Visa urges more attention to data security
Visa urges more attention to data security measures in the fight against fraud
Retailers warned: increase security standards or lose customer trust
AUCKLAND, 27 October 2005 - Payment card leader Visa International today called on New Zealand data processors and merchants to increase their security standards or risk losing their customers' trust.
Speaking at Visa's Security Summit in Auckland, Visa Country Manager, New Zealand, Iain Jamieson told leaders from the banking, retail, government, law enforcement and high-tech industries that better security procedures and cross-industry collaboration were necessary to defend against criminal attacks.
At the Summit, Mr. Jamieson reaffirmed the need for any organization that handles card data to be compliant with Visa's Account Information Security (AIS) standard. The standard is based on the principles of not storing card data unless it is necessary and if it must be, it should then be encrypted. Depending on their average monthly processing volume, an entity must perform a number of tasks to validate compliance with the standards of the AIS program:
* Annual testing through a self-assessment questionnaire
* Quarterly vulnerability scanning of Internet-connected systems
* Independent third party onsite review.
Mr. Jamieson said every one has a role to play in data security and stringent adherence to standards is demanded by the New Zealand public. "Customer trust takes a long time to build but it can be lost overnight if businesses fail to safeguard information and leave their customers open to card fraud theft," Mr. Jamieson said.
"Many businesses in New Zealand, from small service providers to large retail chains, need to pay closer attention to protecting the personal information of their customers. It is what the public is demanding and for the sake of their business and the economy as a whole, we as an industry have to deliver.
"Data compromises cannot only be inconvenient for customers but they also impose high costs on businesses, including damage to a company's brand, the cost of re-issuing cards, disruption of business and investigative and legal costs.
"All retailers who handle cardholder information must comply with the data security standards to ensure they don't become easy targets for criminals.
"New Zealand is in the fortunate position in that we have some of the best card holder security and protection standards per capita in the world. In recent years the rate of fraud as a proportion of volume on Visa has halved but that doesn't mean we can be complacent. We have a system that works and this will be further boosted in the years ahead with the roll-out of chip or smart card technology and this should be mainstream by the end of the decade.
"Through significant investments in technology, the incidence of Visa-system fraud has fallen to an historic low of just 0.03 percent of transaction volume in Asia Pacific. Banks, merchants and cardholders all have a role to play in safe payment practices and further driving down the rate of fraud," Jamieson said.
Key initiatives by Visa to fight fraud and protect cardholders include:
* Visa's Account Information
Security program: a globally mandated risk management
program which requires all parties in the Visa system to
comply with data security standards, undergo annual testing
and conduct quarterly vulnerability scanning of
internet-connected systems. Information is provided at
www.visa.co.nz/secured * Free
security assessment and validation service: Visa Asia
Pacific has partnered with ScanAlert, one of the world's
largest website security certification companies, to provide
the free security assessment and validation service. The
service is available at www.scanalert.com * Chip
Cards/Smart Cards migration: Chip card migration programs
are being run at the national level in four markets in the
region: Malaysia, Japan, Korea and Taiwan. In Malaysia, the
chip payment infrastructure is now in place and has
delivered a dramatic fall in counterfeit fraud since the
start of the
* Free security assessment and validation service: Visa Asia Pacific has partnered with ScanAlert, one of the world's largest website security certification companies, to provide the free security assessment and validation service. The service is available at www.scanalert.com
* Chip Cards/Smart Cards migration: Chip card migration programs are being run at the national level in four markets in the region: Malaysia, Japan, Korea and Taiwan. In Malaysia, the chip payment infrastructure is now in place and has delivered a dramatic fall in counterfeit fraud since the start of the year.