Upholding the Highest Cardholder Data Security Standards for Visa Stakeholders
The Visa Cardholder Information Security Program (CISP) aims to secure Visa cardholder data wherever it resides, requiring that members, merchants, and service providers maintain the highest information security standards.
CISP compliance is required of all entities that store, process, or transmit Visa cardholder data.
Quick Links
- Visa's Business Guide to Data Security SWF | 500k
- PCI Data Security Standards
- CISP List of Compliant Service Providers PDF | 140k
- Validated Payment Applications PDF | 276k
CISP Basics 
Enforcing compliance with the PCI DSS to secure Visa cardholder data.
For Merchants
Merchants who store, process, or transmit Visa cardholder data.
For Service Providers
Merchants and members must use CISP-compliant service providers.
Payment Applications
Securing third-party payment applications with the Payment Applications Best Practices (PABP).
PIN Security
PIN accepting entities must comply with the PCI PIN Security Requirements.
If Compromised
Take immediate action to help prevent additional damage and adhere to Visa CISP requirements.
For non-U.S.-based entities, please visit Visa International Account Information Security (AIS) for validating compliance with the PCI DSS.