IMGCAP(1)]
Visa Inc. yesterday set Sept. 30, 2009, as the global deadline for the largest merchants to confirm to Visa that none of their point-of-sale systems retains such sensitive cardholder information as track data and security codes from payment cards and personal identification numbers after transactions have been authorized. Level 1 merchants, which process more than 6 million Visa transactions per year, and Level 2 merchants, which process from 1 million and 6 million annual Visa transactions, are subject to the deadline. Visa also set Sept. 30, 2010, as the deadline for acquirers to validate their Level 1 merchants comply with the Payment Card Industry Data Security Standard, which additionally requires that firewalls be installed and physical access to cardholder is restricted among other measures. Acquirers face fines and mandates to take corrective action for failing to meet either deadline, Visa says. Visa Europe, as an autonomous licensee of Visa Inc., sets its own deadlines, Visa says. A Visa Europe spokesperson was not available by CardLine's deadline. To reduce confusion, Visa Inc. also set Feb. 1 as the effective date for defining into which category, 1 or 2, a service provider falls. A service provider-defined as an entity that stores, processes or transmits Visa cardholder data on behalf of Visa acquirers, issuers, merchants or other service providers-in category 1 handles more than 300,000 annual Visa transactions. Service providers with fewer transactions are in category 2. These moves are vital to "ensuring the integrity of the global payments system," Eduardo Perez, Visa Inc. head of global data security, said in a statement.
