Merchant Resources

Security

Account Information Security

Protecting Cardholder Data

When cardholders present their Visa card at the point-of-sale, over the Internet, on the phone or through the mail, they want assurance that their account information is safe. That’s why Visa has instituted the Account Information Security (AIS) Program. It helps protect Visa cardholder data – wherever they reside – ensuring that the highest information security standards are kept.

All entities that store, process or transmit Visa cardholder data must comply with AIS.

The Visa AIS Program addresses essential system-wide security issues and provides a proven, cost-effective methodology and documentation with which immediate improvements can be made with respect to the integrity of operations.

The Account Information Security Program

The Visa AIS Program helps safeguard both the integrity of operations and the goodwill of cardholders. Initially targeted to online merchants, it now applies to all entities (merchants, processors, service providers, etc.) that process, store and/or transmit account information.

This standards-based, proven methodology enables users to achieve an immediate improvement in their system-wide security. Sensitive account information must be stored in a safe and secure manner – governed by the Payment Card Industry’s Data Security Standard (PCI-DSS). To comply with the Visa AIS program, merchants and service providers must adhere to this standard, which offers a single approach to safeguarding sensitive data for all card brands.

The PCI Data Security Standard consists of twelve basic requirements, supported by more detailed sub-requirements:

PCI Data Security Standard

Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  1. Protect stored data
  2. Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software
  2. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  1. Restrict access to data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an Information Security Policy

  1. Maintain a policy that addresses information security

Visa is committed to protecting the integrity of Visa account and transaction information. This site will be updated periodically to provide standards, guidelines, tools and services for the benefit of all Visa payment system participants.

Merchants and service providers who properly and consistently implement the controls outlined in the Visa AIS Program can benefit in many ways. The AIS controls can help:

  • IMPROVE revenue
  • MAINTAIN a positive image
  • PROMOTE consumer confidence