Earlier this week, the company announced that it has created a new US$20 million incentive program under which it will monetarily reward "acquiring" financial institutions if their members are fully compliant with PCI requirements by Aug. 31, 2007. At the same time, acquiring banks that fail to ensure compliance by Sept. 30, 2007 will be assessed fines starting at $5,000 a month for each non-compliant merchant. The fines increase to $25,000 per month for each non-compliant merchant after Dec. 31, 2007.

Until now, fines have only been assessed in cases where actual data breaches occurred.

Acquiring banks are those financial institutions that grant retailers and other entities the approval they need to accept credit cards. Under PCI, it is these banks that are contractually responsible for ensuring that merchant members meet PCI requirements.

Visa's new Visa PCI Compliance Acceleration Program is designed to spur entities that are covered by PCI rules to comply in a speedy fashion, said Jennifer Fischer, a director with Visa USA. "This program is part of our larger strategy for protecting card holder data and to ensure that we are doing everything we can to protect it from compromise," she said.

It targets the financial institutions responsible for the largest 1,200 merchants -- known in PCI-speak as Level 1 and Level 2 merchants -- who together account for about two-thirds of Visa's total transaction volumes, she said. Though nearly 18 months have passed since PCI rules went into full effect, only 36 percent of Tier 1 merchants and 15 percent of Tier 2 merchants are currently compliant with the requirements, according to Visa. The goal is to get all of these merchants fully compliant by the end of next August.