Visa Europe introduces PCI DSS compliance programme
09 February 2011 | 4985 views | 0
Visa Europe today announced a new Technology Innovation Programme which instantly reduces EMV chip merchants' PCI DSS compliance resource requirements and provides a strong incentive for remaining magnetic stripe-only merchants to migrate to EMV chip acceptance technology.
Merchants who enrol in the programme, effective from 30 April 2011, will be recognised as having full, validated compliance if they have met milestones 1-2 of the Payment Card Industry's Prioritised Approach for PCI DSS, and be exempt from penalties in the event of a data compromise if they have completed milestones 1-4*.
The new initiative reflects the fraud reduction benefits that EMV chip has brought to card payments in Europe and is designed to provide tangible benefits to merchants who invest in EMV chip-enabled payments technology at point-of-sale ('POS'). The fraud to sales ratio across Europe is now 0.049% (YE September 2010) compared to 0.057% (YE September 2009), a 14% year-on-year decrease.
The Technology Innovation programme is available to any merchant who has previously validated PCI DSS compliance, or provided a plan to come into compliance, and who has not been involved in a recent material breach of cardholder data.
Stanley Skoglund, Senior Vice President, Payment System Security, at Visa Europe, says, "EMV chip is a proven technology platform that has helped reduce fraud and enables payment innovation. Visa is taking the lead in recognising and rewarding the investment that many face-to-face merchants throughout Europe have made in migrating to an EMV chip POS acceptance environment.This new programme means that merchants can meet their PCI DSS compliance requirements and reduce their overall security costs.
"The programme further demonstrates our strong commitment to achieving full EMV chip migration in Europe as the technology provides the best platform for reducing fraud, implementing SEPA and for introducing innovations such as contactless and mobile payments."
Merchants can enrol in the Technology Innovation Programme from 30 April 2011. Those who choose not to enrol in the programme may seek to limit the availability of all payment card data within their environment through other complementary technologies such as data field d encryption and/or tokenisation.