The guidelines target the unique user data found on the magnetic stripe on the back of each credit card or linked to a credit card number when input during an Internet purchase.

It all started with a letter from Visa mailed this summer, above the signature of Eduardo Perez, vice president of Payment Risk and Compliance at Visa, encouraging payment application vendors to "validate the conformance of their products to VISA's Payment Application Best Practice [PABP]."

PABPs are currently suggested guidelines for all but the largest merchants doing 6 million transaction a year or for payment card processors. For those entities it is already a requirement.

While Visa doesn't have a direct relationship with the software industry, most in the industry believe the guidelines for application developers will quickly turn into de facto VISA requirements, as users of the software, such as merchants or card processors, face stiff fines for using noncompliant software.

The biggest impact on any ISV will be on those who include direct support for a debit or credit card front end in their application.