04:45 PM
Connect Directly

Visa Security Summit Has Some Advice For Everyone

Merchants, banks, and card issuers all got a dose of suggestions for how to improve customer security.

The tensions and problems surrounding the security of electronic customer data and online transactions got a proper airing last week, when Visa held a security summit in Washington, D.C. It seems everyone had some advice for others in the transaction chain.

Visa USA president and CEO John Philip Coghlan wasn't cutting retailers any slack for data breaches. "The majority of compromises come from storage of prohibited data and retailers using vulnerable systems to process data," Coghlan said. Just one-third of the largest merchants--those processing more than 6 million transactions a year--comply with payment card security standards. Visa this year will offer incentives for compliance, such as giving its lowest fees to those that are compliant before October, plus it will levy fines for noncompliance.

We're in a security arms race, eBay CEO Meg Whitman says

We're in a security arms race, eBay CEO Meg Whitman says

Photo by Carol Powers/Bloomberg News/Landov
But retailers would like more help from Visa, too. Department store Nordstrom in 2005 increased its security efforts as Visa began emphasizing compliance. But Nordstrom executive VP Daniel Little would like the card companies to offer better guidance on how companies should rank data risks. "That would help us identify the highest-priority issues," he said. Little and his team conduct weekly meetings related to payment-card compliance, and he provides quarterly reports to the company's board. "Information security and privacy are in the top five of our risks," he said.

For eBay CEO Meg Whitman, scams are one of the biggest business risks because of the potential loss of trust. She outlined some of eBay's new security tools and strategies. "Security on the Net is actually an arms race in its most classic form," she told the summit.

EBay and its PayPal group are the favored target for phishers. To ensure that customers can identify legitimate eBay E-mails, the company includes a digital signature on every one it sends. It's trying to convince Internet service providers to route only E-mails that contain this signature. Another measure is a PayPal security key that creates a random code to authenticate each transaction. "It's a combination lock for your PayPal account," Whitman said. It's been in beta for about a month.

Whitman also thinks banks and card companies could do better. She noted bank card networks receive information about fraudulent transactions days and sometimes weeks before merchants do, and that's a major problem. EBay wants to know about fraudulent payment accounts before its users ship goods to the perpetrators.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.