In an effort to encourage dynamic data authentication through merchant deployment of EMV-compatible chip terminals capable of processing contact or both contact and contactless payments, Visa announced a new Payment Card Industry Data Security Standard (PCI DSS) compliance program.
Under the program, Visa’s Technology Innovation Program will eliminate merchant’s requirement to validate their compliance with the PCI DSS for any year in which at least 75% of their Visa transactions originate from chip-enabled terminals.
“EMV chip is a proven technology platform that can offer the industry the ability to facilitate dynamic data as well as enable payment innovations,” said Jim McCarthy, global head of product, Visa Inc. “In addition, merchant adoption of dual interface contact/contactless terminals will support the emergence of near field communication (NFC) payment form factors, including mobile devices.”
To qualify for the program, terminals must be enabled for contact or dual contact and contactless interface chip acceptance. All merchants outside of the United States are eligible and may begin qualifying for the new program from March 31, 2011. International merchants may qualify for the program if they have either previously validated PCI DSS compliance or provided a plan to come into compliance, and if they have not been involved in a recent material breach of cardholder data.
Merchants that do not meet the program’s EMV terminalization requirements, including merchants whose transaction volume is primarily from eCommerce and MO/TO acceptance channels, are still required to validate their PCI DSS compliance annually in accordance with Visa compliance programs.