thePCI Portal

No colour coding on the Visa service provider list anymore?

COVID-19 impact on your service provider listing at Visa

Visa’s Global list of service providers (here) is a listing of PCI DSS Validated Service Providers and participants in Visa programs (such as Visa Third Party Agent (TPA) Program, etc) who are registered with Visa.

The Registry is updated once a month. For service providers published on the Registry, if Visa does not receive the appropriate revalidation documents:

  • Within 1 – 60 days upon expiry of the validation documents, the service provider will be highlighted in Yellow on the Registry
  • Within 61 – 90 days upon expiry of the validation documents, the service provider will be highlighted in Red on the Registry.
  • After 91 days, the service provider will be removed from the Registry.

From here: Service providers that store, process or transmit Visa cardholder data must demonstrate PCI DSS compliance and provide the compliance validation to Visa every 12 months.

Due to the pandemic, most organizations and regions around the world are currently facing travel restrictions and health advisories that prevent the completion of an onsite security review. Visa is amending some data security program requirements associated with onsite compliance reviews.

“Specifically, Visa will temporarily waive the requirement to complete an onsite data security review effective immediately and ongoing through July 31, 2020 as well as waive non-compliance assessments associated with meeting those requirements for the same period.”


The changes are detailed and conditional.  One of the conditions is that you remain compliant with the program’s conditions.  Contact Visa for more information if you are affected by this information.

Ad below this line:

Leave a Reply

Your email address will not be published.