security requirements in the US
For many Level 1 (large) US merchants, the 30 September deadline
set by Visa for compliance with the Payment Card Industry (PCI)
Security Standards Council’s Data Security Standard (DSS) proved
ambitious. In late October, Visa reported 35 percent of Level 1
merchants had not yet validated their compliance with the DSS,
though this was down from 64 percent in December 2006. Visa defines
Level 1 merchants as those processing 6 million or more Visa
transactions each year.
Go deeper with GlobalData
Medium-sized (Level 2) merchants – those processing 1 million to 6
million Visa transactions annually – were well behind their larger
counterparts: 57 percent had not yet achieved PCI DSS compliance.
This was, however, a big improvement on the 85 percent that were
non-compliant in December 2006. Level 2 merchants have until 31
December 2007 to achieve compliance.
On 1 October Visa began levying fines of $25,000 a month on US
acquirers for each of their Level 1 merchants that had not
validated DSS compliance. Fines related to Level 2 merchants will
be $5,000 per month per non-compliant merchant. In total, about
1,200 Level 1 and Level 2 merchants account for about two-thirds of
all Visa transactions.
The PCI Security Standards Council was founded in September 2006 by
payment card companies American Express, Discover Financial
Services, JCB, MasterCard Worldwide and Visa. The DSS requires
merchants and service providers that store, process or transmit
customer credit card data to adopt aggressive security controls and
processes to ensure data integrity.
DSS requirements cover areas such as data security management, data
network architecture and software design.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData
