What is the Visa Merchant Servicer Self-Identification Program (MSSIP) and how can I get my company included on the list? This is a great question and today we will explore what this is, the benefits for your company, and how you can get on the list.
What is the Visa MSSIP?
The Visa MSSIP was established in October of 2014 and allows Merchant Servicer Agents to easily provide their business information, merchant information, and Payment Card Industry Data Security Standards (PCI DSS) compliance validation documentation directly to Visa. In turn, Visa can assist in identifying the merchant’s acquiring bank and facilitating the acquirer’s registration of the Merchant Servicer Agent with Visa. This program is available to all third-party service providers that interact directly with merchants.
According to Visa:
“The MSSIP allows a Merchant Servicer agent to provide Visa with the necessary information to identify its acquiring bank relationships and facilitate agent registration by the acquiring bank(s)….. Once the Merchant Servicer is registered by a Visa acquirer, completes MSSIP participation and validates PCI DSS compliance via an onsite assessment by a Qualified Security Assessor (QSA) they are listed on the Visa Global Registry of Service Providers.”
What are the benefits of being a part of the MSSIP?
There are multiple benefits that come along with being on the MSSIP:
- Ability to demonstrate compliance with Visa rules, industry security standards, and PCI DSS
- Ability to advertise the fact that you are on the MSSIP in your marketing materials when working with new clients
- Strengthens the industry by ensuring only compliant companies are being used as service providers
- Access to Visa’s experts for assistance on various PCI related inquiries
- Eligibility to subscribe to Visa security alerts, bulletins, publications, resources and documentation
It is worth noting that the MSSIP doesn’t automatically mean your company is included on the Visa Global Registry of Service Providers. The Visa Global Registry is the more well-known aspect among service providers and most assume that being in the MSSIP will automatically qualify them, but that’s not the case. You do need to be part of the MSSIP, but there’s an additional step that requires your organization to undergo a full PCI QSA onsite assessment that results in a report on compliance (RoC). This process is generally reserved to Level 1 Service Providers or special cases, but it is required regardless of level for a service provider to be placed on the Visa Global Registry once they are a part of the MSSIP.
How to get on the MSSIP?
- Visa has a “Sign-Up” page where you can go to start the application process.
- Ensure you have all required information handy and all items on the checklist are completed prior to signing up:
- Company information including, legal name, address, Visa assigned BID (if already assigned), website URL, company principal owner name, job title, email address and phone number, primary and secondary contact information.
- Your company’s PCI DSS compliance validation information, including a current PCI DSS Attestation of Compliance (AOC) or Self-Assessment Questionnaire (SAQ-D) completed by a PCI QSA.
- Your merchant customer information. Visa requires at least one merchant customer you are currently providing payment related services to. The acquirer behind the merchant is the Visa client that must register you as a Merchant Servicer.
- Your merchant customer’s acquiring bank information.
- Payment of a $2,000 initial participation fee. There is also a $2,000 annual renewal fee.
Triaxiom Security is a Qualified Security Assessor (QSA) and can assist your firm in filling out and signing your AOC and SAQ-D. If you’d like to qualify for the Visa Global Registry of Service Providers, we can also complete a full onsite assessment and provide a completed RoC and AOC for that. Contact us today to get started!