Poorly stored credit card data a risk: Visa

18.07.2006
Visa International Ltd. said merchants should take a greater responsibility for credit card security, for example by complying with the security standards in the Account Information Security program (AIS).

The program is sponsored by Visa and run by Visa's member banks. However, uptake among merchants in New Zealand, especially small-and medium-sized ones, has been slow, said Iain Jamieson, Visa International's New Zealand country manager.

'I'm a little concerned that the message we are trying to get out there hasn't got much traction at the moment,' he said.

'[In collaboration] with the banks, we need to interact at a much lower level with the merchants in this country, to make sure that they understand what the requirements are for ensuring that cardholder information is stored correctly. And if they don't need to store it, they should delete it,' he said.

Visa Asia-Pacific cooperates with website security company ScanAlert, which performs vulnerability tests of merchants' systems free of charge.

'I suppose the issue is that [to go through with the scan] you need to have the latest security software in place, and I think this is where New Zealand falls behind the rest of the world a little bit. [Do] the small-and medium-sized merchant, in New Zealand actually have that software?'.