Visa Cardholder Information Security Program (CISP)

The Visa Cardholder Information Security Program (CISP) is Visa's comprehensive security initiative designed to ensure the security of cardholder data, technology systems, and payment processes handled by merchants and merchant service providers. The program sets forth a standard framework for security measures and protocols that member institutions are required to follow to protect sensitive information from unauthorized access, use, or disclosure.

CISP mandates compliance with a range of security measures which are closely aligned with the Payment Card Industry Data Security Standards (PCI DSS). These standards include requirements for network security, data encryption, vulnerability management, access control measures, and regular monitoring and testing of networks.

Member institutions, including merchants, service providers, and banks that process Visa payments, are required to rigorally adhere to these standards. Compliance is monitored by Visa through regular assessments, and failure to comply can result in penalties or restrictions on the ability to process Visa payments.

The primary objective of Visa CISP is to protect cardholder data and reduce the incidence of fraud within the payment ecosystem. By establishing and enforcing strict security standards, Visa aims to build trust in its payment network and ensure that merchants and service providers maintain the highest levels of security when processing payment transactions.