa communication, you acknowledge that the information contained herein (the "Information") is confidential and subject to the confidentiality restrictions contained in Visa's operating regulations, which limit your use of the Information. You agree to keep the Information confidential and not to use the Information for any purpose other than in your capacity as a customer of Visa Inc. or as a member of the Visa payments system. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in the Visa payments system. Please be advised that the Information may constitute material nonpublic information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc. while being aware of material nonpublic information would constitute a violation of applicable U.S. federal securities laws. This information may change from time to time. Please contact your Visa representative to verify current information. Visa is not responsible for errors in this publication. The Visa Non-Disclosure Agreement can be obtained from your VisaNet Account Manager or the nearest Visa Office.

Table 2 Malicious IP Addresses Signature Type Raw Details Malicious IPs (As of February/March 2009) Malicious IP Address IP Address 64.53.46.223 Malicious IP Address IP Address 75.144.194.185 Malicious IP Address IP Address 219.109.215.70 Malicious IP Address IP Address 66.226.76.19 Malicious IP Address IP Address 80.56.252.235 Malicious IP Address IP Address 89.114.16.184 Malicious IP Address IP Address 82.83.245.127 Malicious IP Address IP Address 99.238.233.46 Malicious IP Address IP Address 24.129.42.16 Malicious IP Address IP Address 24.190.194.17 Malicious IP Address IP Address 86.104.24.12 Malicious IP Address IP Address 84.198.76.14 Malicious IP Address IP Address 79.113.14.198 Malicious IP Address IP Address 78.42.100.224 Malicious IP Address IP Address 86.69.42.84 Malicious IP Address IP Address 193.41.140.250 Malicious IP Address IP Address 98.163.94.36 Malicious IP Address IP Address 75.144.194.185 Malicious IP Address IP Address 219.109.215.70 Malicious IP Address IP Address 72.9.108.226 Malicious IP Address IP Address 88.214.208.44 Malicious IP Address IP Address 85.17.105.37 Malicious IP Address IP Address 66.179.127.30 Malicious IPs (As of December 2008/January 2009) Malicious IP Address IP Address 90.15.59.86 Malicious IP Address IP Address 85.221.196.131 Malicious IP Address IP Address 85.221.138.252 Malicious IP Address IP Address 64.247.58.239 Malicious IP Address IP Address 89.37.241.180 Malicious IP Address IP Address 83.4.164.214 Malicious IP Address IP Address 72.36.215.253 Malicious IP Address IP Address 202.71.103.77 Malicious IP Address IP Address 194.146.248.7

Malicious IP Address IP Address 85.17.105.34 Malicious IP Address IP Address 91.193.63.15 Signature Type Raw Details Malicious IP Address IP Address 89.37.240.118 Malicious IP Address IP Address 91.145.136.65 Malicious IP Address IP Address 82.232.177.64 Malicious IP Address IP Address 89.76.218.105 Malicious IP Address IP Address 89.37.241.241 Malicious IP Address IP Address 89.76.220.36 Malicious IP Address IP Address 83.55.141.204 Malicious IP Address IP Address 216.55.169.234 Malicious IP Address IP Address 89.43.45.232 Malicious IP Address IP Address 62.21.81.104 Malicious IP Address IP Address 89.37.242.28 Malicious IP Address IP Address 89.43.45.159 Malicious IP Address IP Address 77.253.108.16 Malicious IP Address IP Address 91.189.139.168 Malicious IP Address IP Address 85.221.136.196 Malicious IP Address IP Address 77.253.115.137 Malicious IP Address IP Address 213.84.163.246 Malicious IP Address IP Address 83.110.17.228 Malicious IP Address IP Address 12.210.14.103 Malicious IP Address IP Address 74.138.172.183 Malicious IP Address IP Address 85.17.239.11 Malicious IP Address IP Address 69.244.206.15 Malicious IP Address IP Address 69.141.149.138 Malicious IP Address IP Address 88.156.44.152 Malicious IP Address IP Address 216.80.124.225 Malicious IP Address IP Address 76.100.75.1 Malicious IP Address IP Address 216.196.173.93 Malicious IP Address IP Address 75.64.114.45 Malicious IP Address IP Address 89.32.130.86 Malicious IP Address IP Address 58.65.239.58 Malicious IP Address IP Address 66.36.229.201 Malicious IP Address IP Address 74.54.131.130 Malicious IP Address IP Address 74.53.114.16 Malicious IP Address IP Address 203.190.175.39 Malicious IP Address IP Address 203.190.172.18 Malicious IP Address IP Address 69.70.122.98 Malicious IP Address IP Address 65.111.171.20 Malicious IP Address IP Address 65.111.171.21 Malicious IP Address IP Address 174.36.196.207 Malicious IP Address IP Address 208.43.74.19 Malicious IP Address IP Address 216.55.162.167 Malicious IP Address IP Address 216.55.164.44 Malicious IP Address IP Address 200.115.173.25

Malicious IP Address IP Address 85.17.239.11 Malicious IP Address IP Address 82.13.14.61 Malicious IP Address IP Address 193.11.110.32 Malicious IP Address IP Address 207.255.204.160 Malicious IP Address IP Address 216.244.34.155 Malicious IP Address IP Address 24.159.22.70 Signature Type Raw Details Malicious IP Address IP Address 67.182.137.29 Malicious IP Address IP Address 67.85.92.181 Malicious IP Address IP Address 68.50.185.130 Malicious IP Address IP Address 68.94.212.161 Malicious IP Address IP Address 69.110.26.21 Malicious IP Address IP Address 69.14.110.49 Malicious IP Address IP Address 69.212.211.243 Malicious IP Address IP Address 70.162.2.249 Malicious IP Address IP Address 71.238.147.129 Malicious IP Address IP Address 71.239.155.202 Malicious IP Address IP Address 72.242.241.189 Malicious IP Address IP Address 74.62.212.143 Malicious IP Address IP Address 75.118.180.255 Malicious IP Address IP Address 76.204.117.205 Malicious IP Address IP Address 76.22.3.137 Malicious IP Address IP Address 76.239.29.46 Malicious IP Address IP Address 76.242.106.40 Malicious IP Address IP Address 79.118.160.231 Malicious IP Address IP Address 79.139.245.79 Malicious IP Address IP Address 82.13.14.61 Malicious IP Address IP Address 83.99.227.209 Malicious IP Address IP Address 89.114.215.182 Malicious IP Address IP Address 91.177.6.209 Malicious IP Address IP Address 216.55.126.167 Malicious IP Address IP Address 216.55.185.9 Malicious IP Address IP Address 212.126.1.244 Malicious IP Address IP Address 212.126.9.154 Malicious IP Address IP Address 212.126.11.27 Malicious IP Address IP Address 212.126.12.89 Malicious IP Address IP Address 212.126.14.197 Malicious IP Address IP Address 212.126.18.171 Malicious IP Address IP Address 212.126.20.83 Malicious IP Address IP Address 212.126.22.64 Malicious IP Address IP Address 212.126.25.247 Malicious IP Address IP Address 212.126.31.182 Malicious IP Address IP Address 212.126.32.67 Malicious IP Address IP Address 212.126.46.199 Malicious IP Address IP Address 212.126.47.93 Malicious IP Address IP Address 212.126.53.23

Malicious IP Address IP Address 212.126.55.166 Malicious IP Address IP Address 212.126.57.215 Malicious IP Address IP Address 212.126.72.14 Malicious IP Address IP Address 212.126.73.220 Malicious IP Address IP Address 212.126.78.153 Malicious IP Address IP Address 212.126.83.57 Malicious IP Address IP Address 212.126.84.117 Malicious IP Address IP Address 212.126.92.167 Malicious IP Address IP Address 212.126.94.174 For information on securing cardholder data, please visit www.visa-asia.com/secured. Notice: This Visa communication is furnished to you solely in your capacity as a customer of Visa Inc. and member of the Visa payments system. By accepting this Visa communication, you acknowledge that the information contained herein (the "Information") is confidential and subject to the confidentiality restrictions contained in Visa's operating regulations, which limit your use of the Information. You agree to keep the Information confidential and not to use the Information for any purpose other than in your capacity as a customer of Visa Inc. or as a member of the Visa payments system. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in the Visa payments system. Please be advised that the Information may constitute material nonpublic information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc. while being aware of material nonpublic information would constitute a violation of applicable U.S. federal securities laws. This information may change from time to time. Please contact your Visa representative to verify current information. Visa is not responsible for errors in this publication. The Visa Non-Disclosure Agreement can be obtained from your VisaNet Account Manager or the nearest Visa Office.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information