Navigation Indication

Merchant Resource Library

These documents contain in-depth information designed to help Visa merchants navigate acceptance, fraud, data security, authorization and more. Download, print and keep them on hand at your business.

May 10, 2017

Improving Authorization Management for Transactions with Stored Credentials*

Instances in which a transaction is initiated with a stored credential, based on a cardholder’s consent for future use, has increased to significant levels. Identifying transactions made with stored credentials allows for differentiated treatment through the authorization approval process. This results in greater visibility of transaction risk levels for issuers, higher authorization approval rates and completed sales, an enhanced cardholder experience, and the participation in Real Time Visa Account Updater Service. The information provided in this guide allows all stakeholders to comply with the mandatory requirements and take advantage of the benefits of the Stored Credential Transaction framework.

PDF 520 KB

 

May 4, 2017

Detecting and Mitigating Persistent Javascript eCommerce Malware

In February 2017, analysts identified a new technique used with JavaScript-based eCommerce malware that enables the malware to re-infect the website automatically upon incomplete removal. Visa is providing this report in order to alert eCommerce merchants to this malware technique, and to provide detection and mitigation methods if this malware is discovered.

PDF 520 KB

 

April 10, 2017

Improve the Customer Return Process:  New Purchase Return Authorization Message

Today, cardholders have real-time, 24/7 access to their online banking through smartphone and other device apps. Purchase information is quickly updated to a cardholder’s account, however, a similar flow of information does not exist on purchase returns. Visa’s new return authorization messages will enable issuers to update cardholders’ online banking statements in real time and provide text alerts to those cardholders that opt in to the service with their issuer. This new service will improve customer experience, reduce inquiries related to lack of real-time information, provide real-time issuer account validation, and minimize related chargebacks.

PDF 520 KB

 

April 07, 2017

Pay Acceptance for US Quick-Service Restaurants

The information contained in the Visa Payment Acceptance Best Practices for U.S. Quick-Service Restaurants guide is geared toward the actions and decisions most pertinent to quick-service restaurants and operators in the U.S. It also includes best practices and on-the-job support tools for managers and employees.

PDF 4.6 MB

 

April 06, 2017

Visa Partial Authorization Service – Improve the Customer Experience and Increase Sales

Visa provides a Partial Authorization service that provides an alternative to declining a transaction when the card’s available balance is not sufficient to approve a transaction in full. This flyer provides information about the benefits realized, how to use the service, and answers to frequently asked questions.

PDF 206 KB

 

April 06, 2017

U.S. Automated Fuel Dispenser EMV Liability Shift Delayed

Visa has been working with merchants, acquirers, and fuel-industry providers to support migration to the more secure EMV technology. The EMV liability shift is designed to better protect all parties. With the new rules, the party that is the cause of a chip transaction not occurring, either the issuer or acquirer, will be held financially responsible for any resulting card-present counterfeit fraud losses. However, due to challenges with EMV Automated Fuel Dispensers (AFD) solution readiness, Visa is delaying the U.S. domestic AFD EMV liability shift date to 1 October 2020.

PDF 461 KB

 

March 29, 2017

Third Party Risk Program Initiatives 

Webinar deck highlights tools and resources that are available to clients and merchants to mitigate risks when selecting a service provider partner. Additional highlights include Third Party Agent Risk Program initiatives, including unregistered agent campaigns and multiple tool enhancements.

PDF 1.1 MB

 

January 18, 2017

Manual Key Entry and Card Verification Value 2 for US Merchants

Outlines upcoming changes to the acceptance process at the point of sale for merchants using chip acceptance devices.

PDF 216 KB

 

 

March 2, 2017

Visa Payment Acceptance Best Practices for U.S. Retail Petroleum Merchants

The best ways to process card transactions and manage the risks posed by card payments in the fuel segment.

PDF 2.6 MB

 

 

March 1, 2017

Visa Security Alert: Flokibot Malware

Multiple information security firms have reported on the emerging threat of a new malware variant identified as “Flokibot.” While Flokibot attacks have focused on the LAC region to date, this malware may represent a broader threat to the payments ecosystem. Visa is publishing this alert in order to provide clients and stakeholders with technical information, including background on the malware, indicators of compromise and suggested mitigation activities to protect the payments ecosystem.

PDF 488 KB

 

February 21, 2017

Visa Publication: Racing to Security

It is always a great opportunity to set goals and make plans to achieve them. While motivation is at an all-time high, consider taking the following actions to help secure the payments ecosystem at the merchant level.

PDF 426 KB

 

 

February 01, 2017

Card Acceptance Guidelines for Visa Merchants

Download this comprehensive manual for all businesses that accept Visa transactions in the card-present and/or card-absent environment. This guide provides the latest information and best practices to help merchants process Visa transactions, understand Visa products and rules and protect cardholder data while minimizing the risk of loss from fraud.

PDF 5.9 MB

 

 

 

December 30, 2016

Visa Security Alert: General Skimming Alert

As the US market migrates to EMV chip, the fraud threat from criminals placing skimming devices on, or in, attended and unattended point-of–sale (POS) devices for the purpose of collecting payment card information, including PIN numbers, increases. Perpetrators use skimmed payment information to quickly create counterfeit cards re-encoded with the stolen card information typically resulting in ATM withdrawals. To help clients combat skimming, Visa is providing guidance on recommended inspection and response actions. This data security alert may be disseminated to all payment system stakeholders.

PDF 111 KB

 

 

 

December 13, 2016

Counterfeit Fraud Mitigation Tools for Automated Fuel Dispenser Transactions

This document describes 3 tools that can be used to help reduce counterfeit fraud on AFD transaction.

PDF 1009 KB

 

 

December 8, 2016

Webinar: Preventing Card-Not-Present Fraud

Chip card technology in the U.S. has created new challenges for committing fraud at the physical point of sale. Data compromises continue to occur, with fraud migrating online and into other card-not-present channels. As a result, some merchants may experience an increase in chargebacks and transaction declines, cutting into their profitability. In this webinar, learn about current fraud trends and strategies to mitigate fraud in e-commerce. Visa shares common flags for card-not-present fraud and methods for managing and resolving transaction disputes.

PDF 1.3 MB

 

November 17, 2016

Bulletin: Cyber Monday: Layer Up for Safer Holiday Sales

Global eCommerce sales are expected to double from 2015 to 2019. While growth in this sales channel creates great opportunities for merchants, it also has the ability to attract high levels of fraud activity. With the holiday season fast approaching, merchants should understand how to best protect against Card Not Present Fraud.

PDF 678 KB

 

November 16, 2016

Webinar: Top 10 Signs of a Payment Data Breach

Recognizing the signs of a cyber-attack can make the difference between falling victim to a Point-of-Sale compromise and stopping a breach in progress or preventing one altogether. Through research and intelligence gathered from payment data breach investigations, Visa identified many common tactics, attack characteristics and malware types across breaches in every merchant vertical. Learn some of the new developments in Point-of-Sale network attacks and gain insights into data exfiltration methods as well as how to spot the common warning signs of a breach within the payment environment. Knowing the attacker’s tactics and tools goes a long way in building better defenses.

PDF 607 KB

 

October 26, 2016

Webinar: EMV Migration - Not as Scary as it Used to Be

With steady progress and growth of EMV since October 1, 2015, there are now more than 1.46 million chip-enabled businesses and 363 million chip-enabled Visa cards, making the U.S. the largest Visa chip card market in the world. The number of Visa chip transactions surpassed half a billion in the month of August, representing a 1,000+ percent annual increase. As we reach the one-year anniversary of the EMV liability shift, many questions remain regarding the process behind the migration and the advancements made in the past year. This session discussed why the U.S. moved to EMV, the progress the industry and Visa has made in the past year, analyze early results and updates on further enhancements, such as Visa Quick Chip.

PDF 1.1 MB

 

September 30, 2016

Small Merchant Security Program – QIR Infographic

As part of a broader effort to mitigate small merchant breaches, Visa Payment System Risk established new data security program requirements for U.S. and Canadian acquirers with an effective date of January 31, 2017. This infographic addresses the most common questions on the topic of the small merchant validation and Qualified Integrator/Reseller (QIR) requirements.

PDF 800 KB

 

September 28, 2016

Webinar: Effectively Managing Account Data Compromises

Protecting the payment system is a shared responsiblity. During this webinar, Visa experts shared latest compromise trends, mitigation strategies, and the latest 'What To Do If Compromised' document.

PDF 3.6 MB

 

September 26, 2016

 Visa Security Alert: Protect Against ATM Cash-Out Fraud

Visa has seen an increase in global ATM cash-out fraud, which can extract millions of dollars from financial institutions in a short time. The key to limiting losses is quick detection and decisive action, carefully coordinated with Visa. ATM cash-out fraud can happen at any time, anywhere in the world. It often affects issuers in one country and acquirers in another. To help clients combat this global and sophisticated type of fraud, Visa is providing guidance and best practices.

PDF 116 KB

 

August 30, 2016

Visa Security Alert: ATM Malware Compromise

In late August 2016, Visa became aware of a recent ATM malware compromise in SoutheastAsia and is providing indicators of compromise (IOCs) in order to enable security and incident response teams of financial institutions and ATM manufacturers to check and secure network environments. While these IOCs are specifically associated with an investigation involving ATMs in the Southeast Asia incident, Visa notes that the methods employed by the criminals in this incident represent a broader criminal threat to ATM manufacturers/models worldwide and their deployers.

Visa previously published a technical analysis on malware, including filenames, malware hashes, and criminal methodology involved in a separate ATM Jackpotting incident in the Asia-Pacific region. While there are similarities between the two events, this notification serves to highlight key differentiators –including malware and methodologies - pertaining to the incident in Southeast Asia.

 

PDF 641 KB

 

 

August 24, 2016

Webinar: Guarding Against Card-Not-Present Fraud

Mobile purchases increased to nearly one in five online orders and generated about $69.1 billion during the most recent holiday season. As mobile payments grow, fraud risks increase. Knowing the differences between eCommerce and mCommerce fraud is a critical first step in protecting merchants. Visa and CyberSource experts explain how a process-based approach can help clients detect and control mobile fraud.

 

PDF 1.75 MB

 

 

 

August 12, 2016

Visa Security Alert: Oracle MICROS Compromise

On Monday, 8 August 2016, Oracle Security informed Oracle MICROS customers that it had detected malicious code in certain legacy MICROS systems. Oracle is currently investigating the compromise, and as of 12 August 2016, the company has not published details about the cause/s.Visa is issuing this alert to provide indicators of compromise (IOCs) associated with cybercrime threats known to have previously targeted Oracle systems.

 

PDF 682 KB

 

 

August 9, 2016

Webinar: Protect the Payment System from Account Testing and Fraudulent Authorizations

Visa shares the profile of criminal account testing and associated fraudulent authorizations, and the best practices that payment operations groups must deploy to restrict fraud.

 

PDF 2.5 MB

 

 

August 4, 2016

Webinar: PCI DSS Small Merchant Resources

The PCI Security Standards Council convened a small merchant business taskforce to provide guidance and feedback to prepare resources that simplify data security for some of the most vulnerable businesses preyed upon by cybercriminals. Relying on cross-industry expertise to help small merchants understand why and how to protect payment card data and resolve risks to their businesses the taskforce has developed a toolkit to aid this effort.

 

PDF 1.5 MB

 

 

August 4, 2016

Visa Security Alert: ATM Jackpot Malware

Visa highlights the ATM “Jackpotting” incidents in the attached data security alert. This publication provides information regarding indicators of compromise (IOCs) as well as recommendations for response.

 

PDF 586 KB

 

 

August 2, 2016

Providing the Proper Location of Your Merchant Business

This flyer provides clarification of the rules which detail how a merchant should identify the proper location for all transactions processed through the Visa system. Providing the proper information helps prevent unnecessary cardholder disputes and reduces additional risk to the Visa system.

 

PDF 673 KB

 

 

July 15, 2016

Visa Security Alert: Magento Vulnerabilities Affecting Ecommerce Merchants

Magento is a popular open-source, e-commerce platform written in PHP. Several critical and high vulnerabilities were discovered and patched on the Magento platform in January 2016. Merchants who have not deployed security patch SUPEE-7405, as required by PCI standards, are vulnerable to remote exploits that can compromise account data. Document shares a description and impact of Magento and provides detection and mitigation steps.

 

PDF 302 KB

 

 

July 12, 2016

Visa Security Alert: PoSeidon Malware persistence Monitoring

In March 2016, the PoSeidon (point-of-sale) PoS malware was modified with the incorporation of a persistence monitoring capability. PoSeidon malware now actively monitors the PoS system processes in order to maintain the infection and malware functionality. If the malware is removed from the system, the monitor process waits two (2) minutes and re-infects the system. Document provides an overview of the threat and risk description and best practices to mitigate against PoSeidon.

 

PDF 339 KB

 

 

Jun 28, 2016

Webinar: Skimming at the Point of Sale

In response to a rise in incidents in which skimming devices were placed on POS terminals to collect payment card information, Visa shares typical skimming events that affect self-checkout terminals and the ways in which perpetrators carry out these attacks and how merchants can identify and properly manage these incidents.

 

PDF 3.5 MB

 

 

Jun 14, 2016

Manual Key Entry and Card Verification Value 2 for Merchants

Outlines upcoming changes to the acceptance process at the point of sale for merchants using chip acceptance devices.

 

PDF 198 KB

 

 

Jun 7, 2016

Account Number Verification Service – A quick method to verify accounts

Visa provides an Account Number Verification (ANV) Service that assists merchants in verifying if an account is in good standing. This flyer provides information about the service and gives various scenarios for real-life application.

 

PDF 391 KB

 

 

Jun 1, 2016

Online Pharmacy Guide for Acquirers

A manual for acquirers who have boarded, or are considering boarding, an Internet pharmacy or Internet pharmacy referral merchant.

 

PDF 1.2 MB

 

 May 20, 2016

Chargeback Management Guidelines for Visa Merchants

Managing chargebacks, cardholder disputes, copy requests, and chargeback reason codes

 

PDF 5.1MB

 

 

 
 

May 12, 2016

Visa Bulletin: Payment Card Industry Data Security Standard Version 3.2 Published

The Payment Card Industry Security Standards Council (PCI SSC) has published version 3.2 of the PCI DSS, which provides a baseline of technical and operational requirements designed to protect cardholder data. The bulletin includes key updates, effective dates for implementation and additional resources.

 

PDF 285 KB

 

 

 

May 12, 2016

VISA SECURITY ALERT: THREAT LANDSCAPE: PIN PAD/POS SKIMMING

A Visa security alert describing recent incidents involving suspects placing skimming devices on point-of–sale (POS) terminals for the purpose of collecting payment card information, including PIN numbers.

 

PDF 106 KB

 

 

May 11, 2016

PCI DSS: A Look Inside V3.2

The Payment Card Industry Standards Security Council (PCI SSC) which is responsible for defining the technical and operation standards for the protection of payment card data will release an update to the PCI Data Security Standard (PCI DSS) in late April 2016. Visa’s representatives on the PCI SSC will provide information on what to expect with Version 3.2, review the key changes associated with this release and outline dates and impacts to Visa compliance programs.

 

PDF 819 KB

 

May 6, 2016

Counterfeit Fraud Mitigation Best Practices for Service Station Transactions - Fuel Merchants Who Are Not EMV Chip Enabled

This flyer provides best practices to help reduce counterfeit fraud for service station transactions where merchants are not yet accepting chip cards.

 

PDF 447 KB

 

 

 

 

Apr 21, 2016

Processing Refunds to Cardholders in a Merchant Store Location

Following Visa’s requirements for processing a refund will help keep your customers informed and reduce the number of questions you may receive as the result of a return. This flyer describes best practices in processing a refund to a cardholder’s account.

 

PDF 789 KB

 

 

 

 

Apr 18, 2016

Enabling Omni Commerce A Seamless Shopping Experience

Many merchants are creating an omni-channel experience for their customers that provides convenient, seamless and secure delivery across all of their channels, including in-store, eCommerce, telephone, mobile web, and mobile app. This flyer describes the omni-channel experience depending on the payment and delivery option selected by the customer.

 

PDF 654 KB

 

 

 

Apr 14, 2016

Visa Claims Resolution - Efficient Dispute Processing for Merchants

Visa Claims Resolution, a new global initiative will replace Visa’s existing dispute resolution process. VCR will simplify dispute processing by migrating from a litigation-based approach to a liability-assignment-based approach. This flyer describes the new process, consolidation of reason codes, and merchant benefits.

 

 

PDF 10.3 MB

 

 

 

 

Apr 13, 2016

Identifying, Preventing and Mitigating Skimming Attacks

Visa and a guest speaker from NCR Corporation discuss the latest skimming techniques and technology, as well as, how to spot skimming devices and safeguard against sophisticated attacks.

 

PDF 10.3 MB

 

 

 

 

Mar 24, 2016

Best Practices for Authorization and Reversal Processing - For U.S. Lodging, Car Rental and Cruise Line Merchants

A flyer for lodging, car rental, and cruise line merchants to help them ensure that authorizations are not improperly tying up customer funds.

 

PDF 897 KB

 

 

 

Mar 23, 2016

Stay One Step Ahead of Hackers With Visa Threat Intelligence

Visa and a guest speaker from FireEye explain how financially motivated attackers are targeting customer data and the payment ecosystem. The session dived into security vulnerabilities and techniques hackers use  to steal customer information, including payment card data. Visa subject matter experts also provide valuable cyberthreat indicators, risk mitigation strategies and practical guidance on how to detect these threats and secure systems from attack.

 

PDF 1.4 MB

 

 

 

 

 

 

Mar 8, 2016

 

 

Counterfeit Fraud Mitigation Best Practices - Point-of-Sale Merchants Who are Not EMV Chip Enabled

 

Four best practices that merchants can implement to help reduce counterfeit fraud for point-of-sale transactions.

 

PDF 932 KB

 

 

 

 

Mar 4, 2016

Quick Service Restaurants-Chip Card Acceptance in the US

 

A flyer for quick service restaurants demonstrating how to use a chip cards for payment at the point of sale.

     

    PDF 735 KB

 

 

 

 

Mar 1, 2016

Visa Acceptance Guide for Lodging and Cruise Line Merchants

 

Operational procedures for special services for lodging and cruise line merchants

 

PDF1.2 MB

 

  • Feb 24, 2016

    Third Party Risk Program

  • Visa provides an overview of the risks third parties may introduce into the payment ecosystem and recent program updates and mandates (including small merchant and use of Qualified Integrators and Resellers). Additionally, highlights tools and resources available to issuers, acquirers and merchants when selecting service provider partners. 
  •  
  • PDF 1.7 MB

  •  

    Feb 1, 2016

    “Kuhook” POS Malware

    Visa highlights “Kuhook” Point-of-Sale (POS) malware, a variant from the “ModPOS” malware family. This point of sale malware, “Kuhook”, is one of the most sophisticated and difficult to detect payment card stealing malware identified. Visa experts and Mandiant highlight the malware capabilities, indicators of compromise and mitigation steps.

    PDF 4,770K

     

  • Jan 29, 2016

    Let your customers know you accept Visa.

    Learn how best to communicate that you accept Visa cards and/or mobile payments with Visa. Download the Visa POS Graphic for display at physical locations, on payment terminals and on websites.

    ZIP 2.6M

     

  • Jan 15, 2016

    "Visa Publication: New Year's Resolution: Resolve to Fight Malware"

    Visa shares best practices to help mitigate against malware attacks.

    PDF 330K

     

  • Jan 07, 2016

    Update to Small Merchant Data Security Requirements and Frequently Asked Questions

    Updates to the small merchant data security requirements for U.S. and Canada acquirers. These requirements involve the use of Qualified Integrators and Resellers (QIRs) and required PCI DSS validation. This document includes Frequently Asked Questions about the data security requirements.

    PDF 193K

     

  • Dec 22, 2015

    Visa Security Alert: Lodging Holiday Season

    Visa has identified multiple malware families targeted the lodging industry, including casinos and resorts. To name a few, “FindPOS” (or “Poseidon”), “FrameworkPOS”, and “rawpos” are confirmed in several Visa investigations, suggesting the industry continues to be attractive to attackers interested in payment card data. This publication provides information on each malware family along with security best practices to mitigate this threat.

    PDF 311K

     

  • Dec 18, 2015

    Visa Best Practices: Visa Checkout Merchant Holiday Best Practices

    Visa recommends best practices to help merchants mitigate fraud attacks during the holiday season.

    PDF 340Kz

     

  • Dec 17, 2015

    “BlackPOS” Malware Revisited

    Visa highlights “BlackPOS” malware, a malicious payment card-stealing software targeting point-of-sale systems. “BlackPOS” collect payment card data in ways that are difficult to identify and detect. Visa experts explains how it works, its methods of communication and maintaining stealth, and provides indicators of compromise for detection and eradication.

    PDF 629K

     

  • Dec 03, 2015

    “Kuhook” Point of Sale Malware

    Visa has identified a variation of malware (from the ModPOS malware family) targeting Point-of-Sale (POS) systems designed to run on Microsoft Windows. Codenamed “Kuhook,” the malware utilizes keylogger and memory scraping/parsing functionality. The malware is a sophisticated set of kernel mode device drivers written for the Windows XP platform and is compressed to make the source code and data unreadable.

    PDF 160K

     

  • Nov 24, 2015

    Authorization Reversals – The importance of providing the correct information

    This flyer explains the importance of reversing authorizations properly and provides the required fields used in the reversal process.

    PDF 324K

     

  • Nov 17, 2015

    Strategies to Effectively Mitigate Fraud

    Visa and CyberSource experts explore CNP risk methodologies to optimize the consumer experience and reduce false declines while minimizing fraud losses. Additionally, Visa tools such as CVV2, AVS, Verified by Visa – among others – were covered in great detail as well as CyberSource’s Decision Manager

    PDF 2.06M

     

  • Nov 13, 2015

    Update – Cybercriminals Targeting Point of Sale Integrators

    Updated data security alert highlighting attacks on point of sale integrators or resellers. This alert outlines attack vectors and mitigation strategies.

    PDF 429K

     

  • Nov 13, 2015

    Chargeback Management Guidelines for Visa Merchants

    Managing chargebacks, cardholder disputes, copy requests, and chargeback reason codes

    PDF 5.1M

     

  • Oct 29, 2015

    New Small Merchant Data Security Requirements

    Requirements for U.S. and Canada acquirers to ensure that their small merchants take steps to secure their point-of-sale (POS) environment. Merchants must use Qualified Integrators and Resellers (QIRs) and Level 4 merchants must validate PCI DSS compliance.

    PDF 414K

     

  • Oct 21, 2015

    Data Security Basics for Small Merchants

    Valuable information for small merchants, including franchisees, highlighting the importance of protecting their customer's cardholder data, explaining the Payment Card Industry (PCI) Data Security Standards (DSS), and providing tools, solutions and strategies to use to help mitigate the risk of fraud and data breaches.

    PDF 416K

     

  • Oct 21, 2015

    Data Breach Findings and Mitigation Actions for the Payment System

    Visa explores common security vulnerabilities identified in data breaches and provides mitigation strategies that help to strengthen those payment processing environments.

    PDF 926K

     

  •  

 

  • September 16, 2013

    Dynamic Cardholder Verification Method Best Practices

    This document provides guidance for issuers that plan to develop or use a third-party dynamic Cardholder Verification Method (CVM) service to authenticate their cardholders. Dynamic CVMs, such as One-Time Passcodes (OTP), are becoming more prevalent for on-line banking and e-commerce transactions as financial institutions aim to strengthen their customer authentication capabilities. Visa developed the following dynamic CVM best practices for issuers to consider and assess the security features of these solutions.

    PDF  36 KB

     

  • April 28, 2011

    Visa Best Practices for Payment Application Integrators and Resellers

    Recent data compromises have demonstrated the need for third party payment application integrators and resellers to maintain security processes that go beyond providing software that is compliant with the Payment Application Data Security Standard (PA-DSS).

    Visa shares best practices to help defend against poor implementation, maintenance and support processes that have led to merchant and agent data compromises. Visa advises acquirers, merchants, agents and payment application vendors to contact their licensed integrators and resellers, and insist that these best practices be immediately adopted. Merchants and agents should also consider including these best practices as a condition of their service level agreements with third party integrators and resellers.

    PDF  60 KB

     

  • August 24, 2010

    Visa Top 10 Best Practices for Payment Application Companies, Version 1.0

    Recent payment card data compromises have demonstrated the critical need for payment application companies to maintain mature software processes for their customers that go beyond Payment Application Data Security Standard (PA-DSS) compliant software. Acquirers, merchants and agents should review Visa’s best practices and insist that their payment application vendors, integrators and resellers fully adopt these practices

    PDF  60 KB

     

  • July 14, 2010

    Visa Best Practices for Tokenization Version 1.0

    In October 2009, Visa published the Visa Best Practices for Data Field Encryption to promote the proper encryption of sensitive card data that is transmitted, processed or stored by stakeholders throughout the payment system. As part of these best practices, Visa recommended that entities use tokens (such as a transaction ID or a surrogate value) to replace the Primary Account Number (PAN) for use in payment-related and ancillary business functions. Tokenization can be implemented in isolation or in concert with data field encryption to help merchants eliminate the need to store sensitive cardholder data after authorization. Entities that properly implement and execute a tokenization process to support their payment functions may be able to reduce the scope, risks and costs associated with ongoing compliance with the Payment Card Industry Data Security Standards (PCI DSS).

    PDF  50 KB

     

  • July 14, 2010

    Visa Best Practices for Primary Account Number Storage and Truncation

    To reinforce its commitment to protecting consumers, merchants, and the overall payment system, Visa is pursuing a global security objective that will enable merchants to eliminate the storage of full PAN and expiration date information from their payment systems when not needed for specific business reasons. To ensure consistency in PAN truncation methods, Visa has developed a list of best practices to be used until any new global rules go into effect.

    PDF  39 KB

     

  • June 16, 2010

    Visa Introduces Corporate Franchise Servicer as a New Third Party Agent Category

    Corporate Franchise Servicer entities operate in a number of merchant segments, including lodging and food service. In an effort to address the increasing threat of data compromises that affect franchise businesses, effective immediately, Visa will extend the Third Party Agent Program to include a new category of agents, called “Corporate Franchise Servicers.” Corporate Franchise Servicers (CFS) operates in a number of merchant segments, including food service and lodging. The inclusion of Corporate Franchise Servicer agents in the Visa Third Party Agent Program will help ensure that Corporate Franchise Servicer agents protect card data by at a minimum complying with the Payment Card Industry Data Security Standards (PCI DSS).

    PDF  41 KB

     

  • April 22, 2009

    Primary Account Number Truncation on Cardholder Statements

    It is common practice for some card issuers to print the full PAN on each page of a cardholder’s billing statement; however, Visa strongly recommends that, as a “best practice,” issuers truncate or eliminate the printing of the cardholder PAN on billing statements and other cardholder communications.

    PDF  29 KB

     

  • February 10, 2009

    Visa Issuer and Acquirer Payment Card Industry Data Security Standard Compliance

    Visa Operating Regulations specify that all Visa clients, including issuers and acquirer financial institutions, must comply with the Payment Card Industry Data Security Standard (PCI DSS). This bulletin specifies the requirements and recommendations necessary for facilitating this compliance.

    PDF  39 KB