Call Us 800-431-0393
or we can call you

Payment Applications


Visa has developed "Payment Application Best Practices" to assist software vendors create secure payment applications that help ensure merchant compliance with the PCI Data Security Standard.

Best practices goal

Payment applications must not retain full magnetic stripe data or CVV2 data and must support a merchant's and service provider’s ability to comply with the PCI Data Security Standard. Acquirers are responsible for ensuring that their merchants and service providers confirm the security of their payment applications using the "Payment Application Best Practices".

Visa recommendations

Visa has been actively working to educate software vendors and to provide best practices for secure payment applications.
  • Software vendors should validate their payment applications against recommendations outlined in Visa's "Payment Application Best Practices". Visa makes no endorsement of applications or products and disclaims all warranties. Members remain responsible for performing their own due diligence to ensure CISP compliance of their merchants and service providers.
  • Acquirers should share the "Payment Application Best Practices" with both card-present and online merchants, and encourage them to use it to evaluate their payment applications. Acquirers and merchants can also encourage software vendors to participate in the validation effort.
  • Acquirers should refer to Visa's List of CISP-Validated Payment Applications and encourage their merchants to use validated applications.
ControlScan is an authorized vendor for CISP compliancy.

Validation procedures and documentation

Software vendors seeking to validate their payment applications must engage a QPASQ qualified by Visa to perform payment application assessments. Compliance validation takes place at software vendor's expense.

The Annual On-Site Security Assessment must be completed according to the Payment Application Best Practices document. This document is also to be used as the template for the Report on Validation to be submitted to Visa.

The Confirmation of Report Accuracy (for Payment Application Companies) must be completed by all payment application vendors validating compliance and submitted to Visa.

Payment Application Best Practices (Word Doc file, 334k)
Confirmation of Report Accuracy (for Payment Application Companies)

For more information

To learn more about the Visa CISP or begin an audit, contact Visa via email at AskVisaUSA@Visa.com and/or download the Visa's CISP Frequently Asked Questions (PDF, 147k). (Word Doc file, 117k)

Scanning

LoudCISP recommends ControlScan for your CISP compliant scanning.

Comodo Free Products

iVault
AntiVirus
Personal Firewall
Verification Engine
AntiSpam
BackUp

Other Comodo Products

Comodo SSL Certificates
Comodo Enterprise SSL Certificate
TrustLogo™
Code Signing

Other Merchant Services

Merchant Accounts
LinkPoint Gateway
Virtual Offices




loudssl.com is owned and operated by LoudCommerce, LLC
Copyright 2008 - LoudCommerce, LLC. All Rights Reserved.