If your organization has an online store, you'll want to keep an eye on the deadlines Visa has set for compliance with Payment Application Best Practices (PABP) certification. Here's the timetable for certification requirements:
| Phase | Compliance Mandate | Effective Date |
| I | Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications | 1/1/08 |
| II | VNPs and agents must only certify new payment applications to their platforms that are PABP-compliant | 7/1/08 |
| III | Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PABP-compliant applications* | 10/1/08 |
| IV | VNPs and agents must decertify all vulnerable payment applications** | 10/1/09 |
| V | Acquirers must ensure their merchants, VNPs and agents use only PABP-compliant applications*** | 7/1/10 |
The key milestones are for this October when all new level 3 and 4 merchant accounts must use PABP-compliant e-commerce applications and then finally July of 2010 when full compliance is required.
We recommend downloading the PABP guidelines and talking with your vendors to request a quote for the level of effort to ensure full PABP compliance of your online presence. Even if you don't process credit card transactions, these best practices offer excellent guidelines for everything from the way passwords are managed to proven change management processes.
To learn more about the PABP application process you can send an email to cisp@Visa.com.