|
To
fight against payment system fraud Visa Asia Pacific is launching a free security assessment service to help boost cardholder
data security in the region.
Effective immediately, all parties that handle Visa cardholder data, such as Visa's member financial institutions, Internet Payment Service Providers (IPSPs) and
merchants are entitled to access a free self-assessment service and to receive quarterly network vulnerability scans to validate the security of their Internet-connected
systems. The service is another weapon in the armory of Visa Asia Pacific's Account Information Security Program (AIS), which helps protect sensitive cardholder
account and transaction information and is mandatory for all parties handling Visa cardholder data.
Visa will partner with ScanAlert, one of the world's largest website security certification companies, to provide the free security assessment and validation service.
Under the agreement, ScanAlert will also provide Visa's member financial institutions in
Asia Pacific with a comprehensive reporting system to track the AIS validation status of their merchants and service providers. The self-assessment and vulnerability scanning service, in English and Chinese, will be provided through a
web portal at scanalert.com.
Visa Asia Pacific Payment Security Services' Head of Third Party Assurance, Edward Lodens, said, "We recognize that in today's electronic payment environment with
the constant threat of criminal minds at work, cardholders are increasingly concerned about the safety of their personal data. When that protection is provided,
consumer trust and confidence in the security of the payment business are maintained. With our free Vulnerability Scanning and Self Assessment service, we can make
it easier for all the relevant parties such as merchants and their service providers to be compliant with Visa's global data security standards. The result will be that
companies can efficiently and cost effectively validate their compliance and focus on their core business."
ScanAlert has certified thousands of online merchants in the world to the Payment Card Industry (PCI) Data Security Standard, a set of minimum standards and best
practices on data confidentiality, online availability and integrity. "With security being the number one challenge facing online retailing worldwide, ScanAlert is focused
on actively ensuring acquirers, processors and merchants in the region are well prepared against intrusion. ScanAlert's vulnerability scanning technology is
non-invasive and used by thousands of e-commerce merchants worldwide," said ScanAlert CEO, Ken Leonard.
Ensuring cardholder data is kept secure
Visa's Account Information Security (AIS) Program is a globally mandated risk management program sponsored by Visa and run by Visa's members that applies to all
entities participating in the Visa payment system. AIS is based on two fundamental principles:
-
Do not store cardholder data.
- If you need to store some data, encrypt it.
Depending on the average monthly processing volume, an entity must perform the following tasks to validate compliance with the minimum-security standards of the
AIS program:
-
Annual testing through a Self-Assessment Questionnaire
- Quarterly vulnerability scanning of Internet-connected systems
- Independent third party onsite review
ScanAlert will provide the online tools to IPSPs and merchants that need to validate their organizations to Visa's AIS standard. These tools include:
-
Assistance in completing the Self-Assessment Questionnaire
- Quarterly vulnerability scans of all Internet servers and network connection points
- Unlimited on-demand manual scans to retest systems
- Assistance in preparing an AIS-compliant security policy
- Comprehensive support tools including FAQs, tutorials and best practice recommendations
- Telephone technical support for vulnerability scanning
- Preparation of an AIS Validation Report upon completion of the validation of the completed questionnaire and/or scan.
See
other recent news regarding:
Visa
|
