Key Dates

Key Data Security Compliance Dates

Listed below are Visa key dates including data security mandates and reporting deadlines.

Event Date
U.S. Level 4 Merchant Compliance Plan Deadline    PDF | 56k 7/31/2007
TDES Mandate - All U.S. VisaNet, Interlink, DPS and Plus endpoints must use TDES 12/31/2007
TDES Mandate - All U.S. ATMs must be encrypting PINS using TDES end-to-end 12/31/2007
U.S. Payment Application Security Mandate - Phase 1    PDF | 60k

Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications
1/1/2008
U.S. Payment Application Security Mandate - Phase 2    PDF | 60k

VNPs and agents must only certify new payment applications to their platforms that are PA-DSS-compliant
7/1/2008
U.S. Payment Application Security Mandate - Phase 3    PDF | 60k

Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS-compliant applications
10/1/2008
TDES Mandate - Newly deployed U.S. Automated Fuel Dispensers must contain a TDES-capable and PCI-approved Encrypting PIN Pad    PDF | 128k 1/1/2009
U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline* 3/31/2009
U.S. Level 1 Merchants Full PCI DSS Compliance Validation Deadline

Applies to newly identified Level 1 merchants late 2007 and early 2008
9/30/2009
U.S. Payment Application Security Mandate - Phase 4    PDF | 60k

VNPs and agents must decertify all vulnerable payment applications
10/1/2009
U.S. Level 2 Merchants Full PCI DSS Compliance Validation Deadline

Applies to newly identified Level 2 merchants late 2007 and early 2008
12/31/2009
U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline** 3/31/2010
TDES Mandate - All U.S. POS PEDs must be encrypting PINS using TDES end-to-end    PDF | 115k 7/1/2010
All attended POS PIN acceptance device models must have passed testing by a PCI-recognized or Pre-PCI recognized laboratory and have been approved by Visa    PDF | 45k 7/1/2010
U.S. Payment Application Security Mandate - Phase 5    PDF | 60k

Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications
7/1/2010
Visa will retire its current PIN security requirements and adopt industry-wide PCI PIN Security Requirements    PDF | 104k 7/1/2012
U.S. Technology Innovation Program    PDF | 42k
10/1/2012
U.S. acquirer processors and sub-processor service providers must be able to support merchant acceptance of chip transactions    PDF | 29k
4/1/2013
Americas Acquirer Scorecard Reporting Deadline
7/31/2013
Retirement of Pre-PCI Attended POS PIN Entry Devices-May 5, 2010    PDF | 144k
12/31/2014
U.S. liability shift for domestic and cross-border counterfeit card-present point-of-sale (POS) transactions    PDF | 35k
10/1/2015
U.S. liability shift for counterfeit card-present Automated Fuel Dispensers (AFD) transactions
10/1/2017
U.S. liability shift for counterfeit fraud ATM transactions
10/1/2017

*Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2007 and early 2008

**Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2008 and early 2009