Visa warns of higher fees for merchants who don't meet PCI deadline
They have until Sept. 30 to comply
August 14, 2007 12:00 PM ETComputerworld - Visa U.S.A. Inc. is reiterating a message it issued last December, warning large merchants who accept credit cards that they will face higher transaction fees if they are not fully compliant with the Payment Card Industry (PCI) Data Security Standard by Sept. 30.
The company recently issued updates and clarifications regarding certain components of its PCI compliance acceleration program to the acquiring banks that authorize merchants to accept credit card transactions. The updates offer greater detail on the penalties and incentives that go into effect Oct. 1 for all large entities covered under PCI.
Acquiring banks, which under PCI are contractually responsible for ensuring that merchant members meet PCI requirements, are expected to communicate the updates to the largest merchants over the next few days, according to a source who asked not to be named.
Under PCI, all companies that accept credit cards must comply with 12 security-related requirements that call for, among other things, encrypted transmission of cardholder data, periodic network scans, logical and physical access controls and activity monitoring and logging. The standards are being pushed by Visa, MasterCard Worldwide, Discover Financial Services LLC , American Express Co. and Tokyo-based JCB Co.
The rules went into broad effect more than two years ago; since then, credit card companies have been pushing merchants to implement the requirements. As part of the effort, Visa last year announced a compliance acceleration program under which it detailed specific incentives and penalties to get Tier 1 and Tier 2 merchants (those processing more than 1 million credit card transactions annually) to implement the requirements by Sept. 30, 2007.
In its recent update, Visa said that as of Oct. 1, 2007, noncompliant merchants in these categories will no longer qualify for the best available tiered interchange rates. Visa and Interlink transactions submitted by noncompliant merchants that are normally eligible for tiered interchange rates will be downgraded one interchange tier starting October 1, according to a document made available to Computerworld.
According to the document, merchants must validate compliance with the PCI security standard in order to be returned to the best-available rate within Visa interchange tiers. Visa will reinstate the merchant to that interchange rate within 20 business days of compliance validation by the acquiring bank. The deadlines apply to companies that were identified as being in the Tier 1 or Tier 2 categories prior to Jan 1, 2007.
Interchange rates are the commissions that merchants pay for each credit card transaction. Merchants in different tiers have different rates, with the largest ones paying less than their smaller counterparts. Analysts in the past have said the prospect of losing this benefit has been a major driver of PCI compliance efforts among large merchants that process millions of transactions annually.
Visa
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

