Enterprises conducting e-commerce transactions have been quick to take up Visa International Inc.’s free, hosted security auditing service, according to the company.
Edward Lodens, Visa’s head of third-party assurance, said the take up since its launch in August has been good with “a lot of merchants” joining the program.
“It breaks down barriers to security [which] can be seen as a large cost to business,” Lodens, who did not reveal the exact number of participants, said. “They can take best practice and validate their compliance.”
According to Visa, the free service, which uses a U.S. vendor but is available across the Asia-Pacific, will be provided “indefinitely” at this point to all merchants that accept Visa cards for payment of goods and services.
Lodens said Visa’s main message, that merchants and third-party processors should not be storing card information, remains unchanged.
“If there is a need for that, then [merchants] need to protect the information,” he said, adding that card-holder data should not be stored. “Where we see incidents of compromise is because merchants are unnecessarily storing information.”
The data security standard for the payment card industry co-developed by Visa and MasterCard International Inc. has 12 requirements – from policy and procedure through to technology like encryption and wireless.
“It’s a basically a standard that is widely available and it allows different shapes and sizes of business to reach the space we’re protecting,” Lodens said. “It is applicable to a large organization using mainframes or other merchants.”
On mainframe security, Lodens said the cost is falling the ability of mainframe users to comply with standards is more accessible now than in the past.
IBM Corp.’s Asia-Pacific zSeries product manager, John Crooks, said customers are putting encryption capabilities in to existing systems which is “always harder” to do than with greenfield implementations.
“The mainframe has been focused on security from day one and the largest department in software development is working on security,” Crooks said.
“Over the last few years the mainframe has added PKI support, crypto co-processors, centralized management, and has the latest AES encryption.”
Crooks said software to encrypt data to tapes with PKI is good for bank infrastructure and IBM also has a Java program to decrypt data on any machine to allow secure interchange between platforms.
“In the future we will bring tape units [to market] that can encrypt themselves – this will support a range of devices,” he said.
Crooks also said the mainframe is “committed to open standards and security”, adding that third-party identity management and encryption products from the likes of CA are increasing.
