Visa calls for shared responsibility at Global Security Summit

New survey shows consumers avoiding retailers who may not protect data

WASHINGTON , March 19 /PRNewswire/ -- Visa chief enterprise risk officer Ellen Richey told security experts today that payment card data fraud rates remain near historic lows despite economic woes and high-profile compromises, and called for continued industry investment, collaboration and innovation, three key components in keeping the electronic payment system secure in the future. She made her comments to a gathering of business, government, academic and law enforcement officials at Visa's Global Security Summit, its third cross-functional symposium on payment security, held in Washington, DC .

"Massive investments and innovative solutions have kept fraud rates near an all-time low," said Richey. "The best way to build on this track record is by having all players in the payment system share responsibility and maintain their investments in security - even during these times of economic challenge."

Richey also addressed recent security compromises by reminding the audience that compliance with the Payment Card Industry Data Security Standard (PCI DSS) continues to be the industry's best tool to guard against theft of cardholder data and the best protection for businesses against unwanted intrusions. She also added that PCI DSS validation is an annual, minimum requirement for organizations but that true compliance with PCI DSS is an ongoing effort requiring vigilance.

"PCI DSS remains an effective security tool when implemented properly - and remains the best defense against the loss of sensitive data. No compromised entity to date has been found to be in compliance with PCI DSS at the time of the breach," she said.

Reinforcing the need for vigilance on security at the merchant level, Visa released a new survey showing that many consumers are choosing to shop only with retailers they trust to protect their personal data. Of the 800 U.S. credit and debit cardholders surveyed February 3-5, 2009 , 59% said they had decided not to make an online purchase at a particular web site because they did not trust that site. Another 49% said they had opted not to shop with a merchant they did not recognize, for fear of having their personal data stolen.

Echoing Richey's themes of shared responsibility and cooperation was summit keynote speaker Dave DeWalt , president and CEO of McAfee Inc., who called for better cross-border collaboration and for businesses to make security a priority through risk assessments, closing gaps, and being vigilant.

"Now more than ever, security is mission critical to all organizations," said DeWalt. "Compliance with mandates such as PCI DSS should not simply be a checklist item; instead organizations should always be vigilant and continuously assess their risks and exposure and implement strong security controls."

Massachusetts Attorney General Martha Coakley also provided a key note address at the event and said that increased collaboration between government and the private sector is imperative to protect consumer data. She called on industry to make data security a commitment on par with protecting intellectual property and trade secrets.

"Privacy protection, safety and security is an ever-changing landscape as government, law enforcement, industry, and consumers seek to balance technological advances in society with traditional expectations of privacy and security," said Coakley. "Creating and implementing strategies and solutions to combat these problems will require thoughtful planning and commitment from decision makers in both the private and public sectors."

This content continues onto the next page...