Companies providing payment gateways, loyalty programs, and authorization and related services for Visa-branded transactions have improved their compliance with the Payment Card Industry Data Security Standard, Visa Inc. announced Jan. 27.
Of Visa’s 1,182 registered U.S. service providers, which the card network calls “downstream agents,” 82% had validated their compliance with the standard as of Dec. 31, according to Visa. That represents an increase from 78% that had six months earlier (
“We can’t really read into the change in agent population,” a Visa spokesperson, tells PaymentsSource. “It could be consolidation. It could be companies going out of business. We don’t have a way to know. We just require our clients to register their agents.”
Meanwhile, other entities that connect to Visa’s system in the United States showed little change. Among the 377 registered Level 1 merchants–those with more than 6 million annual Visa transactions–using Visa’s services, 96% validated their compliance, unchanged from June. This merchant group accounts for approximately 50% of Visa’s transactions.
Compliance among Visa’s 894 registered Level 2 merchants–those with between 1 million to 6 million transactions per year–improved slightly, to 96% from 95% in June. Level 2 merchants account for approximately 13% of Visa’s transactions.
Visa continues to list compliance as “moderate” among the 2,591 registered Level 3 merchants that use its processing services. This group, which accounts for less than 5% of Visa’s transactions, consists of e-commerce merchants that handle between 20,000 and 1 million transactions online annually.
Visa similarly lists compliance as “moderate” among Level 4 merchants, which handle fewer than 1 million Visa transactions annually. Because these merchants, which account for 32% of Visa’s transactions, must validate their compliance with their acquirers and not directly with Visa, Visa says its ability to measure their compliance is difficult.
That also makes it more difficult to assess how many have validated that their payments systems do not store prohibited data. “Although all U.S. merchants are required to use a PA-DSS-compliant payment application, there is no current tracking mechanism for the 5 million-plus Level 4 merchants,” the Visa representative says.
All Level 1 and Level 2 merchants do not store prohibited data, Visa’s data show.
At 99%, PCI compliance among the 77 VisaNet processors was unchanged from June, Visa said.
What do you think about this? Send us your feedback.
