Visa Now Letting Level One Retailers Self-Assess For PCI Compliance

Visa has been permitting some of the nation's largest retailers perform their own PCI assessments, rather than insisting that they have third-party assessors perform that role.

The choice of whether the self-assessment option is available to Level 1 merchants varies by card brand, but Visa is now selectively permitting it. Officially, the issuing bank and the card brand must agree before a Level 1 is given the self-assessment permission and it's often approved for re-certification, once a retailer has already been certified PCI compliant.

David Taylor, president of the PCI Vendor Alliance and a certified third-party assessor, said that he has no problem with the Visa move.

"I really don't see an issue with the 'third party' role of the auditor since, if there is a breach post-audit, the merchant really owns the liability anyway," he said. "Many PCI auditors are small firms, so any customers or banks will litigate against the merchant anyway, so why shouldn't they own the audit process and its associated liability?"

Suggested Articles

Costco changes up its menu items, and Alibaba and Guess partner for a physical store.

Janey Whiteside, Walmart's new chief customer officer, is well acquainted with the importance of customer service in modern retail.

Whole Foods will offer deals on Amazon's Prime Day, and tariffs against China are causing pricing hikes.