Visa set a May deadline for Web merchants that accept the credit card to comply with 12 security guidelines the company developed last year to protect cardholder data from hackers. The guidelines include installing firewalls, encrypting stored data, and using anti-virus software. Visa said it plans to back up its deadline with strong penalties, which could include removing the "merchant's ability to take the Visa card," Visa spokeswoman Jean Bruesewitz said. She stressed that cutting merchants off would be the last resort. Before that happens, Visa said it intends to work with companies on developing strategies on how to meet the guidelines.