Visa offers to help e-merchants meet new security guidelines

Computerworld - Visa U.S.A. Inc. this week said it and the banks that issue credit cards under its name are launching a program to help online retailers and other Internet-based merchants comply with a set of security guidelines due to take effect in May.

Online retailers are required to take steps such as installing firewalls, encrypting stored data and using antivirus software under the new guidelines, which were detailed last year (see story). Foster City, Calif.-based Visa announced on Wednesday that it will offer training sessions, interactive reviews and consulting on compliance and monitoring, in addition to handing out information on third-party firms that specialize in security testing.

An Internet-based training program should be rolled out to the company's member banks within the next two weeks, said a Visa U.S.A. spokeswoman. The banks will then provide their merchant clients with access to the training, which is being developed as part of Visa's Cardholder Information Security Program (CISP) initiative.

John Shaughnessy, senior vice president of risk management at Visa, said in a statement that the CISP effort is aimed at giving shoppers using the Internet "the same security online that they have come to expect in the physical world." He described the requirements developed by Visa as "a virtual deadbolt."

The new guidelines also require the top 100 e-commerce merchants based on their Visa transaction volumes to have their online security procedures evaluated by an outside accounting or Internet security firm. Other online retailers will be subject to random security reviews by Visa, the company's spokeswoman said.



Related stories:

• Web site upgrades leave some customer data vulnerable, Feb. 22, 2001



• Protesters hack World Economic Forum's computers, Feb. 5, 2001



• Banks announce release of Visa 'smart' cards, Sept. 14, 2000



• American Express offers disposable credit card numbers for online shopping, Sept. 7, 2000