My Merchant Account Blog
You can now contact us at 888-928-5280 ext 822
Payment Application Best Practices from Visa
Tuesday, March 11, 2008
High profile breaches of cardholder data have garnered a lot of attention in the media. Most of us have read or heard about the 40 million cards that were compromised at CardSystems, or the 100 million cards compromised at TJX. As a result of these breaches, the payment industry developed the Payment Card Industry (PCI) Data Security Standard (DSS). However, complying with the PCI DSS can be complicated and expensive, especially for smaller merchants. Although we may not read about it in the press, breaches at smaller merchants occur every day because the payment hardware and software they use is not compliant with PCI DSS.In an effort to make compliance with the PCI DSS a little easier for merchants who use payment application software, Visa developed the Payment Application Best Practices (PABP). The PABP applies to software applications that store, process, or transmit cardholder data as part of authorization or settlement. It does not apply to software developed in-house by merchants since that would be covered under the merchant’s normal PCI DSS compliance.
Software vendors and ATM Business providers are required to have their payment applications certified as PABP compliant by a Qualified Application Security Professional that is employed by a Qualified Payment Application Security Company. Once compliant, Visa will include the software vendor and product version in a list of validated payment applications for one year. Software vendors must re-validate their payment applications each year to remain on the list.
The PABP mandates are designed to eliminate the use of non-secure/vulnerable payment applications from the Visa system. They require that members ensure that merchants do not use applications that retain prohibited data elements and use payment applications that adhere to Visa’s PABP. If you are using a payment application from a software vendor that is not PABP compliant then you will not be able to comply with the PCI DSS.
As of January 1, 2008 new merchants are not allowed to establish a merchant account using a non-compliant payment application. Existing merchants should check with their agent or ISO to make sure their payment application is on the list of PABP compliant applications.
Comments
Time said...
You made some nice points there. I did a search on the subject matter and found mainly people will consent with your blog.
Search My Merchant Account Blog
My Merchant Account Blog Categories
- Chargebacks (20)
- Electronic Payment Gateways (7)
- In The News (11)
- LinkPoint Gateway (4)
- Merchant Account Fees (23)
- Merchant Account Terminology (80)
- Merchant Accounts (34)
- Miscellaneous (20)
- PCI DSS (14)
- Quantum Gateway (8)
- Security (8)
- Web Hosting and Design (7)
My Merchant Account Blog Archives
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- August 2010
- July 2010
- January 2010
- December 2009
- September 2009
- August 2009
- May 2009
- April 2009
- January 2009
- December 2008
- September 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
My Merchant Account Blog Recent Entries
- Visa Chargeback Reason Code 75 - Transaction Not Recognized
- Visa Chargeback Reason Code 74 - Late Presentment
- Visa Chargeback Reason Code 73 - Expired Card
- Visa Chargeback Reason Code 72 - No Authorization
- Visa Chargeback Reason Code 71 - Declined Authorization
- Visa Chargeback Reason Code 62 - Counterfeit Transaction
- Visa Chargeback Reason Code 60 - Illegible Fulfillment
- Visa Chargeback Reason Code 57 - Fraudulent Multiple Transactions
- Visa Chargeback Reason Code 41 - Cancelled Recurring Transaction
- PCI Compliance - A Review of Consumer Benefits
About My Merchant Account Blog
My Merchant Account Blog SiteMap
Internet Merchant Account
Get an Internet Merchant Account with a 2.09% discount rate. No monthly minimum - free electronic payment gateway. No termination fee and no yearly contracts!
Merchant Account
Resources Directory
Check out the new
Merchant Account Resources Directory
Feel Free to submit you link!
My Merchant Account Blog SiteMap
- Main SiteMap
- Merchant Account
- Electronic Payment Gateways
- Merchant Account Fees
- Merchant Account Terminology
- Quantum Gateway
- LinkPoint Gateway (even though rebranded ad the First Data Global Gateway, it still has a lot of faults and extra charges, we recommend the Quantum Gateway)
- Security
- PCI DSS
- In The News
- Miscellaneous
- Chargebacks
- Web Hosting and Design
Publishers
- Corey R Bryant
- Charles Summerfield
- Randy Goldblum
- Alexander Glasso
If you would like to publish a unique article on My Merchant Account Blog, please contact us.