Visa, BBBOnline Partner for Internet Security
"What we have here [are] two trusted consumer brands coming together to help merchants conduct better business -- to protect themselves against fraud, use best practices and also give the consumer a strong sense of security," said Sean Healy, spokesman for Visa USA, Foster City, CA.
As a result of the two-year partnership, the two organizations will implement programs designed to increase consumers' awareness and their comfort level online as well as merchant programs to ensure higher standards of Internet security.
In the area of Web site security, Visa USA created 12 security requirements that Web merchants will have to follow in order to continue processing Visa payments at their sites.
The Visa USA security standards are:
• Install and maintain working fire wall.
• Keep security patches up-to-date.
• Encrypt stored data accessible from the Internet.
• Encrypt data sent across networks.
• Use and regularly update anti-virus software.
• Assign unique IDs to each person with access to data.
• Do not use vendor-supplied defaults for password and security.
• Track access to data.
• Regularly test security systems and processes.
• Restrict access to data.
• Implement a management policy that addresses information security.
• Restrict physical access to cardholder information.
BBBOnline will team with Visa to monitor sites for adherence to these standards. It also will act as the consumer-outreach channel for the program.
While the security standards are being rolled out now, merchants will have until mid-year 2001 to comply before facing a cutoff of their Visa service, according to Healy.
"The costs of adopting these standards are not onerous," Healy said. "We believe they're in the very best interests of the merchants as well as the consumers."