
Key Dates
Key Data Security Compliance Dates
Listed below are Visa key dates including data security mandates and reporting deadlines.
| Event | Date |
|---|---|
| U.S. Level 4 Merchant Compliance Plan Deadline PDF | 56k | 7/31/2007 |
| TDES Mandate - All U.S. VisaNet, Interlink, DPS and Plus endpoints must use TDES | 12/31/2007 |
| TDES Mandate - All U.S. ATMs must be encrypting PINS using TDES end-to-end | 12/31/2007 |
| U.S. Payment Application Security Mandate - Phase 1 PDF | 60k Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications |
1/1/2008 |
| U.S. Level 4 Merchant Compliance Plan Status Report Deadline | 6/30/2008 |
| U.S. Payment Application Security Mandate - Phase 2 PDF | 60k VNPs and agents must only certify new payment applications to their platforms that are PA-DSS-compliant |
7/1/2008 |
| U.S. Payment Application Security Mandate - Phase 3 PDF | 60k Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS-compliant applications |
10/1/2008 |
| U.S. Level 4 Merchant Compliance Plan Status Report Deadline | 12/31/2008 |
| TDES Mandate - Newly deployed U.S. Automated Fuel Dispensers must contain a TDES-capable and PCI-approved Encrypting PIN Pad PDF | 128k | 1/1/2009 |
| U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline* | 3/31/2009 |
| U.S. Level 4 Merchant Compliance Plan Status Report Deadline | 6/30/2009 |
| U.S. Level 1 Merchants Full PCI DSS Compliance Validation Deadline Applies to newly identified Level 1 merchants late 2007 and early 2008 |
9/30/2009 |
| U.S. Payment Application Security Mandate - Phase 4 PDF | 60k VNPs and agents must decertify all vulnerable payment applications |
10/1/2009 |
| U.S. Level 2 Merchants Full PCI DSS Compliance Validation Deadline Applies to newly identified Level 2 merchants late 2007 and early 2008 |
12/31/2009 |
| U.S. Level 4 Merchant Compliance Plan Status Report Deadline | 12/31/2009 |
| U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline** | 3/31/2010 |
| TDES Mandate - All U.S. POS PEDs must be encrypting PINS using TDES end-to-end PDF | 115k | 7/1/2010 |
| All attended POS PIN acceptance device models must have passed testing by a PCI-recognized or Pre-PCI recognized laboratory and have been approved by Visa PDF | 45k | 7/1/2010 |
| U.S. Payment Application Security Mandate - Phase 5 PDF | 60k Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications |
7/1/2010 |
*Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2007 and early 2008
**Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2008 and early 2009
**Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2008 and early 2009

