Cardholders   Commercial   Merchants   Value of Visa   Media Center      Southeast Asia  
Search:

Navigation

    Card Acceptance Agents Account Info Security Chip Technology Travellers Cheque Acceptance Merchant Education

Registry of Service Providers (VRSP) (for Agents)

 REGISTRATION REQUIREMENTS


Do you need to comply with any security standards?

Service providers that store, process and/or transmit: 

Visa Account Number 1,
CVV, CVV2, iCVV 1 and/or 
Other cardholder data  1
 
must be compliant with PCI Data Security Standards (PCI DSS). Please  click here for details on the requirements.
 
In addition, service providers that also store, process and/or transmit cryptographic keys and/or personal identification number (PIN) have to comply with the PIN security standards. Please click here for the requirement details.
 
Service providers that provide services relating to 3-D Secure Access Control Server (Verified by Visa), please click here .
 
Service providers that are enrolled in Visa's Approved Card Vendor program in Asia Pacific are automatically included in the Registry unless otherwise advised.
 
Service providers that do not fall in any of the above categories are required to be registered by a Visa client in Asia Pacific under the Agent Registration program. Please contact the Visa client that you are working with to confirm this.
 
For service providers that do not have a direct relationship with a Visa client, at least one reference from a current customer is required confirming the nature of the relationship, services provided and the length of the business relationship.
 
 1Please refer to the Glossary  for the definition of these terms.

Back to top

Compliance with PCI DSS

Service providers that store, process and/or transmit Visa cardholder account or transaction information are required to be in compliance with PCI DSS as follows: 
 

 
* Includes all transactions, regardless of the type / channel
 
PCI DSS onsite security reviews must be performed by a Qualified Security Assessors (QSA) approved by the PCI Security Standards Council (PCI SSC).
 
The quarterly network scans must be performed by an Approved Scanning Vendor (ASV) listed by the PCI SSC.
 
For detailed information on the PCI DSS, the list of QSAs and ASV, please go to www.pcisecuritystandards.org.
 
Please note that only service providers that have been attested to be in full compliance with PCI DSS via an onsite review by a QSA will be listed on the Registry.
 
Service providers that have only completed a self-assessment via the questionnaire and network scans are encouraged to register with Visa. However, they will not appear on the Registry.
 
Service providers that are directly connected to Visa via VisaNet Extended Access Servers have to comply with additional requirements. For more information, please contact your local Visa office.

Back to top

Compliance with PCI PIN Security Standards

Service providers that store, process and/or transmit Personal Identification Numbers are required to be in compliance with the PIN security standards. These service providers are inspected by Visa. 
 
For more information on the PCI PIN security standards, please go to www.visa.com/pinsecurity or e-mail pinsec@visa.com.
 
To find out more about the Visa inspection process, please contact your regional Visa office.
 

Compliance with 3-D Secure Access Control Server Security Standards

Service providers that provide services relating to 3-D Secure Access Control Server (ACS) under the Verified by Visa program are required to have undergone an inspection by Visa before providing such services. 
 
To find more about the 3-D Secure ACS security requirements, please go to www.visa.com/3-DSecure.

Back to top

  • Printable Page

Quick Links

 

Related Links

 
 
Home | About Visa | Careers | Site Map | Legal | Privacy Policy | Hyperlink Guidelines | Global Sites | Asia Pacific Sites
© Copyright Visa. All Rights Reserved.