Personal Cardholder Information
Visa focuses on securing cardholder data wherever it is stored. Security is a shared responsibility; Visa insists that financial institutions, merchants and service providers have in place appropriate layers of security to protect cardholder data and reduce the potential for fraud.
An Industry United
In 2006, Visa led the industry establishment of the Payment Card Industry Security Standards Council (PCI SSC), an open global forum to maintain data security standards. The council is a cooperative effort to align payment network security requirements under a single framework.
PCI SSC standards include:
- PCI Data Security Standard (PCI DSS) — applies to any entity that stores, processes and/or transmits cardholder data.
- PCI PIN Transaction Security (PCI PTS) Requirements — apply to any entity that processes or transmits PIN data at ATMs and point of sale terminals.
- Payment Application Data Security Standard (PA-DSS) — applies to software developers and integrators of applications that store, process or transmit cardholder data as part of authorization or settlement.
To encourage all participants to secure cardholder data, we have implemented incentives to promote standards compliance. More than 95 percent of the largest U.S. merchants have validated compliance with PCI DSS. To date and to Visa’s knowledge, no breached entity has been compliant with standards at the time of compromise.
Integrating Security Into Small Businesses
For small businesses, Visa partnered with law enforcement, government and the private sector to raise awareness of payment security best practices. Among our activities, Visa has partnered with U.S. Chamber of Commerce to develop the Internet Security Essentials for Business 2.0 and also contributed to the Federal Communications Commission’s Cybersecurity for Small Business guide. Additionally, Visa developed payment application security mandates to reduce data storage and provide more secure payment application products for merchants.
Our efforts have been rewarded. We have seen global fraud rates fall and hold near historic lows. And when data compromises do happen, the vast majority of accounts thought to have been exposed do not actually experience any fraud.
Investing and Evolving
Criminals never stop, and threats will evolve, which is why Visa invests in new technologies and innovations — from encryption of data to chip technologies — to stay one step ahead. We encourage continued exploration of new ways to protect payment card data, especially when they render stolen data useless for perpetrating fraud.