Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:32 PM
Rutrell Yasin, InternetWeek
Rutrell Yasin, InternetWeek
Connect Directly

Visa Imposes May 1 Deadline On Web Merchants

Visa U.S.A. has given merchants until May 1 to comply with security guidelines it published last year.

Visa U.S.A. has given merchants until May 1 to comply with security guidelines it published last year. The guidelines include policies and practicesmerchants should take, from configuring firewalls properly to maintaining stringent control of customer data.

Visa faces a dilemma, however. If it enforces the guidelines with fines, as it said it might do, it risks losing business to other card companies that haven't delivered such an ultimatum. MasterCard International has published its own guidelines for e-commerce security but doesn't force merchants to comply, according to a company spokeswoman.

But with the theft of credit-card information last year from online retailers such as CD Universe and, Visa decided it needed to get tougher with some merchants. Some 83% of the 132 merchants surveyed by software supplier CyberSource and Mindwave Research last year said fraud is a problem, up from 75 % the previous year.

Visa has been working to get compliance kits into the hands of participating merchants through Visa-issuing financial institutions, said John Shaughnessy, senior vice president of risk management at Visa U.S.A. About 50 merchants have agreed to comply with Visa's requirement.

Visa had been considering its ultimatum for some time, observers said. "Visa is bringing the industry up-to-date with the current state of technology," said Nick Baxter, senior vice president at First National Bank of Omaha's merchant-acquiring service.

Although many of the bank's larger clients already comply with the Visa rules, the smaller ones may have more of a challenge implementing security, he noted. Reluctant participants might be struggling dot-coms that lack the capital to maintain adequate security.

But even for established companies, security needs to be an ongoing process, Baxter said. A company may be in compliance on Monday, but by Wednesday a security hole can be created by a misconfigured firewall or failure to apply a security patch.

What if merchants don't comply? Shaughnessy acknowledged it's a tough balancing act. "We're more interested in facilitating trust on the Internet rather than scaring merchants."

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.