Visa Approved Vendor Program
Visa Approved Vendors are third-party providers of Visa products or services who have validated their security compliance to Visa. Prospective vendors seeking to participate in the Approved Vendor Program (AVP) must undergo due diligence reviews, on-site inspections and reviews of their financial background. They must also sign a contract before participating in the AVP program. Final approval of a new facility is given once the security of the facility is confirmed and, if applicable, the vendor's finished product samples have been successfully reviewed and approved for quality and consistency. When granted, vendor approval is provided by Visa to ensure certain security and operational characteristics important to the Visa systems and products as a whole. However, this does not, under any circumstances, include any endorsement or warranty regarding the functionality, quality, or performance of any particular product or service. Visa does not warrant any products or services provided by third parties. All rights and remedies regarding products and services, which have received Visa approval, shall be provided by the party providing such products or services, and not by Visa.
The Visa Rules require Members to use only approved vendors, Visa or another Issuer for the manufacture, personalization, chip embedding, initialization, data preparation, fulfillment of Visa products, over-the-air (OTA) personalization or cloud-based payment providers in support of Visa’s cloud-based payments program.
The Visa Global Registry of Service Providers lists all approved vendors (card manufacturers, magnetic-stripe card personalizers, IC personalizers, IC pre-personalizers, over-the-air personalizers and cloud-based payment providers) approved by Visa to produce Visa products or perform cloud-based services under the Visa Approved Vendor Program.
Members placing orders for the manufacture, personalization, fulfillment, or initialization of Visa products or contracting for cloud-based services may contract with any of the Visa approved vendors on the list.
Annual Revalidation
All approved vendors providing services to Visa issuers for payment products bearing the trademark or service marks of Visa must on an annual basis, comply with; Visa program requirements, including submission of annual reporting and payment of program fees, PCI Card Production Security Requirements and/or other applicable security requirements. Approved vendors must demonstrate compliance to required security requirements every 12 months. For approved vendors published on the Registry, if Visa does not receive the revalidation documents or the approved vendor falls into program non-compliance:
The Registry is updated once a month.
- Within 1 - 60 days upon notification of being placed in a Warning Status, the vendor will be highlighted in Yellow on the Registry.
- Within 61 - 90 days upon notification of being placed in a Probation Status, the vendor will be highlighted in Red on the Registry.
- After 91 days, the vendor will be removed from the Registry.
Applicable Security Requirements
Within the Approved Vendor Program, vendors are required to validate annually against one or more security requirements. Approved vendor security requirements are:
- PCI Card Production Physical Security Requirements
- PCI Card Production Logical Security Requirements
- Visa Global Physical Security Validation Requirements for Data Preparation, Encryption Support and Fulfillment Card Vendors
- Visa Global Security Requirements for Secure Element Vendors and OTA Service Providers
- Visa Cloud-Based Payments Provider Security Requirements
Note: PCI DSS does not apply to services within the Approved Vendor Program.
Changes and Updates
Visa approved vendors are required to notify Visa of changes to any information such as: legal name / business aliases; doing business as name (DBA); mergers and acquisitions; legal location or additional business locations; company point of contact; types of services offered; compliance status (where applicable); and financial insolvency.
Back to top