Visa Sets Global PCI DSS Deadlines
Data Security Compliance Requirements Aligned Across Visa Regions

San Francisco, CA, November 10, 2008

Visa Inc. (NYSE: V) today announced global mandates for compliance with the Payment Card Industry Data Security Standard (PCI DSS), creating a consistent framework for compliance among merchants, service providers and their agents.

The enhancements include a global set of requirements for merchants to validate their compliance with PCI DSS; and for the largest merchants, dates by which they must achieve validation. Deadlines are also set for large and mid-level merchants to demonstrate that they are not storing certain types of sensitive card data. Service provider levels and PCI DSS validation requirements have likewise been aligned under a global standard and compliance timeline. Compliance with PCI DSS will help protect businesses from financial and reputational harm that often results from cardholder data compromises. Visa data security compliance programs have provided compelling incentives for merchants and agents to properly secure cardholder data.

The new framework establishes the minimum requirements for Visa Inc. regions. As an independent company and licensee of Visa International for the business operations in European markets, Visa Europe's PCI DSS framework requires compliance validation and risk mitigation for Level 1 merchants; however the region will be adhering to a different timeline and process for executing compliance validation.

"Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc. "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."

To read the entire Press Release, click here