Key Data Security Compliance Dates
Listed below are Visa key dates including data security mandates and reporting deadlines.
| Event | Date |
|---|---|
| U.S. Level 4 Merchant Compliance Plan Deadline PDF | 56k | 7/31/2007 |
| TDES Mandate - All U.S. VisaNet, Interlink, DPS and Plus endpoints must use TDES | 12/31/2007 |
| TDES Mandate - All U.S. ATMs must be encrypting PINS using TDES end-to-end | 12/31/2007 |
| U.S.
Payment Application Security Mandate - Phase 1 PDF
| 60k Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications |
1/1/2008 |
| U.S.
Payment Application Security Mandate - Phase 2 PDF
| 60k VNPs and agents must only certify new payment applications to their platforms that are PA-DSS-compliant |
7/1/2008 |
| U.S.
Payment Application Security Mandate - Phase 3 PDF
| 60k Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS-compliant applications |
10/1/2008 |
| TDES Mandate - Newly deployed U.S. Automated Fuel Dispensers must contain a TDES-capable and PCI-approved Encrypting PIN Pad PDF | 128k | 1/1/2009 |
| U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline* | 3/31/2009 |
| U.S. Level 1 Merchants Full PCI DSS Compliance Validation
Deadline Applies to newly identified Level 1 merchants late 2007 and early 2008 |
9/30/2009 |
| U.S.
Payment Application Security Mandate - Phase 4 PDF
| 60k VNPs and agents must decertify all vulnerable payment applications |
10/1/2009 |
| U.S. Level 2 Merchants Full PCI DSS Compliance Validation
Deadline Applies to newly identified Level 2 merchants late 2007 and early 2008 |
12/31/2009 |
| U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline** | 3/31/2010 |
| TDES Mandate - All U.S. POS PEDs must be encrypting PINS using TDES end-to-end PDF | 115k | 7/1/2010 |
| All attended POS PIN acceptance device models must have passed testing by a PCI-recognized or Pre-PCI recognized laboratory and have been approved by Visa PDF | 45k | 7/1/2010 |
| U.S.
Payment Application Security Mandate - Phase 5 PDF
| 60k Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications |
7/1/2010 |
| Visa will retire its current PIN security requirements and adopt industry-wide PCI PIN Security Requirements PDF | 104k | 7/1/2012 |
|
U.S. Technology Innovation Program
PDF | 42k |
10/1/2012 |
|
U.S. acquirer processors and sub-processor service providers must be able to support merchant acceptance of chip transactions
PDF | 29k |
4/1/2013 |
| U.S. Level 4 Merchant Compliance Plan Status Report Deadline
|
6/30/2013 |
|
Retirement
of Pre-PCI Attended POS PIN Entry Devices-May 5, 2010
PDF | 144k |
12/31/2014 |
|
U.S. liability shift for domestic and cross-border counterfeit card-present point-of-sale (POS) transactions
PDF | 35k |
10/1/2015 |
| U.S. liability shift for counterfeit card-present Automated Fuel Dispensers (AFD) transactions |
10/1/2017 |
| U.S. liability shift for counterfeit fraud ATM transactions |
10/1/2017 |
*Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2007 and early 2008
**Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2008 and early 2009
**Note: this timeframe applies to newly identified Level 1 and Level 2 merchants late 2008 and early 2009
