Welcome to Collaborative Strategy Guild

Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.

Visa says no PCI RoC for chip/pin… Um… OK, then.

By

So I saw some news coverage this morning saying that VISA has decided that for companies outside the U.S., if they process more than 75 percent of their transactions using EMV, they can stop caring about PCI compliance.  Well, OK… not really.

The program, called “TIP” or Technology Innovation Program is designed to encourage merchants to make the switch to chip+PIN transactions.  They’re doing that by forgoing the annual compliance validation requirement for certain merchants.  According to the VISA bulletin:

Effective 31 March 2011, this program will allow qualifying merchants outside of the United States to discontinue their annual PCI DSS revalidation assessment. Qualifying… Continue reading: Visa says no PCI RoC for chip/pin… Um… OK, then.

February 11th, 2011 | Category: Analysis, DSS, PCI, VISA | Leave a comment

PAN Truncation and PCI DSS Compliance

By

Plenty has been written about the VISA tokenization best practices – but many have overlooked the truncation best practices. Ed and I covered truncation for SearchFinancialSecurity:

In July, Visa Inc. got out ahead of the Payment Card Industry (PCI) Security Standards Council and issued its own best practices for tokenization and PAN truncation. While quite a lot of attention has been paid to the tokenization side of the recently issued guidance, the truncation side has received less attention. We thought it would be useful to address the other side of this vital PCI Data Security Standard compliance issue.

For the rest of the article, please click here.

Continue reading: PAN Truncation and PCI DSS Compliance

August 30th, 2010 | Category: Analysis, best practices, pan truncation, PCI, SC in the news, VISA | Leave a comment