Credit Card Grrl

The 411 on the marketing side of the credit card industry


Credit companies unite to fight fraud

From a 09.25.06 article in Red Herring

Unsafe Sales

It seems like every day brings news of another case of online theft of credit card information. Facing declining consumer confidence, five major credit card players have come together to fight payment fraud. Their plan? Form a consortium, set clear requirements on security measures for businesses and institutions handling credit card information, and make it impossible for those who don’t comply to be in business.

Formed on September 7 by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International, the Payment Card International Security Standards Council marks the formalization of a process initiated last year. One in three online shoppers are buying fewer items online because of security concerns, according to a June 2005 survey of 5,000 U.S. adults by Gartner.

Amid rising fraud from the loss or theft of credit card information—often the result of poor security in card processing—Visa and MasterCard created the Payment Card Industry data security standard in January 2005. It laid out 12 requirements relating to encryption of cardholder data, network scans, and activity monitoring and logging.

But analysts criticized the standards for being too broad and not stringent enough.

Now, the consortium has set out additional guidelines. Instead of suggesting companies update security measures “periodically” or “regularly,” the guidelines set annual and quarterly deadlines. It also suggests a source code analysis of custom applications to search for vulnerabilities so that loopholes commonly exploited by hackers can be plugged. Merchants and service providers risk having their credit processing credential revoked if they do not comply.

The new standards could result in a windfall for a number of security startups specializing in these products since merchants will have to buy additional software or hardware to meet the requirements.

The new guidelines will also apply to organizations, such as universities, that process or store credit cards but which were earlier out of the purview of the PCI standard, says Amichai Shulman, CTO of Imperva, a Foster City, California-based data security company.

Please note that any links directly to card product offers are provided for informational purposes only. Any descriptions within this post about an offer may not necessarily align with the offer to which these links connect.


Anonymous Creditworthy said...

The fraud fight plan looks promising. The theft threat drives away many current and potential credit card holders. There should be strict security obligations for every credit company to observe.

11:18 PM  

Post a Comment

<< Home