More NewsVisa and NRF Unite Efforts to Improve Customer Data Security

Visa and NRF Unite Efforts to Improve Customer Data Security

Visa has launched a global effort to reduce unnecessary storage of sensitive card information in merchant payment systems. Understanding the significant commitment by merchants to secure the payment system and to protect sensitive cardholder information from criminals, Visa is clarifying existing operating regulations to ensure that acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit card number.

Visa and the National Retail Federation (NRF) agree that merchants should not be obligated by their acquiring banks to store card numbers for the purpose of satisfying card retrieval requests. While Visa does not require merchants to store full card numbers beyond settlement, NRF’s comments indicated marketplace confusion about what information merchants are required to store for dispute resolution by issuers, acquirers or processors. To clarify, Visa operating regulations stipulate the following:

  • Issuers must accept a disguised or suppressed card number on transaction receipts for dispute resolution.
  • Merchants may keep truncated or disguised card numbers and reduce the amount of potential vulnerable data stored in their systems.

NRF senior vice president and chief information officer David Hogan welcomes Visa’s effort. “We have long advocated that retailers should not be required to store their customers’ full card numbers and instead rely on an alternative identification number to reference a transaction. NRF has been pleased to take a leadership role working with Visa in this effort to assist retailers in our mutual goal of securing customers’ information while potentially reducing the scope of the PCI Data Security Standard. Merchants should be encouraged to minimise both the amount of card information they store and the duration they keep it. The bottom line is that they should not be penalised for not storing card information. This clarification from Visa is a promising step in that direction,” said Hogan.

Related Articles

Preparing for GDPR? Here’s four things to consider

More News Preparing for GDPR? Here’s four things to consider

3m Elliott Wiseman
Cash flow in focus for investors

Cash Management Cash flow in focus for investors

3m Conor Deegan
Treasury TV: Karen Pugsley, Domino's Pizza Group

More News Treasury TV: Karen Pugsley, Domino's Pizza Group

3m Victoria Beckett
Treasury TV: Yeng Butler compares US and European MMF reforms

Compliance Treasury TV: Yeng Butler compares US and European MMF reforms

4m Victoria Beckett
Treasury TV: Tim de Knegt, The Port of Rotterdam

10 Minutes With The Treasury Treasury TV: Tim de Knegt, The Port of Rotterdam

4m Victoria Beckett
Banks are selling clients short with short dated cash deposit U-turns

Banking Banks are selling clients short with short dated cash deposit U-turns

4m Victoria Beckett
What does sterling’s Brexit boost mean for UK manufacturers?

More News What does sterling’s Brexit boost mean for UK manufacturers?

4m Tasja Botha
FX for corporates: 5 best practices for treasurers

Economy FX for corporates: 5 best practices for treasurers

4m Mateo Graziosi