Cardholders   Commercial   Merchants   Value of Visa   Media Center      South Asia  
Search:

Navigation

    Card Acceptance Account Info Security Payment Applications Chip Technology Travellers Cheque Acceptance Merchant Education

Payment Applications

Visa has developed "Payment Application Best Practices " to assist software vendors create secure payment applications that help ensure merchant compliance with the PCI Data Security Standard. 
 
Best practices goal
Payment applications must not retain full magnetic stripe data or CVV2 data and must support a merchant's and service provider's ability to comply with the PCI Data Security Standard.  Acquirers are responsible for ensuring that their merchants and service providers confirm the security of their payment applications using the "Payment Application Best Practices ".
 
 
Visa recommendations
Visa has been actively working to educate software vendors and to provide best practices for secure payment applications.

  • Software vendors should validate their payment applications against recommendations outlined in Visa's "Payment Application Best Practices ".  Visa makes no endorsement of applications or products and disclaims all warranties.  Members remain responsible for performing their own due diligence to ensure PCI DSS compliance of their merchants and service providers.
  • Acquirers should share the "Payment Application Best Practices " with both card-present and online merchants, and encourage them to use it to evaluate their payment applications.  Acquirers and merchants can also encourage software vendors to participate in the validation effort.
  • Acquirers should refer to the Validated Payment Applications list on the Visa US website and encourage their merchants to use validated applications.
To locate a validated payment application, download the Validated Payment Applications.
 
 
Validation procedures and documentation
Software vendors seeking to validate their payment applications must engage a QPASC (Qualified Payment Application Security Company) qualified by Visa to perform payment application assessments.  Compliance validation takes place at software vendor's expense.
 
  • The Annual On-Site Security Assessment must be completed according to the Payment Application Best Practices document.  This document is also to be used as the template for the Report on Validation to be submitted to Visa. 
  • The Confirmation of Report Accuracy (for Payment Application Companies ) must be completed by all payment application vendors validating compliance and submitted to Visa.
 
Instructions for Submission
The QPASP and the Payment Application Company must complete the "Confirmation of Report Accuracy " form and submit along with a copy of the Report of Validation to Visa International, 30 Raffles Place #10-00 Chervon House Singapore 048622, Attention: AIS Administrator, or email to vpssais@visa.com.  Please ensure that all documents to be submitted electronically must be send securely.
 
Download Payment Application Best Practices
 
Download Confirmation of Report Accuracy
 
 
For more information
To learn more about the Visa AIS program or begin an audit, you can contact Visa via email at vpssais@visa.com.
 
 

Back to top

  • Printable Page
 

Top Downloads

 
 
Home | About Visa | Careers | Site Map | Legal | Privacy Policy | Hyperlink Guidelines | Global Sites | Asia Pacific Sites
© Copyright Visa. All Rights Reserved.