Visa Approved Vendor Program
The Visa Approved Vendor Programme (AVP) is designed to ensure card manufacturers, magnetic-stripe card personalisers, IC personalisors, IC pre-personalisers, over-the-air personalisers and cloud-based payment providers meet the necessary security requirements based on the services offered and business classification type.
The assigned Foregenix consultant will carry out the Visa AVP onsite security assessment as required against the applicable security requirements. The onsite assessment will include interviews with key personnel, as well as required testing/sampling as defined by the Security Requirements and will focus on the following:
- Personnel – employees, guards, visitors, external service providers & vendor agents.
- Premises – external structure, external security, internal structure, security & internal processes.
- Production Procedures & Audit Trails.
- Review encryption key lifecycle logs, e.g. creation, loading, storage, handling, destruction, archiving & revocation.
- Packaging & Delivery Requirements.
- Roles & Responsibilities.
- Security Policy & Procedures.
- Data Security & Network Security.
- System Security.
- User Management & System User Access.
- Key Management – Confidential Data & Secret Data
- PIN Distribution Visa Electronic Methods
- Exit Interview – A discussion of the non-compliance findings from the onsite assessment will take place with management that will be documented in the report.
Following the onsite assessment, a Visa AVP Security Report will be produced offsite by the Foregenix consultant detailing the findings of the assessment. The report prior to release will be passed to the Foregenix QA Service and is delivered by a highly experienced team who are very familiar with the Card Schemes and their specific requirements relating to the PCI Card Production Security Requirements ensuring that both our clients and Foregenix maintain compliance with the PCI Card Production Security Requirements and the card schemes to the highest level.