Qualifying terminals must be enabled to support both EMV contact and contactless chip acceptance, including mobile contactless payments based on NFC technology. Contact chip-only or contactless-only terminals will not qualify for the US programme.
Effective from 1 April 2015, TIP qualification expanded to merchants that have invested in a validated point-to-point encryption solution. Qualifying solutions are those that are included on the PCI Security Standards Council’s list of Validated Point to-Point Encryption Solutions or independently validated by a PCI Security Standards Council Qualified Security Assessor point-to-point encryption company.
Chip-enabled terminals must have current, valid EMV approval and pass Acquirer Device Validation Toolkit (ADVT)/Contactless EvaluationToolkit (CDET)/Visa payWave Test Tool (VpTT) testing requirements, as applicable.² The point-to-point encryption solution must be included on the PCI Security Standards Council list of validated solutions or independently validated by a PCI Security Standards Council Qualified Security Assessor point-to-point encryption company.
Point-to-point encryption helps to secure a merchant’s acceptance environment by removing or devaluing cardholder data. Visa recognises the security value this technology brings to the POS acceptance environment.
Contact your acquirer if you think you qualify for TIP benefits. Or, apply for TIP now.
To qualify for the programme and receive its benefits, US merchants must meet all of the following criteria:
- Confirm that sensitive authentication data (i.e. the full contents of magnetic stripe, CVV2 and PIN data) are not stored subsequent to transaction authorisation, as defined in the PCI DSS.
- Ensure that at least 75 percent of all transactions originate through one of the following secure acceptance channels:
- Enabled and operating chip-reading terminals (US merchants must meet the volume criteria with dual-interface contact/contactless terminals).1 Chip-enabled terminals must have current, valid EMV approval and pass Acquirer Device Validation Toolkit (ADVT)/Contactless Evaluation Toolkit (CDET)/Visa payWave Test Tool (VpTT) testing requirements, as applicable.
- Validated point-to-point encryption service2 (NEW) The point-to-point encryption solution must be included on the PCI Security Standards Council list of validated solutions or independently validated by a PCI Security Standards Council Qualified Security Assessor point-to-point encryption company.
- Not be involved in the breach of cardholder data. A breached merchant may qualify for TIP if it has subsequently validated PCI DSS compliance.
Merchants that do not meet the programme’s terminalisation requirements, including merchants whose transaction volume is primarily from e-commerce and Mail Order/Telephone Order (MO/TO) acceptance channels, are still required to validate PCI DSS compliance annually in accordance with Visa compliance programmes.
1Chip-enabled terminals must have current, valid EMV approval and pass Acquirer Device Validation Toolkit (ADVT)/Contactless EvaluationToolkit (CDET)/Visa payWave Test
2The point-to-point encryption solution must be included on the PCISSC list of validated solutions or independently validated by a PCI Security Standards Council Qualified Security Assessor point-to-point encryption company.