News

Visa rolls out new payment application security mandates

October 25, 2007 12:00 PM ET

At the same time, Visa has also been circulating a frequently updated list of vulnerable payment applications with instructions to card-issuing banks to get merchants to stop using such software.

Tuesday's announcement formalizes these efforts into a set of standards that companies need to implement with a specific time frame.

The first phase of Visa's payment application security mandates goes into effect on Jan. 1, 2008. After that date, the so-called acquiring banks that authorize companies to accept payment card transactions will be prohibited from authorizing new merchants that use payment applications known to be vulnerable. According to an Oct. 23 Visa bulletin, the goal in the first phase is to deter software vendors from introducing new vulnerable applications into the payment system.

The next two phases, which go into effect on July 1 and Oct. 1, 2008, respectively, are designed to get payment processors, agents and merchants to start using software that is compliant with the new application security standards.

Starting on Oct. 1, 2009, all merchants will be required to start terminating the use of any noncompliant payment applications that they might still have in their environments. The fifth phase, beginning July 1, 2010, mandates the use of only those payment applications that support the new standards, according to Visa.

The application rules complement a separate set of PCI standards that are already in place for all entities handling payment cards. Under PCI, merchants are required to implement a set of 12 security controls such as encryption, transaction logging and access management for protecting cardholder data.

Though the requirements went into effect more than two years ago, a large number of big retailers are still noncompliant because of a variety of issues that include legacy system challenges, rules interpretation issues and continuously evolving guidelines.

Read more about Security in Computerworld's Security Topic Center.

Comments ()

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Additional Resources

WHITE PAPER

Enter the Security KnowledgeVault

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

WHITE PAPER

Cut Communications Costs Once and for All

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Top Stories

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Security White Papers

An interactive eGuide: Healthcare IT: In this eGuide, Computerworld along with sister publications CIO, InfoWorld, and CSO, examine some of the most pressing issues facing healthcare IT today....
Securing critical data and IT infrastructure in healthcare environments: Through a robust intrusion prevention reference architecture as detailed in this white paper, the HP TippingPoint IPS helps healthcare organizations get a high...
How to Effectively Secure Electronic Healthcare Records: In the ongoing effort to reach HIPPA Electronic Medical Record (EMR) compliance standards, one of the biggest concerns is security. Download this whitepaper...
Driving Secure Enterprise File Sharing and Syncing in the Enterprise: GroupLogic's new activEcho is the industry's only secure Enterprise File Sharing and Synching solution that balances the need for simplicity for the end...
The Enterprise File Sharing Option: Enterprises and IT departments need to address several critical security issues when considering file sharing and syncing products. Many of today's solutions do...

Security Webcasts

Live Webcast Data Privacy and Protection in Production Environments: New Research from Ponemon Institute: Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT

In a recent study conducted by Ponemon Institute, fifty-five percent of respondents...
BlackBerry PlayBook OS 2.0 Security Overview: The presentation provides an overview of BlackBerry PlayBook OS 2.0 security capabilities and features, including: BlackBerry® Balance™ technology, BlackBerry® Bridge, data-at-rest protection, and...
Data Privacy and Protection in Production Environments: New Research from Ponemon Institute: Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT

In a recent study conducted by Ponemon Institute, fifty-five percent of respondents...
Security Certifications 101 - BlackBerry and all those acronyms what do they mean and why they matter?: FIPS, Common Criteria, CAPS, AISEP, NFC, NIST, Fraunhofer SIT, CESG, DSD - these are just some of the government and industry certifications which...
BlackBerry NFC Security Overview: The presentation on NFC security will provide an overview of the security protections built into the BlackBerry platform to protect users, application developers...
Playing Defense: Staying on Top of Your Disaster Recovery Game: When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...