Home » Alerts, News

Key Data Security Compliance Dates

29 October 2009 No Comment

Key Data Security Compliance Dates

Listed below are Visa
key dates including data security mandates and reporting deadlines.

Event Date
U.S.
Level 4 Merchant Compliance Plan Deadline
PDF | 56k		 7/31/2007
TDES
Mandate – All U.S. VisaNet, Interlink, DPS and Plus endpoints must use
TDES		 12/31/2007
TDES
Mandate – All U.S. ATMs must be encrypting PINS using TDES end-to-end		 12/31/2007
U.S.
Payment Application Security Mandate – Phase 1
PDF | 60k

Newly boarded merchants must not use known vulnerable payment applications,
and VisaNet Processors (VNPs) and agents must not certify new payment
applications to their platforms that are known vulnerable payment applications

 1/1/2008
U.S.
Level 4 Merchant Compliance Plan Status Report Deadline		 6/30/2008
U.S.
Payment Application Security Mandate – Phase 2
PDF | 60k

VNPs and agents must only certify new payment applications to their
platforms that are PA-DSS-compliant

 7/1/2008
U.S.
Payment Application Security Mandate – Phase 3
PDF | 60k

Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use
PA-DSS-compliant applications

 10/1/2008
U.S.
Level 4 Merchant Compliance Plan Status Report Deadline		 12/31/2008
TDES
Mandate – Newly deployed U.S. Automated Fuel Dispensers must contain
a TDES-capable and PCI-approved Encrypting PIN Pad PDF | 128k		 1/1/2009
U.S.
Level 1 and Level 2 Merchants Prohibited Data Retention Attestation
Deadline*		 3/31/2009
U.S.
Level 4 Merchant Compliance Plan Status Report Deadline		 6/30/2009
U.S.
Level 1 Merchants Full PCI DSS Compliance Validation Deadline

Applies to newly identified Level 1 merchants late 2007 and early 2008

 9/30/2009
U.S.
Payment Application Security Mandate – Phase 4
PDF | 60k

VNPs and agents must decertify all vulnerable payment applications

 10/1/2009
U.S.
Level 2 Merchants Full PCI DSS Compliance Validation Deadline

Applies to newly identified Level 2 merchants late 2007 and early 2008

 12/31/2009
U.S.
Level 4 Merchant Compliance Plan Status Report Deadline		 12/31/2009
U.S.
Level 1 and Level 2 Merchants Prohibited Data Retention Attestation
Deadline**		 3/31/2010
TDES
Mandate – All U.S. POS PEDs must be encrypting PINS using TDES end-to-end PDF | 115k		 7/1/2010
All
attended POS PIN acceptance device models must have passed testing by
a PCI-recognized or Pre-PCI recognized laboratory and have been approved
by Visa PDF
| 45k		 7/1/2010
U.S.
Payment Application Security Mandate – Phase 5
PDF | 60k

Acquirers must ensure their merchants, VNPs and agents use only PA-DSS
compliant applications

 7/1/2010
U.S.
Level 1 Merchants Full PCI DSS Compliance Validation Deadline

Applies to newly identified Level 1 merchants late 2008 and early 2009

 9/30/2010
U.S.
Level 2 Merchants Full PCI DSS Compliance Validation Deadline

Applies to newly identified Level 2 merchants late 2008 and early 2009

 12/31/2010

*Note: this timeframe
applies to newly identified Level 1 and Level 2 merchants late 2007
and early 2008

**Note: this timeframe applies to newly identified Level 1 and Level
2 merchants late 2008 and early 2009

Source: http://usa.visa.com/merchants/risk_management/cisp_key_dates.html