Visa U.S.A. formed an alliance with security management solutions provider
Internet Security Systems (ISS) to test Visa’s newly developed
Electronic Compliance Monitoring (ECM) program.
The ECM program aims to verify that e-merchants and ISPs meet Visa’s online
data security requirements in order to protect cardholder data from hackers.
The program is a component of the new “Visa Secure Commerce” program, a
series of online security measures that protect cardholders and merchants
from the start of an online transaction through securing of cardholder data
after an order is fulfilled.
Visa Secure Commerce also includes a new payer authentication service that
will enable the card issuer to confirm their cardholder’s identity to the
merchant during the virtual checkout process.
This is accomplished by using a password that the cardholder registers with
his or her card issuer.
“Enabling merchants to verify the cardholder’s identity will deal a
significant blow to criminals seeking to use lost or stolen card numbers
online,” Visa said.
“What’s more, the service will minimize the potential for
customer disputes. Visa is pilot testing the service at select merchants and
will expand payer authentication participation throughout 2001, with a goal
of reaching the top 100 online shopping sites.”
Meanwhile, ECM testing will begin later this month. E-merchants will be able
to assess the security of their systems on an ongoing basis. Internet
Security Systems will provide routine vulnerability monitoring through a
remote, managed security service that utilizes mock attempts to compromise
merchants’ networks, systems and databases.
During these “mock hack” attacks, ISS will check hundreds of
vulnerabilities related to external “hacking” as well as hundreds of security
risks from within the merchant organization. As routine security assessments
are performed, Internet Security Systems will provide detailed summaries of
security risk exposures and prioritized compliance information to minimize
security risks.
“The availability of electronic compliance monitoring allows e-merchants to
take security for the e-commerce environment a step further, and more
accurately identify and minimize security risks,” said Steve Ruwe, executive
vice president for operations at Visa U.S.A.
Visa e-merchants will also gain access to ISS’ line of SAFEsuite security
management software and Managed Security Services to help them meet the
requirements of Visa’s plan.