|
Visa is committed to supporting the continued growth of the e-commerce market, making the same high levels of security and convenience available to the virtual world as are possible in the physical world.
The development of two separate but complementary initiatives, namely, the Visa Account Information Security (AIS) Program and the Verified by Visa® Program, provide Members, merchants and their agents with the tools to make the most of the e-commerce market, confident in the knowledge that data is protected and secure.
Helping merchants and service providers.
The Visa AIS Program addresses essential system-wide security issues, and provides a proven, cost-effective methodology and documentation with which immediate improvements can be made with respect to the integrity of operations.
The Verified by Visa Program incorporates strong encryption of data while it is in transit over the Internet and allows two-way authentication between merchant and cardholder, providing greater protection and better means of maintaining consumer confidence and trust. Visit www.visa.ca/verified.
The Account Information Security Program
Welcome growth in card usage over the Internet has brought with it the storage of larger quantities of account information by e-commerce merchants and service providers. To protect the integrity of cardholder data, all such entities must be more vigilant in safeguarding sensitive data. Consumers believe that it is more secure to buy goods and/or services in the store. Visa is committed to supporting Members, merchants and their agents in addressing both the risks and the fears that inhibit the potential for growth in the e-commerce market.
The Account Information Security Program is designed to protect Visa Account and Transaction Information, safeguarding both the integrity of operations and the goodwill of cardholders. Although the initial focus of AIS was on E-commerce merchants, it now applies to all entities (all Merchants, Processors, Service providers etc.) who process, store, transmit or access account or transaction information.
Visa has an ongoing commitment to protecting the integrity of Visa Account and Transaction Information. Visa will update this site periodically to provide standards, guidelines, tools and services for the benefit of all Visa payment system participants.
The program is a standards-based, proven methodology that enables users to achieve an immediate improvement in the system-wide level of security. The program applies to any entity that stores Visa account data. All such entities will be required to store this information in a safe and secure manner, and a set of Security Standards have been put in place in order to help achieve a secured environment.
To achieve compliance with AIS, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. This Standard is the result of a joint interoperability security effort of Visa and MasterCard and is designed to create common industry security requirements, incorporating the AIS requirements.
The PCI Data Security Standard consists of twelve basic requirements supported by more detailed sub-requirements:
 Back to top
| PCI Data Security Standard |
| Build and Maintain a Secure Network |
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters |
| Protect Cardholder Data |
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks |
| Maintain a Vulnerability Management Program |
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications |
| Implement Strong Access Control Measures |
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data |
| Regularly Monitor and Test Networks |
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes |
| Maintain an Information Security Policy |
12. Maintain a policy that addresses information security |
Merchants and service providers who implement the controls outlined in this program can benefit in numerous ways. If applied properly and consistently, these controls can help:
- IMPROVE Revenue
- MAINTAIN a Positive Image
- PROMOTE Consumer Confidence
Back to top
|
Visa Inc.
