Visa’s program will eliminate the requirement that eligible merchants annually validate their compliance with the PCI DSS for any year in which at least 75% of the merchant’s Visa transactions originate from chip-enabled terminals. To qualify, terminals must be enabled for contact or dual-contact and contactless interface chip acceptance.
Merchants outside of the US are eligible for the new program from March 31, 2011. Visa Europe has announced a similar program. The program is not currently available in the US because of the enactment of recent debit card regulations.
“With the United States facing government price controls on debit and restrictive routing and exclusivity rules, it is not feasible or appropriate to drive the market toward major infrastructure investments, especially in an environment where financial institutions could lose billions in revenue as a result of the regulation”, said Bill Sheedy, Visa’s group executive for the Americas.
International merchants may qualify for the program if they have either previously validated PCI DSS compliance or provided a plan to come into compliance, and if they have not been involved in a recent material breach of cardholder data.
Qualifying merchants must continue to protect any sensitive data that remains in their care by ensuring their systems do not store track data, security codes or personal identification numbers, and that they continue to adhere to the PCI DSS standards as applicable.