|
|
 |
 |
|
| How Account Information Security Works | | |
What does the AIS program involve?
The AIS program is a requirement if you participate in the Visa payment system. Your acquiring bank will be responsible for ensuring that you meet Visa’s PCI standards, and will be able to guide you through the AIS validation process. | |
How do I know if I meet the PCI standards?
To check whether your organization meets the PCI standards, you complete the following validation tasks (depending on the average monthly Visa volume you process):
| |
Do I have to complete all the validation tasks?
| Average Visa accounts per month | Complete these validation tasks | | Less than 10,000 | 1. Self-Assessment Questionnaire | | Between 10,000 and 50,000 | 1. Self-Assessment Questionnaire
2. Quarterly vulnerability scan
| | Over 50,000 | 1. Self-Assessment Questionnaire
2. Quarterly vulnerability scan
3. Onsite review
|
| | | |
How often do the validation tasks need to be completed?
All entities that process Visa transactions should ensure they complete the AIS validation tasks on an annual basis. It is expected that your organization already regularly reviews and tests security procedures. Validation to the PCI standards should be part of this process.
Visa acquirers will ask larger merchants and processors (>50,000) to validate their compliance on an annual basis.
If you currently perform regular vulnerability scans and onsite IT security reviews as a normal part of your business, exemptions may be possible. Your acquiring bank will help you determine the best course of action under these circumstances.
| |
What acknowledgement of validation to PCI standards will be received?
Your acquiring bank will inform Visa when your organization has met the PCI standards. Your organization will then be permitted to use AIS specific messaging, developed by Visa, on marketing collaterals.
Receiving formal recognition from Visa gives you a competitive edge and a channel to demonstrate a high level of security to your customers and other industry and regulatory bodies.
| |
What if I choose not to be involved in the AIS program?
Visa can enforce the AIS program using financial penalties on all acquirers and may require that specific actions be taken to protect account and transaction Information.
Should a compromise occur and your organization has not taken the appropriate steps to ensure that account information was protected, your acquiring bank may be financially penalized.
| | | |
|
|
| | |  | | | |  | e-Commerce Merchant Best Practice Guide | | | Visa Asia Pacific's e-Commerce Merchants' Guide to Risk Management contains useful tips for running your business with a risk management focus.(pdf | 200kb) | |
| | | | |
|
