The Cardholder Information Security Program (CISP) was a program established by Visa USA in 2001 to ensure the security of cardholder information as it is being processed and stored by merchants and service providers.
As of 2004, CISP has been fully superseded by the PCI Data Security Standard, a multi-vendor initiative to tackle Payment Card Industry security issues.
The CISP program 'was' developed to protect Visa's cardholder data, regardless of their location, as well as to ensure that members, merchants, and service providers maintain the highest level of information security. All trade and service enterprises and services that store, process or transmit data on Visa cardholders were required to be compliant with the program. CIS concerned all payment channels, including physical retail trading and e-commerce. Having been taken as the basis the later PCI DSS standard, CISP offered tools and measures to protect against data breach and compromising payment cards. The CISP is no longer valid, current or enforced and should not be used or referenced as current good practice. [1]