RealTime IT News

Tightening Security

Visa U.S.A. formed an alliance with security management solutions provider Internet Security Systems (ISS) to test Visa's newly developed Electronic Compliance Monitoring (ECM) program.

The ECM program aims to verify that e-merchants and ISPs meet Visa's online data security requirements in order to protect cardholder data from hackers.

The program is a component of the new "Visa Secure Commerce" program, a series of online security measures that protect cardholders and merchants from the start of an online transaction through securing of cardholder data after an order is fulfilled.

Visa Secure Commerce also includes a new payer authentication service that will enable the card issuer to confirm their cardholder's identity to the merchant during the virtual checkout process.

This is accomplished by using a password that the cardholder registers with his or her card issuer.

"Enabling merchants to verify the cardholder's identity will deal a significant blow to criminals seeking to use lost or stolen card numbers online," Visa said.

"What's more, the service will minimize the potential for customer disputes. Visa is pilot testing the service at select merchants and will expand payer authentication participation throughout 2001, with a goal of reaching the top 100 online shopping sites."

Meanwhile, ECM testing will begin later this month. E-merchants will be able to assess the security of their systems on an ongoing basis. Internet Security Systems will provide routine vulnerability monitoring through a remote, managed security service that utilizes mock attempts to compromise merchants' networks, systems and databases.

During these "mock hack" attacks, ISS will check hundreds of vulnerabilities related to external "hacking" as well as hundreds of security risks from within the merchant organization. As routine security assessments are performed, Internet Security Systems will provide detailed summaries of security risk exposures and prioritized compliance information to minimize security risks.

"The availability of electronic compliance monitoring allows e-merchants to take security for the e-commerce environment a step further, and more accurately identify and minimize security risks," said Steve Ruwe, executive vice president for operations at Visa U.S.A.

Visa e-merchants will also gain access to ISS' line of SAFEsuite security management software and Managed Security Services to help them meet the requirements of Visa's plan.