Feeds

Visa to ‘monitor’ e-commerce security

Get it right, or else....

  • alert
  • submit to reddit

Boost IT visibility and business value

Eager to dispel consumer fears over online shopping, credit card leader Visa USA announced a plan this week to accomplish by force and reason what lawless cyberpunks have failed to do through public humiliation: compel Web merchants to protect credit card numbers and customer data from hack attacks.

Under the plan, the California-based credit card association will begin monitoring the thousands of on-line businesses that accept Visa transactions, to ensure compliance with the company's written security standards. Those standards are built on everyday staples like firewall use, cryptography, and up-to-date vulnerability patching.

"These are the types of security requirements that we believe, at a minimum, anyone doing business in the Internet space should [comply with]," says Jean Bruesewitz, Visa's vice president of advanced risk solutions.

Financial penalties

The exact shape of the monitoring has yet to be determined, but Visa plans to begin in May, 2001, and is launching a voluntary programme to gently guide e-businesses into compliance before imposing a deadline. "We aren't going to rush into the monitoring, because we want to let them go though a self-assessment process and assess their own security first," says Bruesewitz.

Participating businesses will be given self-assessment tests to evaluate their own level of security. Additionally, managed security provider Internet Security Systems (ISS), in a pact with the credit card company, will offer vulnerability testing services to Web businesses working towards compliance.

"We anticipate that most merchants will want to do this, knowing that they'll have to meet those standard by May," says ISS spokesperson Michelle Norwood. Whether Visa USA, or the merchants, will pay for all that testing hasn't been worked out, Norwood says.

"I think it would be a heck of a coup for a credit card company to be able to dictate Web practices," says Jody Dodson, an industry analyst with cPulse. "You would have to have a lot of power and sway and pick up a lot of momentum."

Businesses Hit Hardest

Visa may not find computer security such a hard sell to merchants, who bear most of the brunt of online fraud. Consumers are never liable for more that $50 of fraudulent transactions, and because Internet purchases are so-called "card-not-present" transactions, credit card companies can't cover fraudulent charges.

That leaves on-line businesses holding the bag. According to a new industry survey by CyberSource Corp and Mindwave Research, businesses that sell on line lose four per cent of their overall online revenue to credit-card fraud. While on-line purchases account for only five per cent of all credit card transactions, they amount to fifty per cent of fraudulent credit card transactions.

Other studies show that security and privacy concerns consistently top the list of worries shared by potential Internet shoppers. Those concerns are heightened by occasional high-profile assaults on e-commerce sites from which intruders steal credit card numbers and customer data in bulk. Most recently, in September, an intruder lifted 15,700 customer credit card numbers from Western Union. Last year an outlaw calling himself "Maxus" set up a Web site to distribute credit card numbers, and account-holder names and addresses which he'd purloined from music e-tailer CD Universe.

"The media kind of latched on to a couple of high-profile hacker incidents and made it a really big issue," says Dodson. "The truth of the matter is, you're much more secure with on-line credit card transactions than handing your credit card to a waiter who walks out of the room for five or ten minutes."

© 2000 SecurityFocus.com. All rights reserved.

Next gen security for virtualised datacentres

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?