Visa Issues Alert and Steps Up PCI Enforcement

Visa, in conjunction with the US Chamber of Commerce, has published an alert that identifies the leading causes of data breaches. Full details can be found at the Chamber’s website. The five leading causes of card-related breaches are:

1) Storage of mag stripe data
2) Missing or outdated security patches
3) Use of vendor supplied default settings and passwords
4) SQL injection
5) Unnecessary and vulnerable services on servers

Also, the GreenSheet recently reported that Visa has increased its efforts to enforce compliance with PCI standards. The article states that all Level 1 merchants were required to validate compliance by Sept. 30, and that there are approximately 20 level 1 merchants that are currently subject to fines ranging from $10,000 to $100,000 PER MONTH for failure to comply.

In the October issue of Transaction World magazine, Michael E. Smith, Senior Vice President of Enterprise Risk and Compliance for Visa USA, has published an article entitled Targeting the Main Source of Cardholder Data Breaches. He cautions that “…some payment applications may inadvertently store prohibited, sensitive cardholder information,” creating a situation where merchants don’t even realize that they have a security risk. He also advises that merchants should check the list of PABP (Payment Application Best Practices) validated products on Visa’s site at www.visa.com/cisp. And he emphatically states that “Visa expects all payment application vendors to adhere to the PABP.” This article is one of the most direct declarations that I have seen of Visa’s intent to make PABP mandatory for all payment applications.

This entry was posted on October 25, 2006 at 11:39 pm and is filed under Payment Card Industry / Credit Card Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or trackback from your own site.