Personal Cardholder Information

Visa focuses on securing cardholder data wherever it is stored. Security is a shared responsibility; Visa insists that financial institutions, merchants and service providers have in place appropriate layers of security to protect cardholder data and reduce the potential for fraud.

An Industry United

In 2006, Visa led the industry establishment of the Payment Card Industry Security Standards Council (PCI SSC), an open global forum to maintain data security standards. The council is a cooperative effort to align payment network security requirements under a single framework.

PCI SSC standards include:

  • PCI Data Security Standard (PCI DSS) - applies to any entity that stores, processes and/or transmits cardholder data.
  • PCI PIN Transaction Security (PCI PTS) Requirements - apply to any entity that processes or transmits PIN data at ATMs and point of sale terminals.
  • Payment Application Data Security Standard (PA-DSS) - applies to software developers and integrators of applications that store, process or transmit cardholder data as part of authorization or settlement.

Encouraging Compliance

To encourage all participants to secure cardholder data, we have implemented incentives to promote standards compliance. More than 95 percent of the largest U.S. merchants have validated compliance with PCI DSS. To date and to Visa's knowledge, no breached entity has been compliant with standards at the time of compromise.

Integrating Security Into Small Businesses

For small businesses, Visa partnered with law enforcement, government and the private sector to raise awareness of payment security best practices.  Among our activities, Visa has partnered with U.S. Chamber of Commerce to develop the Internet Security Essentials for Business 2.0 and also contributed to the Federal Communications Commission's Cybersecurity for Small Business guide.  Additionally, Visa developed payment application security mandates to reduce data storage and provide more secure payment application products for merchants.

Our efforts have been rewarded. We have seen global fraud rates fall and hold near historic lows. And when data compromises do happen, the vast majority of accounts thought to have been exposed do not actually experience any fraud.

Investing and Evolving

Criminals never stop, and threats will evolve, which is why Visa invests in new technologies and innovations - from encryption of data to chip technologies - to stay one step ahead. We encourage continued exploration of new ways to protect payment card data, especially when they render stolen data useless for perpetrating fraud.

Our Business

Visa's network connects cardholders, merchants and financial institutions around the world. Read more...

Industry Resources

Find links to helpful industry resources and organizations for further background on electronic payments. Read more...

Visa in the News: PCI Standard Still the Best Answer to Fraud

Hear from Visa's Ellen Richey in American Banker about why the PCI Standard is still the best answer to fraud. Read more...

Visa in the News: Cards&Payments

Hear from Visa's Ellen Richey in Cards&Payments about how Visa works to deter fraud. Read more...

Protecting the Payment System
Protecting the Payment System

Learn more about our comprehensive approach to security.