In an attempt to bolster consumer confidence in e-commerce, Visa announced that it is putting into effect a series of security standards aimed at minimizing online fraud. Online merchants have been warned to either meet the guidelines or risk having the credit card giant withdraw its services. "If merchants are putting customers at risk, we can scrape the Visa decal off their site and cut them off," said Bond Isaacson, e-Visa president, "My first loyalty is to protect consumer security." The company has slated the date by which e-merchants must be in compliance as May 1, 2001.

The new security standards, which have yet to be set in stone, involve measures such as firewall use, cryptography, and the designation of information security officers. Visa is also introducing a voluntary compliance program to ease merchants into practicing the security measures before the 2001 deadline. Participating businesses will be encouraged to assess themselves in order to evaluate their website's security. Internet Security Systems (ISS), a supplier of security software, working in conjunction with the credit card company, will offer vulnerability testing to electronic merchants seeking to meet compliance. In addition, the Internet unit of the Better Business Bureau has pledged to help determine which merchants are in compliance with the new requirements and will report any infractions to Visa.

Also strengthening its crusade, Visa has implemented a payer authentication service. The authentication service will help to confirm the cardholder's identity during the payment process. Much like an ATM card, each Visa card will have its own user password. Once a user hits the "buy" button at a merchant's site, the authentication process opens a window to confirm the cardholder's identity by requesting the password, adding another level of security to the online buying process.

According to recent consumer studies, online security and privacy are panic button issues to potential Internet shoppers and threaten to impede the growth of e-commerce. Recently stoking the flames of concern have been high-profile assaults in which hackers have stolen credit card numbers and customer data.

In order for Visa´s security standards to take root, other credit card companies must lend a hand. American Express, along with Buy.com and Expedia.com, have recently formed the Worldwide E-Commerce Fraud Prevention Network, a consortium with the purpose of sharing information and sound practice tips with online merchants in hopes of tightening web security and reducing the costs associated with online fraud.

Sources: Visa to Lay Down the Law on Web Security
Greg Sandoval
CNETNews.com, Nov. 15, 2000
http://news.cnet.com/news/0-1007-200-3705714.html

Visa Upgrades Security Measures
Rutrell Yasin
InternetWeek Online, Nov. 8, 2000
http://www.internetweek.com/story/INW20001108S0004