One-third of Visa Merchants Missed Security Deadline

Just over a third of large-volume Visa merchants failed to meet a Sept. 30 deadline to comply with the Payment Card Industry's 12-part Data Security Standard, Visa said Wednesday, and those companies are facing fines of US$25,000 per month.

Visa said 65 percent of the largest U.S. merchants (those processing six million or more Visa transactions annually, known as Level I) have validated compliance with the PCI DSS 1.1., up from 36 percent in December. The standard is set by the Wakefield, Mass.-based PCI Security Standards Council, whose membership includes the card associations Visa, MasterCard, and American Express.

Visa also said validation for the PCI security standard among midsize merchants (those processing one million to six million Visa transactions annually) has reached 43 percent as of Sept. 30, up from 15 percent in December. This Level II group is expected by Visa to validate compliance by Dec. 31. Level I and Level II merchants constitute two-thirds of Visa's transaction volumes, the company said.