ARLINGTON, Va. — Experts in plastic card security have praised the news from Visa USA that almost all of its largest merchant acquirers have confirmed that they are not keeping card data for longer than allowed, but have also noted that this does not equal card security compliance in and of itself.
The card brand announced on June 30 that 96% of its biggest merchants had confirmed they were not holding onto card data that the brand's regulations do not permit them to keep.
"Without a doubt this is a very good start," said Steve Ruwe, chief risk officer for PSCU Financial Services, the card processing CUSO for over 500 credit unions that use the First Data platform. "Since thieves most wanted the sort of card data that was being held, making sure less of it is available can only be a good thing."
Recommended For You
But Ruwe cautioned that merchants confirming that the were not holding sensitive card security data is not the same thing as becoming compliant with the industry's card security standards, and he noted that even becoming compliant with the card brand's security regulations can be something of a moving target.
"PCI compliance is only audited once a year and a merchant's data networks and relationships can change all the time," he noted. "It's possible for a merchant to be compliant in June but out of compliance in September," he said.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
