WASHINGTON — With the support of the National Retail Federation here, Visa has launched an effort to reduce unnecessary storage of sensitive card information in merchant payment systems.
As part of that effort, Visa is clarifying that existing operating regulations allow merchants to present a truncated, disguised or masked card number on a transaction receipt to banks for dispute resolution in place of the full 16-digit card number.
“We have long advocated that retailers should not be required to store their customers' full card numbers and instead rely on an alternative identification number to reference a transaction," said David Hogan, NRF’s senior vice president and chief information officer, in a statement.
“NRF has been pleased to take a leadership role working with Visa in this effort to assist retailers in our mutual goal of securing customers’ information while potentially reducing the scope of the PCI Data Security Standard. Merchants should be encouraged to minimize both the amount of card information they store and the duration they keep it. The bottom line is that they should not be penalized for not storing card information. This clarification from Visa is a promising step in that direction,” said Hogan.
“Visa’s priority is protecting cardholders and the integrity of the electronic payments system,” said Eduardo Perez, head of global payment system security, Visa. “By reducing the amount of vulnerable data in merchant systems that must be protected from compromise, merchants can see greater security as well as more streamlined compliance needs.”