To qualify for the program and receive its benefits, U.S. merchants must meet all of the following criteria:
- Confirm that sensitive authentication data (i.e., the full contents of magnetic stripe, CVV2 and PIN data) are not stored, as defined in the PCI DSS.
- Card-Present and Multi-Acceptance Channel Merchants meet threshold of at least 75% of total transactions originating through any combination of the following:
- Enabled and operating chip-reading device terminals1 (U.S. merchants must meet this requirement with transactions through dual-interface terminals supporting contact and contactless transactions.)
- PCI-validated point-to-point encryption2 (P2PE) solution.
- Industry-standard tokenization solution meeting EMVCo Tokenisation Specification.
Card-Not-Present with 25% - 74% transactions originating through an industry-standard tokenization solution may qualify for an adjusted requirement to validate PCI DSS every two years versus annually.
- Not be involved in the breach of cardholder data. A breached merchant may qualify for TIP if it has subsequently validated PCI DSS compliance.
Merchants that do not meet the program requirements, including merchants whose transaction volume is primarily from e-commerce and do not support EMVCo tokenized transactions and Mail Order/Telephone Order (MO/TO) acceptance channels, are still required to validate PCI DSS compliance annually in accordance with Visa compliance programs.
Contact your acquirer if you think you qualify for TIP benefits. Or, apply for TIP now.