Visa urges more attention to data security measures in the fight against fraud
Retailers warned: increase security standards or lose customer trust
AUCKLAND, 27 October 2005 - Payment card leader Visa International today called on New Zealand data processors and
merchants to increase their security standards or risk losing their customers' trust.
Speaking at Visa's Security Summit in Auckland, Visa Country Manager, New Zealand, Iain Jamieson told leaders from the
banking, retail, government, law enforcement and high-tech industries that better security procedures and cross-industry
collaboration were necessary to defend against criminal attacks.
At the Summit, Mr. Jamieson reaffirmed the need for any organization that handles card data to be compliant with Visa's
Account Information Security (AIS) standard. The standard is based on the principles of not storing card data unless it
is necessary and if it must be, it should then be encrypted. Depending on their average monthly processing volume, an
entity must perform a number of tasks to validate compliance with the standards of the AIS program:
* Annual testing through a self-assessment questionnaire
* Quarterly vulnerability scanning of Internet-connected systems
* Independent third party onsite review.
Mr. Jamieson said every one has a role to play in data security and stringent adherence to standards is demanded by the
New Zealand public. "Customer trust takes a long time to build but it can be lost overnight if businesses fail to
safeguard information and leave their customers open to card fraud theft," Mr. Jamieson said.
"Many businesses in New Zealand, from small service providers to large retail chains, need to pay closer attention to
protecting the personal information of their customers. It is what the public is demanding and for the sake of their
business and the economy as a whole, we as an industry have to deliver.
"Data compromises cannot only be inconvenient for customers but they also impose high costs on businesses, including
damage to a company's brand, the cost of re-issuing cards, disruption of business and investigative and legal costs.
"All retailers who handle cardholder information must comply with the data security standards to ensure they don't
become easy targets for criminals.
"New Zealand is in the fortunate position in that we have some of the best card holder security and protection standards
per capita in the world. In recent years the rate of fraud as a proportion of volume on Visa has halved but that doesn't
mean we can be complacent. We have a system that works and this will be further boosted in the years ahead with the
roll-out of chip or smart card technology and this should be mainstream by the end of the decade.
"Through significant investments in technology, the incidence of Visa-system fraud has fallen to an historic low of just
0.03 percent of transaction volume in Asia Pacific. Banks, merchants and cardholders all have a role to play in safe
payment practices and further driving down the rate of fraud," Jamieson said.
Key initiatives by Visa to fight fraud and protect cardholders include:
* Visa's Account Information Security program: a globally mandated risk management program which requires all
parties in the Visa system to comply with data security standards, undergo annual testing and conduct quarterly
vulnerability scanning of internet-connected systems. Information is provided at www.visa.co.nz/secured .
* Free security assessment and validation service: Visa Asia Pacific has partnered with ScanAlert, one of the
world's largest website security certification companies, to provide the free security assessment and validation
service. The service is available at www.scanalert.com
* Chip Cards/Smart Cards migration: Chip card migration programs are being run at the national level in four
markets in the region: Malaysia, Japan, Korea and Taiwan. In Malaysia, the chip payment infrastructure is now in place
and has delivered a dramatic fall in counterfeit fraud since the start of the year.