Cardholder Information Security Program

Upholding the Highest Cardholder Data Security Standards for Visa Stakeholders

The Visa Cardholder Information Security Program (CISP) aims to secure Visa cardholder data wherever it resides, requiring that members, merchants, and service providers maintain the highest information security standards.

CISP compliance is required of all entities that store, process, or transmit Visa cardholder data.

Quick Links

PCI Data Security Standards
CISP List of Compliant Service Providers PDF | 132k
Validated Payment Applications PDF | 244k

CISP Basics

Enforcing compliance with the PCI DSS to secure Visa cardholder data.

For Merchants

Merchants who store, process, or transmit Visa cardholder data.

For Service Providers

Merchants and members must use CISP-compliant service providers.

Payment Applications

Securing third-party payment applications with the Payment Applications Best Practices (PABP).

Validation Requirements & Procedures
Payment Applications Best Practices DOC | 436k

PIN Security

PIN accepting entities must comply with the PCI PIN Security Requirements.

Visa Approved PIN Entry Devices
Tools and Best Practices for Merchants PDF | 248k

If Compromised

Take immediate action to help prevent additional damage and adhere to Visa CISP requirements.

Steps for Compromised Entities
What To Do if Compromised PDF | 884k

For non-U.S.-based entities, please visit Visa International Account Information Security (AIS) for validating compliance with the PCI DSS.

Site Utilities

Navigation

Visa PCI CAP Successfully Drives Merchant Compliance