Mandated since June 2001, CISP is intended to protect Visa cardholder data’wherever it resides ‘ ensuring that members, merchants, and service providers maintain the highest information security standard.
In 2004, the CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements. Visa USA maintains CISP as the managing program for data security compliance endorsing the PCI Data Security Standard.
CISP compliance is required of all entities that store, process or transmit Visa cardholder data. It does not matter how many transactions you process annually- you must secure your data!
What is PCI?
PCI DSS is a set of comprehensive requirements for enhancing payment account data security and has developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The best source for information on PCI is the organization’s Web site. Follow this link https://www.pcisecuritystandards.org/index.htm to get the most up-to-date information. You can also sign up to receive any updates to the requirements. From this Web site you can also obtain the self assessment form or contact COCARD for the correct form for your organization. It is a requirement of card acceptance that your organization complete this form annually.
What is data security?
As you might imagine, there are specific requirements for securing this data based on the types of transactions you are running. The PCI Data Security Standard is comprised of 12 general requirements designed to: