Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Windows 8 Update: Steve Ballmer's 80-inch Windows 8 tablet
Gartner: Don't trust cloud provider to protect your corporate assets
Take me out to the ballgame, with 4G
Most OpenOffice users run Windows
Smartphones with quad-core chips and 4G LTE coming soon
Government alarm over cyberattacks validated by terrorists
Lawmakers call on DOJ to reopen investigation into Google Wi-Fi spying
Researchers propose TLS extension to detect rogue SSL certificates
IaaS: Renting on-demand technology
Yahoo Axis may be game changer for search and the troubled company
Android, Apple Own 80% of Global Smartphone Market; Microsoft's Share, 2.2%
Managing Mobile Mania
Proposed New York Legislation Would Ban Anonymous Online Comments
Supercomputer to connect to 400PB of storage via Ethernet
Sales of unused IPv4 addresses gathering steam
/

Visa issues 10 'commandments' for online merchants

Today's breaking news
Send to a friendFeedback

By Maria Trombly
Computerworld, 08/11/00

In an attempt to reduce online credit-card fraud, Visa U.S.A. in San Francisco announced 10 "commandments" for online merchants to guard its cardholders' information. And, next week, Visa will follow up by releasing the details of a broad online security program.

John Shaughnessy, Visa's senior vice president for risk management, said merchants would be required to obey these rules or face fines, sales restrictions or loss of membership.

The rules won't go into effect immediately but will be phased in over the course of a year, starting in the fourth quarter, Visa spokeswoman Angie Grothoff said.

The first sector that will have to comply are gateways and Internet service providers. Visa partners would be expected to be compliant in the first quarter of next year; major Internet "pure plays" in the second quarter, third parties in the third quarter and other merchants in the fourth quarter.

Among the new requirements, merchants must install a firewall, keep security patches up-to-date, encrypt stored and transmitted data, use and regularly update antivirus software and restrict employee access to sensitive data to a need-to-know basis.

Merchants must also assign unique IDs to everyone with access to data, track access by ID, avoid using default settings for passwords and regularly test security systems.

Brian Buckley, Visa's vice president for product risk and analysis, said these security initiatives are expected to reduce Internet transaction disputes by up to 50%.

According to a recent survey by Stamford, Conn.-based Gartner Group Inc., credit-card fraud is 12 times higher for online merchants than their offline counterparts.

About 1.1% of online credit-card transactions involve stolen card numbers, said Gartner analyst Ken Kerr. Online merchants have to bear the cost of the scam, while the credit-card companies usually take care of the bill for fraudulent face-to-face transactions, he added.

For more enterprise computing news, visit Computerworld online. Story copyright © 2000 Computerworld, Inc. All rights reserved.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.