The major credit card companies are giving merchants until 2010 to ensure that all applications are PABP certified or PCI compliant. PABP certified is used for packaged software (like BV Commerce 5) and PCI is used for hosted services and hosting companies.

There are 4 levels of merchants and the deadlines are different for each one.
Level 4 Merchants - Process 0 to 20,000 transactions per year
Level 3 Merchants - Process 20,000 to 1 Million transactions per year
Level 2 and Level 1 Merchants - Process over 1 Million transaction per year

Terms used
Known Vulnerable Applications - Software known to Visa to store unsafe data. (BV Commerce is NOT a known vulnerable appliction)
Certified Applictions - Software that has passed a certification test
New Accounts - New credit card processing accounts for merchants that do not currently process cards

Schedule of Requirements

Phase 1 - January 1, 2008
New Account must not be using Known Vulnerable Applications. A new merchant can use BV Commerce as it is NOT a known vulnerable application. No effect on existing merchants.

Phase 2 - July 1, 2008
Payment processing companies must only certify new software that is also a Certified Application. Current software and customers are not affected. Current merchants are able to use BV Commerce just as they do now.

Phase 3 - October 1, 2008
New Accounts are required to EITHER use a PCI compliant hosting company OR use a PABP certified application. Existing merchants are not affected and can continue to use BV Commerce as normal. New Accounts must use a PCI compliant hosting company if BV Commerce is not certified by this date. We fully expect that BV Commerce will be certified long before this time.

Phase 4 - October 1, 2009
Known Vulnerable applications will be de-certified for credit card processing. BV Commerce is not a Known Vulnerable application and will also be certified by this date. No impact to any BV Commerce merchant.

Phase 5 - July 1, 2010
All merchants will be required to use Certified Application. BV Commerce will have been certified long before this time and there will be no risk/impact to merchants.

Summary - Impact to BV Commerce merchants
BV Commerce 5 is currently 90% compliant and we are working hard to implement the last few remaining features. The major hold back at this point is the requirement that we allow merchants to change encryption keys on the fly on a running store. This will require a service pack to BV Commerce 5 and we will complete certification before the end of this year.

There will be no impact/risk at all to BV Commerce 5 merchants. Existing merchants will have until 2010 to move to a certified solution but BV Commerce 5 will have been certified long before that deadline. 

BV Commerce 2004 merchants will need to upgrade to BV Commerce 5 (or a later version) before July 1, 2010 in order to process credit cards with a certified application.