Visa USA is to use technology supplied by Internet Security Systems to test merchant and Internet Service provider conformance with its 'hacker-repellent' Electronic Compliance Monitoring (ECM) programme.
The tests will measure e-merchants' and ISPs' compliance with new Visa data security requirements designed to protect cardholder data from hackers, and scheduled for full-scale implementation by mid-2001. The move coincides with the announcement by Visa of a new payer authentication process designed to take advantage of the data storage and processing capabilities of the recently announced smart Visa chip platform.
"Our work with ISS builds upon the cardholder data security requirements Visa published earlier this year, which help ensure that merchants are adequately protecting cardholder data," says Steve Ruwe, executive vice president, operations, Visa USA. "The availability of electronic compliance monitoring allows e-merchants to take security for the e-commerce environment a step further, and more accurately identify and minimise security risks."
Under the scheme, e-merchants will be able to assess the security of their systems on an ongoing basis, with ISS providing routine vulnerability monitoring through a remote, managed security service that utilises mock attempts to compromise merchants' networks, systems and databases. Detailed summaries of security risk exposures and prioritised compliance information to minimise security risks will then be provided.
Programme participants will be automatically eligible for cyber-insurance coverage through ISS' risk insurance partner, Marsh.
Visa also announced a new payer authentication service, designed to enable the card issuer to confirm their cardholder’s identity to the merchant during the virtual checkout process. This will be accomplished by using a password that the cardholder registers with his or her card issuer.
Enabling merchants to verify the cardholder’s identity will deal a significant blow to criminals seeking to use lost or stolen card numbers online, says Visa, and minimise the potential for customer disputes. Visa is pilot testing the service at select merchants and will seek to extend participation throughout 2001, with a goal of reaching the top 100 online shopping sites.