Visa U.S.A. announced today that it is expanding the criteria of its merchant validation levels for compliance with the Payment Card Industry Data Security Standard (PCI DSS). Visa’s move is designed to decrease the risk of data compromises by shifting higher-volume merchants across all payment channels into a more rigorous compliance validation category.
While none of the validation requirements themselves have changed, merchants moving into a new validation level will be responsible for complying with that category’s validation responsibilities. For example, merchants moving from Level 4 to Level 2 must now have quarterly network security scans performed by a qualified independent scan vendor.
The revised criteria impact a relatively small number of merchants. Less than 1,000 Level 4 merchants are expected to move into the Level 2 category, while an equal number of former level 2 merchants processing fewer than 1 million e-commerce transactions per year will move to level 3.
Within the next two months, acquirers will identify any merchant changing levels. These merchants are required to validate PCI compliance with their acquirer by Sept. 30, 2007, generally 12 months from the date of identification.
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is required of all merchants and any entity that stores, transmits or processes cardholder data. Validation of compliance is part of that process, with validation requirements varying for merchants based on factors such as transaction volume.
A summary of the changes are listed in the chart below:
New Merchant Levels Defined
Merchant Level
New Criteria
Prior Criteria
Required Validation Action
Merchant Level 1
No change
Any merchant processing over 6 million Visa transactions per year or compromised in the past year, regardless of acceptance channel. No change to validation action for this level. Annual onsite audit and quarterly scans required.
Merchant Level 2
Any merchant processing 1 million to 6 million Visa transactions per year, regardless of acceptance channel. Any merchant processing between 150,000 and 6 million Visa e-commerce transactions per year. No change to validation action, but new definition expands the number of level 2 merchants to include former level 4 merchants. Annual self- assessment questionnaire and quarterly scans required.
Merchant Level 3
Any merchant processing 20,000 to 1 million Visa e-commerce transactions per year. Any merchant processing 20,000 to 150,000 Visa e-commerce transactions per year. No change to validation action, but new definition expands level 3 to include merchants formerly in level 2 processing fewer than 1 million e-commerce transactions per year. Annual self-assessment questionnaire and quarterly scans required.
Merchant Level 4
Any merchant processing less than 20,000 Visa e-commerce transactions per year, and all other merchants processing up to 1 million Visa transactions per year. Any merchant processing less than 20,000 Visa e-commerce transactions per year, and all other merchants processing up to 6 million Visa transactions per year. No change to validation action, but new definition reduces the number of level 4 merchants. Annual self-assessment questionnaire and quarterly scans may be required as specified by the member.
Despite debit’s incredible growth in volume terms Mercator Advisory Group believes that the EFT networks that enable PIN debit are approaching a critical juncture. Signature debit, while currently facing a slightly slowing growth rate, is also the only debit solution fully enabled and successfully entering several new emerging markets, such as eCommerce, recurring bill payments, and those markets where cash is being displaced using Contactless and signature- less solutions. Left unchecked the increased growth in internet and mobile payments and cash replacement will occur primarily at the expense of growth in EFT transactions. This will be of some concern if these new markets grow as quickly as proponents hope. It is important to note that we are talking about future markets and the relative market share of transaction types in these emerging environments.
This report evaluates the consumer preference for debit instruments today, how these preferences can be shifted by the popular press and the payment industry itself, the targeting of three new markets by card associations for future growth: 1) online transactions, 2) recurring bill-pay environments, and 3) Contactless/signatureless environments intended to displace low- value cash transactions, and issues that make it difficult for EFT network operators to react unilaterally to enter these same evolving markets; and therefore, make co-operative plays related to technology standards and implementation a real consideration.
Tim Sloane, Director of the Debit Service for Mercator Advisory Group and the author of the report, indicates that despite strong growth rates across the board for debit, EFT network operators may need to start establishing plans to target these same markets.
“While predicting overall growth of all three evolving markets may be difficult, it is clear that internet payments will continue to grow significantly. If the recurring bills and cash replacement market segments also experience high growth, then EFT operators may find themselves facing a growing barrier to market entry not unlike that experienced when they had to deploy key pads on POS devices to enable PIN-based debit at the POS.”
The report contains 26 pages and 12 Exhibits.
“NYPay brings together professionals in a collegial setting to network and dialogue on relevant issues in the dynamic payments industry,” said Ronald Mazursky, Director, Edgar, Dunn & Company. “The model for this professional forum is based on the successful West Coast association, BayPay, which EDC co-founded in 2005 with membership now in the hundreds of active professionals.”
“NYPay provides a much needed opportunity for payments professionals to stay current on industry developments while connecting with colleagues from various institutions. CashEdge is pleased to be involved as a founding member,” said Demetris Papademetriou, Director, CashEdge, Inc.
Based on NYPay’s stated membership profile, the association is seeking active professionals involved in the Financial Services Industry payments field who can contribute to the forum’s regular discussion groups. Membership is by invitation only.
The survey revealed: 1) NAOPP’s membership is overwhelmingly male; 2) 66.6 percent of NAOPP’s members have been engaged in the industry for five years or greater; 3) 68.4 percent of the members are 45 years or age or older; and 4) 49 percent earn greater than $100,000 per year.
In addition, members indicated they are interested in educational programming including training at the regional acquirer’s meetings as well as other types of training such as teleseminars and webinars. Members indicated they are interested in information on interchange, ethics, ISO registration and regulation, marketing via the Internet, new types of loyalty programs, and marketing and sales training.
Members further indicated they are interested in the following additional benefits:
- UPS/FEDEX/DHL mailing service or plan,
- Professional liability insurance,
- Long- and/or short-term disability insurance,
- Rental car discounts,
- Cellular telephone plans, and
- Discounted books or magazines.
The Benefits Committee continues to seek members to help identify and negotiate additional benefits identified in the survey.
- Broad willingness to use contactless cards.
- Greater acceptance with young consumers.
- High income consumers more likely to use contactless cards.
- Security and ease of use are top concerns
More than 50 percent of respondents, which translates into more than 100 million Americans, would use contactless cards to buy gasoline, items from fast food restaurants or corporate cafeterias, or groceries. More than 40 percent would use contactless cards to pay for convenience store items and transit fares (subway and bus fares and tolls). Almost 40 percent would use contactless cards to buy coffee or pay for parking, and 30 percent (60 million Americans) would use contactless cards for video games or at a vending machine or kiosk.
More than 50 percent of survey respondents between the ages of 18 and 24 indicated they would use contactless cards to buy a range of goods, including gas, groceries, fast food, coffee, convenience store items, transit fares and video games.
Consumers in households with incomes greater than $50,000 indicated they were more likely to use contactless cards than those with income less than $50,000.
Concerns about security and ease of use are the two main obstacles facing contactless card acceptance. Depending on the specific market, between 13 and 22 percent of respondents indicated security concerns would keep them from using contactless cards. The data indicates a need for companies leading contactless roll-outs to educate consumers about the cards’ safety and how easy they are to use. “Contactless payments represent a significant opportunity for the payments ecosystem. Consumers benefit from the increased convenience while merchants gain speed at the point of sale,” said Mark Friedman, President and CEO of Peppercoin. “In addition, when combined with Peppercoin’s Virtual Prepaid and Merchant Loyalty offerings, contactless payments encourage consumers to return more frequently and spend more when they do — translating into increased revenue for merchants.”
Perhaps the most important aspect of bank or finance company statements is that customers frequently open them. While not all consumers read their statements rigorously, they are far more likely to open and read an account statement than they are other pieces of mail received from their bank. At the very least, consumers tend to save their statements – making receipt and retention of the information they contained more assured.
New technologies and techniques designed to enhance the presentation of account-related information have been around for a decade and are gaining ground. According to TowerGroup, as packaged software for statement creation becomes more widely used, both electronic and paper based statements will become increasingly viewed as strategic communications vehicles whose key role is to shape and direct the customer experience. TowerGroup anticipates consumer expectations of how information is presented to them from their bank to continue to increase, as consumers become more familiar with the Web and personalization capabilities available online.
The 2005/2006 survey data also points to the continued growth of debit activity at the POS. Over the past five years, consumers’ average POS debit activity has grown from less than eight transactions a month to more than 11. The average total number of debit POS transactions made monthly has increased 21 percent in the last year, from 15 to 18 transactions per month.
Although PIN and signature debit both demonstrated transaction growth, preference of PIN debit over signature debit was 45 percent to 33 percent. Security was the leading response for choosing PIN debit as reported by 48 percent of respondents. Additionally, 57 percent of PIN-secured debit users reported that having the choice to receive cash back at the POS resulted in more usage of their cards.
PIN and Signature Debit Work Best Together
- 62 percent of ATM/debit cardholders reported using their ATM/debit cards at the POS in the 30 days prior to the survey. Over the past five years, consumers’ average POS debit activity has grown from less than eight transactions a month to more than 11.
- Among all card users, 45 percent of consumers report using both PIN and signature methods, an increase from last year’s 39 percent. The number of respondents using both is significantly greater than those who report utilizing a single method.
- Using both methods has a major effect on transaction volume: Those who use both PIN and signature debit account for 75 percent of all debit POS transactions made. Consumers utilizing both methods conduct an average of 23 transactions a month versus 14 for those who solely use signature and 10 for those using only PIN.
- The expanding number of locations accepting debit, particularly for small-ticket purchases, underscores the value of promoting both PIN and signature debit to consumers. Among respondents, PIN debit is the preferred debit option at discount stores, convenience stores, drug stores and do-it-yourself stores, while signature debit leads in food categories and specialty retail locations.