New Survey Shows Consumers Avoiding Retailers Who May Not Protect Data
WASHINGTON, March 19 /PRNewswire/ -- Visa Inc. (NYSE: V) chief enterprise
risk officer
Ellen Richey
told security experts today that payment card data
fraud rates remain near historic lows despite economic woes and high-profile
compromises, and called for continued industry investment, collaboration and
innovation, three key components in keeping the electronic payment system
secure in the future. She made her comments to a gathering of business,
government, academic and law enforcement officials at Visa's Global Security
Summit, its third cross-functional symposium on payment security, held in
Washington, DC.
"Massive investments and innovative solutions have kept fraud rates near
an all-time low," said Richey. "The best way to build on this track record is
by having all players in the payment system share responsibility and maintain
their investments in security - even during these times of economic
challenge."
Richey also addressed recent security compromises by reminding the
audience that compliance with the Payment Card Industry Data Security Standard
(PCI DSS) continues to be the industry's best tool to guard against theft of
cardholder data and the best protection for businesses against unwanted
intrusions. She also added that PCI DSS validation is an annual, minimum
requirement for organizations but that true compliance with PCI DSS is an
ongoing effort requiring vigilance.
"PCI DSS remains an effective security tool when implemented properly -
and remains the best defense against the loss of sensitive data. No
compromised entity to date has been found to be in compliance with PCI DSS at
the time of the breach," she said.
Reinforcing the need for vigilance on security at the merchant level, Visa
released a new survey showing that many consumers are choosing to shop only
with retailers they trust to protect their personal data. Of the 800 U.S.
credit and debit cardholders surveyed February 3-5, 2009, 59% said they had
decided not to make an online purchase at a particular web site because they
did not trust that site. Another 49% said they had opted not to shop with a
merchant they did not recognize, for fear of having their personal data
stolen.
Echoing Richey's themes of shared responsibility and cooperation was
summit keynote speaker
Dave DeWalt
, president and CEO of McAfee Inc., who
called for better cross-border collaboration and for businesses to make
security a priority through risk assessments, closing gaps, and being
vigilant.
"Now more than ever, security is mission critical to all organizations,"
said DeWalt. "Compliance with mandates such as PCI DSS should not simply be a
checklist item; instead organizations should always be vigilant and
continuously assess their risks and exposure and implement strong security
controls."
Massachusetts Attorney General
Martha Coakley
also provided a key note
address at the event and said that increased collaboration between government
and the private sector is imperative to protect consumer data. She called on
industry to make data security a commitment on par with protecting
intellectual property and trade secrets.
"Privacy protection, safety and security is an ever-changing landscape as
government, law enforcement, industry, and consumers seek to balance
technological advances in society with traditional expectations of privacy and
security," said Coakley. "Creating and implementing strategies and solutions
to combat these problems will require thoughtful planning and commitment from
decision makers in both the private and public sectors."
Richey conveyed four priorities she sees as critical for the future
security of the payment industry, including:
-- Accelerate global data breach preparedness with greater PCI DSS
compliance
-- Actively engage consumers in the process of protecting their data
-- Increase collaboration across the payment system to close security
gaps and share critical information more quickly
-- Reduce the value of stolen data through investment in new
authentication measures
Driving home the importance of empowering consumers to take a more active
role in protecting their card accounts, Richey highlighted a Visa service to
provide near real-time alerts and notifications when a registered Visa card is
used for a purchase or cash withdrawal. In addition to providing cardholders a
tool to track and manage their accounts, transaction alerts can also help
limit the extent of potential fraud. If a cardholder receives a suspicious
alert, they can immediately call their issuer.
"Visa's early-warning system can provide peace of mind and help protect
consumers from card fraud at the crime's initial stage," Richey said. "A
consumer who receives an alert would be able to make a simple phone call to
stop fraud in its tracks."
Visa's transaction alerts and notifications service is commercially
available today for Chase Visa cardholders with mobile devices powered by
Android, the Open Handset Alliance's open source platform for mobile devices.
The service will be rolled out to additional financial institutions and for
additional mobile devices later this year.
Held in cooperation with the Economist Intelligence Unit, Visa's Global
Security Summit was convened to discuss how payments system participants can
collaborate to protect cardholders against current and emerging security
threats. Five panels were assembled to cover topics related to innovations in
payment security, strengthening e-commerce security, small business data
protection, global executives' security priorities, and the world of hackers.
A webcast of the summit can be viewed at www.visasecuritysummit.com.
About Visa
Visa operates the world's largest retail electronic payments network
providing processing services and payment product platforms. This includes
consumer credit, debit, prepaid and commercial payments, which are offered
under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys
unsurpassed acceptance around the world and Visa/PLUS is one of the world's
largest global ATM networks, offering cash access in local currency in more
than 170 countries. For more information, visit www.corporate.visa.com.
SOURCE Visa Inc.
03/19/2009
CONTACT:
Jay Hopkins
, for Visa, +1-703-683-5004 ext. 107;
jhopkins@crcpublicrelations.com
Web Site: http://www.corporate.visa.com/
http://www.visasecuritysummit.com/