Visa and MasterCard have launched free, self-assessment tools for merchants to test and validate the security of their e-commerce connections.
In an effort to combat credit card fraud, both credit card giants have developed a set of standards for transaction security - called the Payment Card Industry Data Security Standard - plus access to a free security assessment tool provided by ScanAlert.
Visa's head of third-party assurance, Edward Lodens, said the company has decided to take a leadership role in developing standards, rolling out programs and ensuring merchants and third-party providers can secure transactional data. The global program to protect cardholder information began in 2001, he said, and since then they have tried to push the information down to the merchant level.
"It is essentially three things - a set of standards called Payment Card Industry Data Security Standard (PCIDSS), a foundation framework to validate those standards and tools to validate compliance," Lodens said.
"The Account Information Security (AIS) standard was developed by Visa in 2001 and the MasterCard data protection standards were developed in 2003 and we have joined those standards. Prior to this, MasterCard standards were focused on business with Internet connectivity and the Visa standards covered Internet trading as well as face-to-face trading.
"The PCIDSS follows the introduction of AIS numbers by Visa a few years ago, which was a standard that had to be met by July this year; MasterCard had a standard deadline of October and merchants said 'why not come together and develop the one standard'.
"The silver bullet is the prohibition of storing magnetic stripe authentication data because if there is nothing to steal, nothing can be stolen - that is the key message."
The AIS standard is broken down into three parts. To meet the standards, merchants with a low volume of transactions are required to complete a self assessment questionnaire answering 75 security and process-related questions.
For medium volumes of transaction, it requires the self assessment questionnaire as well as quarterly vulnerability scans. High volume traders complete the self-assessment questionnaire, plus have quarterly vulnerability scans as well as an onsite review of practices.