Introduction to Data Security Requirements

Sunday, June 24, 2007

When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe. That's why Visa USA has instituted the Cardholder Information Security Program (CISP for short). Mandated since June 2001, CISP is intended to protect Visa cardholder data-wherever it resides-ensuring that members, merchants, and service providers maintain the highest information security standard.



In 2004, the CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI for short) Data Security Standard resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements.
Effective September 7, 2006, the PCI Security Standards Council owns, maintains and distributes the PCI Data Security Standard and all its supporting documents. Visa and Mastercard manage all PCI compliance enforcement and validation initiatives.

So, what are the general rules regarding protection of Cardholder data?

1. You must destroy or purge all Media containing obsolete transaction data with Cardholder information and notify your processor immediately if any unauthorized person or entity obtains transaction data
2. You can deliver the Cardholder copies of transactions in either paper or electronic format for Internet transactions
3. You cannot transmit Cardholder account numbers to Cardholders for Internet transactions, store or retain Card Validation Codes, store or retain Magnetic Stripe data, PIN data or AVS data

Remember, you may be audited to verify compliance with security procedures. Failure to comply can result in substantial fines. If you have any questions regarding this Podcast please contact Loud Commerce at 800-931-9835 or visit our website at www.loudcommerce.com.

Comments