Visa announced on August 9 that merchants that use credit card transaction terminals that read embedded chips for identity authentication for at least 75 percent of their transactions will no longer be required to undergo annual certification for compliance with the self-regulatory Payment Card Industry Data Security Standard (PCI DSS). To qualify, the terminals must be capable of both contact and contactless reading of payment cards and mobile device payment applications using the embedded chip technology. Merchants that qualify for the exemption from annual PCI DSS certification must still follow all other PCI DSS rules including not storing card tracking data, security codes, or personal identification numbers. The policy will take effect on October 1, 2012. However, Visa is requiring all merchants who process Visa transaction to use the chip technology in their card readers by April 1, 2013. Visa also announced that it will shift liability for fraudulent point of sale transactions to merchants on October 1, 2015 except for fuel merchants, who will assume all liability October 1, 2017.
TIP: Merchants who process Visa transactions and do not employ chip reader technology should consider adopting the technology before it is required, so that they can avoid the annual PCI DSS certification process.