As I wrote in my story “Credit card industry set to shake up high tech”, we may soon see the specter of Visacard telling the largest ISVs [Independent Software Vendors] like SAP and Oracle, and individual application developers how to write their programs.The letter from Visa to app developers suggested that they follow Visa’s guidelines about how, where and when to store customer data, especially mag stripe data.Not only will a company that has a program with a debit or credit card front end be affected, according to the security people I spoke with, but almost every database, network and enterprise application provider, as well. Using the might of the trickle down, or trickle up effect, any company in the payment process business, from issuing and acquiring banks, to gateway providers and merchants, can be heavily fined if they don’t comply with the Visa standard. We are talking substantial amounts, in the millions of dollars.All roads then lead to the application providers and how, where and what kind of data is stored in their programs. While the ISVs can’t be touched by Visa, their customers can and they will not buy any program unless it complies. And you can bet the banks won’t accept a sworn statement from the ISV that the software complies. Companies will have to open up their programs to a full inspection. And what does Visa know about writing programs anyway? And there’s another unanswered question: can you trust the inspectors not to take away proprietary info on how the application works? Software Development