Visa Inc. says that more than three-fourths of the largest U.S. merchants and nearly two-thirds of medium-sized merchants have validated their compliance with the Payment Card Industry Data Security Standard (PCI DSS). That improves upon the last progress report in October, when Visa pronounced 65 percent of “Level 1” merchants and 43 percent of Level 2 companies in compliance.
Even though this shows one-fourth of major merchants still lacking validation, Visa states that all of these Level 1 stores (those who take in more than 6 million Visa transactions a year) have at least submitted their validation plan, according to Visa.
“Visa is pleased with the progress of merchant PCI DSS compliance though there is still more to accomplish…among payment system participants," said Michael E. Smith, head of Visa’s payment system risk, in a prepared statement. Merchants in the Level 1 and 2 categories account for approximately two-thirds of Visa's U.S. transaction volume.
Visa also announced it’s begun levying monthly fines of $25,000 to U.S. merchant banks or acquirers for each large merchant that failed to validate its PCI DSS compliance – and $5,000 for middle-sized merchants. Despite the level of non-validation, Visa maintains that “more than 99 percent” of large and middle-sized merchants are following prohibitions on retaining mag-stripe, PIN data and CVV2 security code numbers in their systems.
