Visa introduces enhanced PCI DSS enforcement plan effective 2015

  • Team Omega
  • December 31, 2014

2014 is ending with data security being a high-priority issue for the payment card industry. Visa recently introduced the PCI DSS enforcement plan for 2015 which mandates the following:

  1. Merchants and Service Providers who have never done PCI DSS compliance validation or are overdue with the validation must submit a plan to their Visa clients.
  2. Visa clients are responsible for reviewing and accepting the remediation plan.
  3. If the plan is accepted by the clients, the entities must provide Visa with the Qualified Security Assessor company’s name and the planned validation date for stopping non-compliance assessments. Visa encourages clients and merchants to review the Visa Registry to select entities that have met Visa program requirements and baseline security standards.

If Visa does not receive the appropriate re-validation documents from the service provider their name under the Global Visa registry will turn as follows:

  • 1–60 days overdue: The service provider is highlighted in yellow on the Visa Registry
  • 61–90 days overdue: The service provider is highlighted in red on the Visa Registry
  • More than 90 days overdue: The service provider is removed from the Visa Registry
  • Noncompliance assessments will be levied according to the table in the Visa Rules (ID#: 0008193).

Clearly, the message here for Level 1 and Level 2 merchants is to follow the solid security methods and work within the framework and standards set by the Payment Card Industry.  Omega ATC can help you. Email or call us at 636-557-7777. Visit

To get more details contact a Visa risk representative at AP, CEMEA: