Visa announced on Wednesday that it will be joining with the National Retail Federation (NRF) in an effort to reduce the storage of sensitive information in merchant payment systems, calling for the elimination of account information whenever possible for the sake of data security. Both Visa and the NRF are in agreement that acquiring banks should not require merchants to store card numbers for the purpose of dispute resolution, stressing that current operating regulations permit merchants to present a shortened or disguised version of a card number on a transaction receipt for that purpose, as opposed to the complete number.
“Making data less vulnerable to card thieves by eliminating it wherever possible has been a major focus by Visa for several years now,” said Visa’s Head of Global Payment System Security, Eduardo Perez. “Visa is committed to helping develop workable solutions that reduce the burden on merchants who must secure their payment systems from criminal threats. Working with the National Retail Federation has helped us identify an issue and address it effectively.”
Despite the fact that Visa does not require merchants to retain full card numbers beyond the transaction settlement, the NRF believes there is marketplace confusion going on which has led many independent retailers to store more information than is necessary, thus putting their systems at risk.
“Visa’s priority is protecting cardholders and the integrity of the electronic payment system,” said Perez. “By reducing the amount of vulnerable data in merchant systems that must be protected from compromise, merchants can see greater security as well as more streamlined compliance needs.”
According to Visa’s current operating regulations, issuers are required to accept a suppressed or disguised card on a transaction receipt for dispute resolution. Merchants are also permitted to keep disguised or truncated card numbers, in order to minimize the amount of vulnerable data stored.