Data security compliance
All service providers who store, process, transmit or have access to Visa cardholder data must meet data security standards before issuers, acquirers and merchants can use their services.
Building trust through data security standards and resources for service providers.
All service providers who store, process, transmit or have access to Visa cardholder data must meet data security standards before issuers, acquirers and merchants can use their services.
PIN security validation requirements apply to all organisations who act as service providers that handle Visa PIN data, including PIN processing, translation, acceptance and/or key management services on behalf of Visa clients.
The Visa Global Registry of Service Providers allows service providers to publicise their compliance with Visa Inc. rules, demonstrate compliance with industry data security standards and promote their services. When clients and merchants choose a partner from the Registry, they’re choosing a provider who takes data security seriously.
Third Party Agents (TPA) who perform solicitation activities (ISO), deploy ATM, point of sale (POS) or kiosk PIN acceptance devices and/or manage encryption keys (ESO), or store, process, transmit or have access to Visa cardholder data must be registered in the TPA Registration Programme before issuers, acquirers and merchants can use their services.
The PCI Qualified Integrators & Resellers (QIR)™ training and qualification programme provides training and tools to ensure a secure installation for your merchants‘ Payment Application Data Security Standard (PA-DSS) validated payment systems. By becoming a QIR, merchants will be able to use your services to meet the requirements outlined by payment brands.
Learn more about joining the QIR Programme
Did you know that Bank Identification Numbers (BINs) are changing? The payment business is growing at a rapid pace, in part due to innovation. This growth has put pressure on the industry to ensure ecosystem availability of BINs for future opportunities. In response, the International Organization for Standardization (ISO) has expanded the length of the issuing BIN from six to eight digits to address a diminishing supply. Visa supports this industry change and has mandated that Visa clients (acquirer and processor) must be able to support the new issuing BIN length effective April 2022.
Service providers that use the first six-digits of the Primary Account Number (PAN) in these applications and services may experience a number of impacts, including failed transactions, longer resolution times and increased costs to complete transactions if your systems aren’t able to handle the new eight-digit issuing BIN format by April 2022. It is critical to assess if your services and back-end systems are utilising six-digit issuing BINs, and work with your Visa partners to understand any needed changes to ensure readiness by April 2022.