Visa to lay down the law on Web security

The credit card company intends to set new standards for Web site security that it says online stores must adhere to or risk having their service cut off.

Greg Sandoval Former Staff writer
Greg Sandoval covers media and digital entertainment for CNET News. Based in New York, Sandoval is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET.
Greg Sandoval
2 min read
Visa is sending online merchants a tough message: Bulk up your Web site security or else.

Foster City, Calif.-based Visa USA said this week that it will set new standards for Web site security that online stores must adhere to or risk having Visa cut off their service. That means offending stores will not be able to accept Visa credit cards from customers, the most widely used card--online or offline.

"If merchants are putting customers at risk, we can scrape the Visa decal off their site and cut them off," said e-Visa president Bond Isaacson. "We'll keep them out until they get into compliance...My first loyalty is to protect consumer security."

The credit card company has yet to define what the new standards will be, a company representative said, because the program is still in the planning stage. The representative said Visa hopes to have the standards in place by early next year.

The company also set May 1 as a tentative date for when Visa member merchants must be in compliance with the standards.

Visa has partnered with the Internet unit of the Better Business Bureau to create a series of programs designed to foster consumer faith in online shopping.

Online security is a hot issue this year. Numerous studies and surveys show that consumers fret over Internet security. A little hand wringing goes on each time online shoppers are about to press the "enter" key to purchase an item online. Too often, they choose not to.

However, that belief may or may not be warranted. E-tailers and security experts say theft occurs far less frequently online than it does in the offline world. Still, several high-profile security breaches have taken place recently.

In June, America Online confirmed that hackers compromised member accounts by means of email attachments sent to AOL employees. A hacker also broke into the system of Internet keyword service RealNames in February. The company, which substitutes complicated Web addresses with simple keywords, said the perpetrators may have accessed credit card numbers and passwords.

"If you look at where most of the fraud on the Net is, it's in hacking," Isaacson said. "It's those cases where someone breaks into a database and steals 2,000 or 3,000 card numbers."

The Better Business Bureau will help determine which merchants are complying with Visa's new requirements and will report any infractions to Visa. By so-called ethical hacking, security experts of the individual companies will try to hack their own sites to test their security defenses such as firewalls and encryption data, Isaacson said.