Visa Launches Account Information Security Program
Visa Launches Account Information Security Programme To Protect Cardholder Data
Compliance with global standards for all participants in Visa’s payment system
Visa International today launched a programme to protect all Visa cardholder account and transaction information by preventing unauthorized disclosure or modification of the data. Visa’s Account Information Security (AIS) programme is designed for all entities that process, store or transmit Visa cardholder account and transaction information. Merchants, processors and Internet payment service providers in Visa’s acceptance chain must comply with the AIS programme to ensure that their data security measures are robust and stringent enough to safeguard sensitive customer data. To help facilitate compliance with the programme, AIS is providing online assessment and validation tools.
Through the AIS web site at www.visa-asia.com/secured, merchants and their service providers can assess their own vulnerability to Internet hacking or other security breaches. The online self-assessment tool is free of charge and the business’ input will be kept confidential with analysis of the self-assessment questionnaire being undertaken by third party information security specialists. The results of the test will help the businesses identify and improve their security and risk management processes to better protect customer data.
AIS’ online accessibility makes it easier for the parties handling Visa cardholder information, to implement and enforce the industry-setting security standards and for Visa’s members to monitor compliance with the programme. AIS standards comprise 15 security controls to ensure that a business’ organizational, physical and logistical areas maintain the confidentiality, availability and integrity of sensitive account and transaction data. The 15 mandatory requirements help protect data throughout the entire life cycle of a transaction, focusing on critical security areas such as human resource, access, firewalls, virus protection, data disposal, encryption and physical security. These requirements are based on industry standards and best practices.
Visa has appointed Qualified Security Assessors to help larger merchants and processors review their operations against the AIS standards. The assessors will provide consultancy services and help the larger, more sophisticated merchants and processors validate their compliance. Visa has also engaged a security firm – Dimension Data - to provide vulnerability scanning – a non-intrusive scan that does not disrupt merchants’ systems, but is able to identify areas where a hacker may possibly penetrate the system. By identifying the vulnerabilities in its network, a merchant or processor can then take the necessary corrective and preventive actions to manage the risk.
Belinda Leonard, Country Manager for Visa Zealand, said: ”Protection of account and transaction data makes absolute business sense as it builds consumer trust and confidence. Compliance with AIS standards, put within easy reach of merchants and processors, will enable them to protect themselves and their customers’ data from possible loss or theft by hackers or unscrupulous employees. Such incidents create negative publicity and affect their bottom line. Consumer trust and confidence translate into increased business, and naturally more and more merchants see the value and competitive edge that AIS-compliance gives to them."
She added that poor data protection practices placed the entire e-commerce industry in a vulnerable position – an account compromise at one e-commerce merchant can result in fraudulent activity at other merchants, “This is why Visa has set the global standard to protect the interests of all payment participants from threats against their websites, servers and IT systems,” Ms Leonard said. “Visa was the first in the industry to create such a programme and will continue to maintain its aggressive approach to every aspect of fraud prevention, detection and recovery.“
The test phase of the AIS programme in Asia-Pacific began in late 2003, with a key focus on e-commerce merchants. Working with its member financial institutions around the region, Visa is now stepping up the validation and education of processors and service providers which might have greater exposure to possible account compromise.
AIS is a key part of Visa’s Global Secure
e-Commerce strategy and complements the ‘Verified by Visa’
programme. Verified by Visa authenticates the cardholder
during the transaction, while AIS protects the cardholder
information during subsequent processing and