Visa Cardholder Information Security Program
(CISP)
Visa has begun a program to assess cardholder information security policies and procedures for all Visa merchants. Penn State will be required to complete and submit on an annual basis, a self-assessment questionnaire to certify our compliance with the requirements of the Visa Cardholder Information Security Program. This is a critical requirement for Penn State, not only so we can show compliance with Visa regulations, but also to assure that all cardholder information submitted by our customers is secure and safe.
To assess our compliance with this new program, Computer & Information Systems and the Corporate Controller’s Office have developed a joint plan. This is based on information provided on the Visa Cardholder Information Security Program website. We are requiring all units that process credit cards to:
We are asking all Financial Officers as well as the Directors of Finance in the Commonwealth College to coordinate getting the information to the appropriate units for completion, and to follow-up to assure that the materials are submitted.
Responses are required from every Penn State unit that processes credit cards. Failure to respond by the deadline of November 1, 2001 could ultimately lead to the revocation of your merchant number.
If you have material deficiencies, a plan must be developed to correct those deficiencies by June 30, 2002. If needed, assistance will be provided to help develop your plan. Penn State plans to be in compliance with the Visa Cardholder Information Security Program by July 1, 2002. Those units which cannot correct material deficiencies, or who are not willing to follow requirements, could possibly lose the ability to accept credit cards as payment. It is anticipated that MasterCard and American Express will come out with similar cardholder information security requirements in the future. If so, we will adjust the questionnaire at that time to cover all credit card providers.
If you have any questions, please contact: