Data Security Milestones
| September 30, 2010 | PCI DSS Compliance Validation Deadline for Level 1 Merchants | |
| July 1, 2010 | All merchants accepting PIN debit and processing Visa cards must move from Single Data Encryption Standard (SDES) encryption to Triple Data Encryption Standard. Visa may assess fines to a merchant after 7/1/10 in the event of a PIN compromise attributable to the use of SDES | |
| July 1, 2010 | Visa mandates that acquirers must ensure all businesses (including level 3 and 4 merchants) that process, store and transmit card data must be using a PA-DSS validated payment application | |
| October 1, 2009 | Visa mandates that payment processors must decertify all vulnerable payment applications | |
| September 30, 2009 | Prohibited Data Storage Deadline for Level 1 & 2 Merchants. Acquirers must confirm that Level 1 and 2 merchants do not retain sensitive payment card data such as full magnetic stripe (also known as track data), security codes or PIN data after transaction authorization | |
| January 21, 2009 | Heartland Payment Systems uncovers a credit card data breach affecting the 100 million transactions it processes each month, the largest breach at this time | |
| October 1, 2008 | PCI DSS v1.2 released | |
October 1, 2008 |
Visa mandates that newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use a PA-DSS-compliant application | |
| July 1, 2008 | Visa mandates that payment processors can only certify payment applications to their platforms that are PA-DSS compliant | |
| April 1, 2008 | PCI Security Standards Council (PCI SSC) adopts Visa’s PABP and released the standard as the Payment Application Data Security Standard (PA-DSS). The PA-DSS now replaces PABP for the purpose of Visa’s compliance program. | |
| January 1, 2008 | Visa mandates that newly boarded merchants must not use known vulnerable payment applications | |
| November 1, 2006 | PCI DSS v1.1 released | |
| December 15, 2004 | Payment Card Industry Data Security Standards (PCI DSS) created by combining the policies of major card brands – replaces CISP | |
| June 1, 2001 | Visa mandates CISP compliance for all parties that store, process or transmit credit card data | |
| April 1, 2000 | Visa announces Cardholder Information Security Program |
