The global deadline has been set by Visa:

Level-one retailers — those processing more than six million Visa transactions per year — must prove adherence to the Payment Card Industry Data Security Standard (PCI DSS) by Sept. 30, 2010, Visa said in a news release. After that date, Visa may begin issuing fines to acquiring banks, which typically pass the penalties down to the merchants.

Visa also announced that as of Sept. 30, 2009, level-one and level-two merchants — which process between one and six million Visa transactions — cannot retain any data encoded on the magnetic stripe on the back of the card, such as PINs or security codes.