Monday, March 23, 2009

More Investment Needed to Secure Credit Cards

Media Center | Visa Corporate


Visa Calls for Maintaining Investment, Shared Responsibility at Global Security Summit

New Survey Shows Consumers Avoiding Retailers Who May Not Protect Data

VisaInc. (NYSE: V) chief enterprise risk officer Ellen Richey told securityexperts today that payment card data fraud rates remain near historiclows despite economic woes and high-profile compromises, and called forcontinued industry investment, collaboration and innovation, three keycomponents in keeping the electronic payment system secure in thefuture. She made her comments to a gathering of business, government,academic and law enforcement officials at Visa's Global SecuritySummit, its' third cross-functional symposium on payment security, heldin Washington, DC.

"Massiveinvestments and innovative solutions have kept fraud rates near anall-time low," said Richey. "The best way to build on this track recordis by having all players in the payment system share responsibility andmaintain their investments in security - even during these times ofeconomic challenge."

Richeyalso addressed recent security compromises by reminding the audiencethat compliance with the Payment Card Industry Data Security Standard(PCI DSS) continues to be the industry's best tool to guard againsttheft of cardholder data and the best protection for businesses againstunwanted intrusions. She also added that PCI DSS validation is anannual, minimum requirement for organizations but that true compliancewith PCI DSS is an ongoing effort requiring vigilance.

Read the Security Summit keynote address given by Ellen Richey, Visa's chief enterprise risk officer.
Watch a webcast of the Security Summit

"PCIDSS remains an effective security tool when implemented properly - andremains the best defense against the loss of sensitive data. Nocompromised entity to date has been found to be in compliance with PCIDSS at the time of the breach," she said.  (Editor's Note:  Thus the importance of HomeATM achieving PCI 2.0 PED Certification...)

Reinforcingthe need for vigilance on security at the merchant level, Visa releaseda new survey showing that many consumers are choosing to shop only withretailers they trust to protect their personal data. Of the 800 U.S.credit and debit cardholders surveyed February 3-5, 2009, 59% said theyhad decided not to make an online purchase at a particular web sitebecause they did not trust that site. Another 49% said they had optednot to shop with a merchant they did not recognize, for fear of havingtheir personal data stolen.

EchoingRichey's themes of shared responsibility and cooperation was summitkeynote speaker Dave DeWalt, president and CEO of McAfee Inc., whocalled for better cross-border collaboration and for businesses to makesecurity a priority through risk assessments, closing gaps, and beingvigilant. 

"Nowmore than ever, security is mission critical to all organizations,"said DeWalt. "Compliance with mandates such as PCI DSS should notsimply be a checklist item; instead organizations should always bevigilant and continuously assess their risks and exposure and implementstrong security controls." 
MassachusettsAttorney General Martha Coakley also provided a key note address at theevent and said that increased collaboration between government and theprivate sector is imperative to protect consumer data. She called onindustry to make data security a commitment on par with protectingintellectual property and trade secrets.

"Privacyprotection, safety and security is an ever-changing landscape asgovernment, law enforcement, industry, and consumers seek to balancetechnological advances in society with traditional expectations ofprivacy and security," said Coakley. "Creating and implementingstrategies and solutions to combat these problems will requirethoughtful planning and commitment from decision makers in both theprivate and public sectors."

Richey conveyed four priorities she sees as critical for the future security of the payment industry, including:
  • Accelerate global data breach preparedness with greater PCI DSS compliance
  • Actively engage consumers in the process of protecting their data
  • Increase collaboration across the payment system to close security gaps and share critical information more quickly
  • Reduce the value of stolen data through investment in new authentication measures

Driving homethe importance of empowering consumers to take a more active role inprotecting their card accounts, Richey highlighted a Visa service toprovide near real-time alerts and notifications when a registered Visacard is used for a purchase or cash withdrawal. In addition toproviding cardholders a tool to track and manage their accounts,transaction alerts can also help limit the extent of potential fraud.If a cardholder receives a suspicious alert, they can immediately calltheir issuer. 

"Visa'searly-warning system can provide peace of mind and help protectconsumers from card fraud at the crime's initial stage," Richey said."A consumer who receives an alert would be able to make a simple phonecall to stop fraud in its tracks."

Visa'stransaction alerts and notifications service is commercially availabletoday for Chase Visa cardholders with mobile devices powered byAndroid, the Open Handset Alliance's open source platform for mobiledevices. The service will be rolled out to additional financialinstitutions and for additional mobile devices later this year.

Heldin cooperation with the Economist Intelligence Unit, Visa's GlobalSecurity Summit was convened to discuss how payments systemparticipants can collaborate to protect cardholders against current andemerging security threats. Five panels were assembled to cover topicsrelated to innovations in payment security, strengthening e-commercesecurity, small business data protection, global executives' securitypriorities, and the world of hackers. A webcast of the summit can beviewed at www.visasecuritysummit.com.

About Visa
Visaoperates the world's largest retail electronic payments networkproviding processing services and payment product platforms. Thisincludes consumer credit, debit, prepaid and commercial payments, whichare offered under the Visa, Visa Electron, Interlink and PLUS brands.Visa enjoys unsurpassed acceptance around the world and Visa/PLUS isone of the world's largest global ATM networks, offering cash access inlocal currency in more than 170 countries. For more information, visit www.corporate.visa.com.


CONTACT
Jay Hopkins for Visa
Tel.: +1-703-683-5004 ext. 107
jhopkins@crcpublicrelations.com


Disqus for ePayment News