Qualifying terminals must be enabled to support both EMV contact and contactless chip acceptance, including mobile contactless payments based on NFC technology. Contact chip-only or contactless-only terminals will not qualify for the U.S. program.
Effective 1 April 2015, TIP qualification expanded to merchants that have invested in a validated point-to-point encryption solution. Qualifying solutions are those that are included on PCI SSC’s list of Validated Point to-Point Encryption Solutions or independently validated by a PCI SSC Qualified Security Assessor point-to-point encryption company.
Chip-enabled terminals must have current, valid EMV approval and pass Acquirer Device Validation Toolkit (ADVT) / Contactless EvaluationToolkit (CDET) / Visa payWave Test Tool (VpTT) testing requirements, asapplicable.² The point-to-point encryption solution must be included on the PCISSC list of validated solutions or independently validated by a PCI SSCQualified Security Assessor point-to-point encryption company.
Point-to-point encryption helps to secure a merchant’s acceptance environment by removing or devaluing cardholder data. Visa recognizes the security value this technology brings to the POS acceptance environment.
Contact your acquirer if you think you qualify for TIP benefits.
To qualify for the program and receive its benefits, U.S. merchants must meet all of the following criteria:
1. Confirm that sensitive authentication data (i.e., the full contents of magnetic stripe, CVV2 and PIN data) are not stored subsequent to transaction authorization, as defined in the PCI DSS.
2. Ensure that at least 75 percent of all transactions originate through one of the following secure acceptance channels:
- Enabled and operating chip-reading terminals (U.S. merchants must meet the volume criteria with dual-interface contact / contactless terminals).1 Chip-enabled terminals must have current, valid EMV approval and pass Acquirer Device Validation Toolkit (ADVT) / Contactless Evaluation Toolkit (CDET) / Visa payWave Test Tool (VpTT) testing requirements, as applicable.
- Validated point-to-point encryption service2 (NEW) The point-to-point encryption solution must be included on the PCI SSC list of validated solutions or independently validated by a PCI SSC Qualified Security Assessor point-to-point encryption company.
3. Not be involved in the breach of cardholder data. A breached merchant may qualify for TIP if it has subsequently validated PCI DSS compliance.
Merchants that do not meet the program’s terminalization requirements, including merchants whose transaction volume is primarily from e-commerce and Mail Order/Telephone Order (MO/TO) acceptance channels, are still required to validate PCI DSS compliance annually in accordance with Visa compliance programs.
1 Chip-enabled terminals must have current, valid EMV approval andpass Acquirer Device Validation Toolkit (ADVT) / Contactless EvaluationToolkit (CDET) / Visa payWave Test Tool (VpTT) testing requirements, asapplicable.
² The point-to-point encryption solution must be included on the PCISSC list of validated solutions or independently validated by a PCI SSCQualified Security Assessor point-to-point encryption company.