Visa CEO calls for data protection laws, incentives

IDG News Service - WASHINGTON -- Visa USA Inc., the giant credit card company, is exploring ways to reward businesses that enhance their security practices to protect against credit card fraud and online scams, the company's CEO said today.
Visa supports legislation introduced in Congress that would require businesses to notify affected customers after certain data breaches, as well as legislation that would require businesses that store personal information to comply with security standards, said John Coghlan, who was appointed president and CEO of Visa USA in July.
Businesses should be required to notify customers of data breaches based on an "analysis of the real danger" of customers being harmed, Coghlan said during a cardholder security summit sponsored by Visa USA. Some members of Congress have pushed for notifying customers after all data breaches, and not only when there's a large danger of identity theft or credit card fraud.
"We need to give the people out there information they can use to protect themselves from identity theft and its consequences, but we're not trying to cause or create panic," Coghlan told the audience of merchants and other Visa partners.
Coghlan also called for new laws that would increase penalties for credit card and data fraud. Visa supports a bill under consideration in Congress that would add two years in jail to existing penalties for criminals convicted of identity theft or computer fraud, he said.
Businesses need to work together to better fight identity theft and computer fraud because customers will lose confidence in electronic transactions if they continue to see major data breaches, said Visa officials and other speakers at the conference.
"This really is a critical business issue," said Marge Connelly, executive vice president for corporate reputation and government at credit card issuer Capital One Services Inc. "It's not just one of the concerns of the security department, or one of the concerns of the IT department."
Coghlan said his idea to reward merchants and banks that improve security practices is in its infancy. Visa is also exploring ways to "make it financially attractive" for software developers to write secure applications, he said. One possibility is for Visa to make card acceptance easier for merchants that have strong security practices.

"We need a carrot as well as a stick to fight fraud," Coghlan said. "While we know that not harming customers is usually a great incentive, we are also asking ourselves, 'What other financial incentives can we create?'"
Even with better security incentives, a federal data protection law is needed, as multiple state

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.