Cardholder Information Security Program

Upholding the Highest Cardholder Data Security Standards for Visa Stakeholders

Visa aims to secure Visa cardholder data wherever it resides, requiring that members, merchants, and service providers maintain the highest information security standards.

Cardholder Data Security Basics

Enforcing compliance with the PCI DSS to secure Visa cardholder data.

If Compromised

Take immediate action to help prevent additional damage and adhere to the PCI DSS requirements.

Steps for Compromised Entities
What To Do if Compromised PDF | 612k

Quick Links

Visa's Business Guide to Data Security SWF | 500k
PCI Data Security Standards
Global List of PCI DSS Validated Service Providers PDF | 337kb
Lists of Validated Payment Applications

For Merchants

Merchants who store, process, or transmit Visa cardholder data.

For Service Providers

Merchants and members must use PCI DSS-compliant service providers.

Payment Applications

Merchants and their agents must use PA-DSS compliant payment applications.

PIN Security and Key Management Program

PIN accepting entities must comply with the PCI PIN Security Requirements.

Update to PIN Security and Key Management Compliance Validation Program PDF | 162k
Visa US TDES FAQs PDF | 36k
Tools and Best Practices for Merchants PDF | 248k

For non-U.S.-based entities, please visit Visa International Account Information Security (AIS) for validating compliance with the PCI DSS.

Site Utilities

Navigation

Data Security - Made Simpler

Visa Releases Global Encryption Best Practices