Feeds

Visa to demand e-tailers install basic security systems

You mean e-merchants don't have this stuff already?!?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Visa, the global credit card organisation, is so worried about online fraud it yesterday warned members and merchants they may be fined if they don't get their security provisions up to scratch.

A call to tighten already strong security measures, you might think. But no, Visa USA risk management senior VP John Shaughnessy's unveiling of a ten-point list of security requirement amounts to stating the bleedin' obvious - so much so that you wonder what the heck some e-commerce companies must be thinking.

So, Visa will shortly demand that all its merchants install a firewall, the implication clearly being that rather a lot of them don't have one, allowing anyone canny enough to access and tinker with their system.

Other Visa requirements: merchants must not use vendor-supplied default passwords; they must test their security procedures; they should encrypt data sent across the Internet or accessible from it; the need to install, use and regularly update anti-virus software.

So basic are these requirements, you would have thought Visa - and its fellow card companies, for that matter - ought to have been insisting on them from the word go. It's also worrying that Visa's ten-point plan, which will be unveiled in detail next week, will be rolled out over a year. If e-commerce security is as bad as Visa reckons, surely it should be forcing the issue?

"If you're a merchant, this is stuff you want to do," Shaughnessy said. "It's just good business. It's as simple as that."

No, John, "this stuff" is essential.

Shaughnessy, speaking yesterday at a conference on cybercrime and cited by Reuters, said Visa is considering fines, restrictions on the amount of transactions a merchant can make and even throwing offenders off the Visa network.

Hopefully, when the security requirements are detailed, the enforcement measures will be as tough as - if not tougher - than Shaughnessy suggested. They'll have to be if the credit card companies don't want consumer confidence in e-commerce to be dented even further than it has following Barclay's infamous screw-up of last month, and the raft of glitches at other sites. ®

Related Stories

Barclays cock-up the tip of an ugly, secret iceberg
Barclays online cockup
Internet fraud on increase
Egg cracks on security gaffe

Providing a secure and efficient Helpdesk

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.