Visa pushes e-tailers to prove Internet security

Credit card companies are putting pressure on e-tailers to prove that their IT systems are secure as part of a drive to raise the...

Credit card companies are putting pressure on e-tailers to prove that their IT systems are secure as part of a drive to raise the public's confidence in buying over the Internet.

The move follows concerns that e-commerce is being held back by the unwillingness of shoppers to give their credit card details out on the Web.

Figures from the Association of Payment Clearing Services released this week show that online fraud is deterring both retailers and customers from trading online.

Credit card company Visa is pressing commercial Web sites to comply with its stringent security regulations by November in an attempt to boost confidence in online trade.

However, the initiative is likely to cause controversy, particularly among large e-tailers, who will be expected to pay for auditors to prove to Visa that their systems are secure.

In the first stage of the programme, Visa has asked the largest 25 e-commerce sites in Europe to hire independent auditors to show that they meet rigorous Visa security standards.

Although smaller organisations will not be required to have audits, they will be expected to bring in security experts from their banks or private security consultancies approved by Visa to help them meet the standards.

Frank Williams, vice-president of fraud management at Visa, said, "We are mindful of cardholder's concerns regarding the security of their data and we have acted accordingly. Visa wants to create a better and safer Internet shopping experience."

Visa insisted that its Account Information Security programme is not compulsory, but Williams admitted that e-businesses may damage their relationship with their issuing banks if they refused.

"We are not imposing anything that is not good practice," said Williams. "Some of them will have done this work already."

However, analysts warned that e-tailers could face significant costs, particularly if they have to prove the security of their systems to a number of credit card companies.

Alexander Drobik, an analyst at Gartner Group, said, "There is a danger that credit card companies are going to be placing extra burdens on e-commerce companies that they are not placing on bricks and mortar companies."

Mastercard is understood to be starting a similar scheme.

Read more on Antivirus, firewall and IDS products