Visa Pressuring Financial Institutions and Businesses to Avoid Using Insecure Credit Card Payment Processing Software Applications
Visa International is urging payment software application vendors to conform to Visa's "Payment Application Best Practices" or PABP. Although most financial institutions and merchants already follow the "Payment Card Industry" (PCI) data security standards, Visa is taking the issue of credit card holder data security one step further.
Recently Visa sent out a letter strongly urging financial institutions to stop using software from six vendors, who at this time provide software applications for credit card processing that do not meet the security guidelines of the PABP. It is important to note that following the PABP is a voluntary step for software application vendors at this time. While not mandatory, there are already over 155 payment software applications from 83 vendors that Visa has already certified under the PABP guidelines.
For a long time, information security professionals have been urging the need to implement stronger software application security. Visa's actions in developing the PABP and encouraging software application security guidelines is commendable.
If your business is using payment processing software applications that are not certified under PABP, per Visa's stance your business will fail PCI compliance status. With fines up to $500,000 (USD) for each incident of non-compliance with PCI guidelines, it is in the best interest of all businesses subject to PCI compliance to heed the PCI and PABP guidelines.
For more information including a list of certified applications under the PABP please visit: http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html
Comments