Payment Applications Visa has developed "Payment Application Best Practices" to assist software vendors create secure payment applications that help ensure merchant compliance with the PCI Data Security Standard.    Best practices goal Payment applications must not retain full magnetic stripe data or CVV2 data and must support a merchant's and service provider's ability to comply with the PCI Data Security Standard.  Acquirers are responsible for ensuring that their merchants and service providers confirm the security of their payment applications using the "Payment Application Best Practices".     Visa recommendations Visa has been actively working to educate software vendors and to provide best practices for secure payment applications.   Software vendors should validate their payment applications against recommendations outlined in Visa's "Payment Application Best Practices ".  Visa makes no endorsement of applications or products and disclaims all warranties.  Members remain responsible for performing their own due diligence to ensure PCI DSS compliance of their merchants and service providers.   Acquirers should share the "Payment Application Best Practices " with both card-present and online merchants, and encourage them to use it to evaluate their payment applications.  Acquirers and merchants can also encourage software vendors to participate in the validation effort.   Acquirers should refer to the Validated Payment Applications list on the Visa US website and encourage their merchants to use validated applications.   To locate a validated payment application, download the Validated Payment Applications.   Validation procedures and documentation Software vendors seeking to validate their payment applications must engage a QPASC (Qualified Payment Application Security Company) qualified by Visa to perform payment application assessments.  Compliance validation takes place at software vendor's expense.   The Annual On-Site Security Assessment must be completed according to the Payment Application Best Practices document.  This document is also to be used as the template for the Report on Validation to be submitted to Visa.   The Confirmation of Report Accuracy (for Payment Application Companies ) must be completed by all payment application vendors validating compliance and submitted to Visa.   Instructions for Submission The QPASC and Payment Application Company must complete the "Confirmation of Report Accuracy" form and submit along with a copy of the Report of Validation to Visa International, 30 Raffles Place #10-00 Chervon House Singapore 048622, Attention: AIS Administrator, or email to vpssais@visa.com.  Please ensure all documents to be submitted electronically must be send securely.    Download Payment Application Best Practices   Download Confirmation of Report Accuracy     For more information To learn more about the Visa AIS program or begin an audit, you can contact Visa via email at vpssais@visa.com.       Back to top		TOP DOWNLOADS Payment Applications Best Practice Validated Payment Applications List Confirmation of Report Accuracy Form Qualified Payment Application Security Company (QPASC)

	Print this page   | Tell a friend   |

Get a card		Home  |   About Visa  |   Careers  |   Sitemap  |   Legal  |   Privacy Policy  |   Hyperlink Guidelines  |   Global Sites  |   Asia Pacific Sites