For example, programmers writing payment applications need to store authorization and approval or decline data for future reporting.

"In a programmers mind, if he says, 'I want to look a month from now so I'll just put it here' without any forethought or encryption, the data can be hacked."

There will be a major effort on the part of auditors such as Coalfire to look inside every system to make sure old practices are still passing the data standard.

Dakin sees the VISA security requirements as part of the ongoing trend to create a totally secure environment. It began with the infrastructure firewall and moved next to the operating system.

"The burden is quickly shifting to the application developers. It is not just the payment card industry," said Dakin.