FRAMINGHAM (07/20/2000) - Amid increasing concerns about online credit-card fraud rates, Visa International Inc. is addressing the problem with a two-part plan.
The first part, a payment-authentication program, was launched late last month.
The second part, a series of security standards that merchants will be asked to follow, is slated to take effect in September,according to Brian Buckley, vice president of product risk and analysis at the Foster City, Calif.-based company.
The initiatives are expected to reduce Internet transaction disputes by as much as 50 percent.
However, Avivah Litan, an analyst at Gartner Group Inc. in Stamford, Conn., said Visa's new security measures aren't much better than its old certificate-based Secure Electronic Transaction model.
"It was complicated. No one understood it, and no one wanted to use it," Litan said.
According to a recent survey by Gartner Group, credit-card fraud is 12 times more common for online merchants than their off-line counterparts. Credit-card fraud contributed to about US$230 million in losses last year, said Litan. That number could go as high as $500 million this year, she added.
The Visa program provides merchants with options toauthenticate payments online, protect privacy and ensure that data in transmission is unchanged. The model was designed to work with chip cards, mobile phones, personal digital assistants and set-top boxes.
According to Buckley, this model lets different regions and credit-card issuers select the most appropriate authentication procedures. "This has opened up options," he said.
The voluntary standards will address problems such as those recently faced by Wallingford, Conn.-based CD Universe, where hackers were able to look at buyers' credit-card numbers.
"There are instances where consumer information is held on merchant Web sites or on servers that are accessible via the merchant's Web site and is inadequately protected," Buckley said.
Under the new best practices rules, merchants will be required to install firewalls or keep customer credit-card data in a segregated environment.
"The emphasis is on logical data security," Buckley said.