Important PCI Update
Effective January 1, 2008, Phase 1 of the Visa Payment Application Mandates stipulates that no merchant may be boarded that uses a payment application identified as storing vulnerable data. The Payment Card Industry Data Security Standard (PCI DSS) prohibits the storage of the full contents of any magnetic stripe, CVV2 or PIN data. Merchants are at high risk of being compromised if they use payment applications that store prohibited data or have security weaknesses. A good resource is available at www.visa.com/pabp, where you will find a list of validated payment applications (make sure your POS is on the list) and best practices. We also recommend www.pcisecuritystandards.org and www.visa.com/cisp.
The primary threat has to do with … more