A Friday 1 October deadline set by Visa
Inc for PCI DSS compliance has caused confusion in the UK,
with numerous media outlets and consultancies claiming the
deadline would impact UK merchants.

The deadline, set by Visa Inc, which Visa Europe operates
independently from, came into force today for all of Visa Inc’s
regional first tier – or largest – merchants, predominantly in the
Americas. Visa Europe is taking a different approach to so-called
tier-one merchants on compliance with the Payment Cards
Industry Data Security Standards (PCI DSS).

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Stanley Skogland, senior vice president of
payment system risk at Visa Europe, said although there had
been a deadline in mind for level one merchants in the EU,
plans to enforce this had been shelved.

“I have no idea how this confusion has
arisen,” said Skogland.

“It does seem very strange that so many
sources have quoted this deadline for UK merchants. It has
definitely been enforced by Visa Inc which I presume will be for
merchants in the Americas.”

“We don’t have a firm deadline nor will we
ever have a firm deadline by which all entities need to provide a
report of compliance.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“The choice we [Visa Europe] have made is to
work individually with larger retailers and acquiring banks on a
one-to-one basis. This is because of the simple fact that larger
retailers are so vastly different in their set-up and business
models.”

A survey conducted by industry analysts
Redshift, on behalf of IT security and compliance solutions
provider Tripwire, is among the many blogs, news reports and
research that have quoted a supposed deadline for UK merchants –
information that Visa Europe maintain is incorrect. Redshift
managing director Guy Washer said he did not know the source
of claims of a UK October 1 deadline, but that
its impact on UK merchants had been “perceived wisdom”.

The Redshift survey, which was conducted in
March this year, showed only one in three UK merchants still do not
fully understand PCI DSS and 11 percent are fully compliant.
Twenty-seven percent of those merchants surveyed also said that
they were putting off becoming PCI compliant for as long as
possible.

“These statistics do not marry up with the
picture I see when I talk to very senior people across the merchant
space,” said Skogland.

“Retailers do take this issue very seriously.
They do not want to risk any damage to their brand and be splashed
across the front page of a newspaper.”

MasterCard was unavailable for comment.