For those who know how to read between the lines, the announcement this week by Payment Processing [PPI] of training courses to meet VISA compliance guidelines for application developers, service providers and merchants, is the first sign of a developing storm that could have repercussions across the entire high-tech industry.
The guidelines target the unique user data found on the magnetic stripe on the back of each credit card or linked to a credit card number when input during an Internet purchase.
It all started with a letter from VISA mailed this summer, above the signature of Eduardo Perez, vice president of Payment Risk and Compliance at Visa, encouraging payment application vendors to "validate the conformance of their products to VISA's Payment Application Best Practice [PABP]."
PABPs are currently suggested guidelines for all but the largest merchants doing 6 million transaction a year or for payment card processors. For those entities it is already a requirement.
While VISA doesn't have a direct relationship with the software industry, most in the industry believe the guidelines for application developers will quickly turn into de facto VISA requirements, as users of the software, such as merchants or card processors, face stiff fines for using noncompliant software.
The biggest impact on any ISV will be on those who include direct support for a debit or credit card front end in their application.
For new companies, such as Adelo Software with a point-of-sale solution for the restaurant industry, the change will be less dramatic, said company president Harry Tu.
"When we developed our system we built our foundation for this kind of credit card security," Tu said, adding, using PPI there were only some minor gaps in their application.
However, Tu said, if an ISV has its software already out in the market it could become a big headache.
"Once the finalized code base is released to the public then they will have to do all of these changes, and the cost is very significant," Tu said.
In essence, the VISA PABP requirements will create a cascading effect that will impact all of the participants in the credit card payment food chain -- not just ISVs with a point of sale package.
Rick Dakin, president and co-founder of Coalfire Systems, an independent auditor accepted by VISA to certify compliance for level one merchants and card processors said in order to validate compliance Coalfire audits the entire payment process system.
"We look at databases, applications, operating system, network, the people, and the processes."