Insights
We are proud to be named a West Coast Regional Leader for 2024
Evaluating the Visa TIP program: Is it right for your business?
INSIGHT ARTICLE |
Authored by RSM US LLP
In October 2012, Visa launched its Technology Innovation Program (TIP) as an alternative evaluation and reporting process to the traditional Payment Card Industry Data Security Standard (PCI DSS). Merchants enrolled in TIP now have the opportunity to bypass complying with the PCI DSS annually by implementing a comprehensive set of up-to-date security functions within their organizations.
Would Visa TIP be a good fit for your organization? To be accepted into TIP, a merchant must formally apply to be accepted and comply with a prescribed set of criteria set by Visa. These criteria include:
- Confirmation that a minimum of 75% of all transactions go through either: currently validated EMV chip reading terminals that pass the Acquirer Validation Toolkit (ADVT), Contactless Evaluation Toolkit (CDET) or Visa payWave Test Tool (VpTT) testing requirements, as applicable to each merchant per Visa. Contact-only or contactless-only card terminals do not qualify for TIP.
- Validated point-to-point encryption solutions should be assessed by a PCI Security Standards Council Qualified Security Assessor point-to-point encryption company as defined by Visa.
- Confirmation that all sensitive authentication data is not stored within an organization’s environment per the PCI DSS. This includes any element of the full contents of the magnetic stripe, CVV2 and PIN data per Visa.
- Acquirers must confirm that all Level 4 merchants who use third-party point-of-sale applications have terminal installations completed only by PCI-qualified integrators and resellers (QIR) per Visa requirements.
- The qualifying merchant must not have been involved in a breach involving cardholder data. An exception to this rule would be if the merchant was validated through the PCI DSS.
In summary, Visa TIP rewards merchants with less requirements if they implement secure technologies within their environments. Another bonus? If a merchant becomes a member of TIP, they can also join American Express’s Security Technology Enhancement Program (STEP), which has very similar requirements.
Despite these benefits, the program may not be the right option for everyone. For example, we have clients who have been eligible for TIP, but have not chosen to join it due to their organizations’ stances on keeping up with global security trends within and outside of their businesses. TIP could be a great option for your business, but it is also imperative that your organization does not ignore other security challenges that could be present.
Visa TIP and the challenges of today
We are in a very unique situation due to the COVID-19 pandemic that has swept over the globe. Noncontact transaction methods such as e-commerce and mail orders have become imperative for many different industries, since most stores have been closed to the public or access has been limited. Other methods such as curbside transactions have taken on a new prominence by keeping businesses viable through these difficult times.
According to Census.gov, 45.3% of business owners believe that it will take more than six months to resume normal operations so it could be more challenging to meet the strict TIP guidelines provided by Visa. It should also be noted that merchants that process the majority of their sales through e-commerce or mail will not be eligible for TIP. This is especially prevalent given the situation with COVID-19, where a majority of retail stores and shops have some form of restrictions due to state guidelines.
Other industries could also face problems entering TIP. For example, gas stations that have not implemented point-to-point encryption enterprise-wide would not be eligible for TIP. Seventy-five percent of all transactions would need to go through point-to-point encryption to become eligible for TIP. Many gas stations have not implemented updated point-of-sale devices at their pumps, so this is a problem that would need to be addressed before applying to TIP.
Furthermore, many merchants that feel ready to apply for TIP are still missing requirements. Even after the COVID-19 pandemic, striving to be accepted into TIP could be contrary to a merchant’s best interests due to the amount of requirements that would need to be fulfilled before applying.
Would TIP be a smart venture for you and your organization? If your company meets the standards and can keep security at the forefront of your responsibilities, it could be a good fit. However, TIP has checkpoints you must meet and given the current pandemic, it may be difficult to comply with some of the requirements. Working with a qualified advisor can help you determine whether TIP is the right move for your business, and if so, begin to develop a road map for compliance.
Let's Talk!
Call us at +1 213.873.1700, email us at solutions@vasquezcpa.com or fill out the form below and we'll contact you to discuss your specific situation.
This article was written by Nick Kalis and originally appeared on 2020-09-21.
2020 RSM US LLP. All rights reserved.
https://rsmus.com/what-we-do/services/risk-advisory/cybersecurity-data-privacy/evaluating-the-visa-tip-program-is-it-right-for-your-business.html
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/about us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Vasquez & Company LLP is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.
For more information on how Vasquez & Company LLP can assist you, please call +1 213.873.1700.
Subscribe to receive important updates from our Insights and Resources.