When cardholders present their Visa card at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe. That’s why Visa has instituted the Account Information Security (AIS) Program. The Visa AIS program is intended to help protect Visa cardholder data–wherever it resides–ensuring that Customers, merchants, and service providers maintain the highest information security standard.
AIS compliance is required of all entities that store, process, or transmit Visa cardholder data.
The Visa AIS Program addresses essential system-wide security issues, and provides a proven, cost-effective methodology and documentation with which immediate improvements can be made with respect to the integrity of operations.
The Visa AIS Program is designed to protect Visa account and transaction information, helping to safeguard both the integrity of operations and the goodwill of cardholders. Although the initial focus of the Visa AIS was on E-commerce merchants, it now applies to all entities (all Merchants, Processors, Service providers etc.) that process, store, and/or transmit account information.
Visa has an ongoing commitment to protecting the integrity of Visa account and transaction information. Visa will update this site periodically to provide standards, guidelines, tools and services for the benefit of all Visa payment system participants.
The Visa AIS Program is a standards-based, proven methodology that enables users to achieve an immediate improvement in the system-wide level of their security. The program applies to any entity that that process, store, and/or transmit account information. All such entities are required to store this information in a safe and secure manner, and a set of security standards have been put in place in order to help achieve a secured environment, referred to as the Data Security Standards.
To achieve compliance with the Visa AIS Program, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands.
The PCI Data Security Standard consists of twelve basic requirements supported by more detailed sub-requirements:
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
|
Protect Cardholder Data
- Protect stored data
- Encrypt transmission of cardholder data and sensitive information across public networks
|
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
|
Implement Strong Access Control Measures
- Restrict access to data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
|
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
|
Maintain an Information Security Policy
- Maintain a policy that addresses information security
|
Merchants and service providers who properly and consistently implement the controls outlined in the Visa AIS Program can benefit in numerous ways. If applied properly and consistently, these controls can help:
IMPROVE Revenue
MAINTAIN a Positive Image
PROMOTE Consumer Confidence
back to top
|
