Visa Asia Pacific Launches Account Information Security

Visas Account Information Security (AIS) program is designed for all entities that process, store or transmit Visa cardholder account and transaction information. Merchants, processors and Internet payment service providers in Visas acceptance chain must comply with the AIS program to ensure that their data security measures are robust and stringent enough to safeguard sensitive customer data. To help facilitate compliance with the program, AIS is providing online assessment and validation tools. Through the AIS web site at www.visa-asia.com/secured, merchants and their service providers can assess their own vulnerability to Internet hacking or other security breaches. The online self-assessment tool is free of charge and the business input will be kept confidential with analysis of the self-assessment questionnaire being undertaken by third party information security specialists. The results of the test will help the businesses identify and improve their security and risk management processes to better protect customer data. AIS online accessibility makes it easier for the parties handling Visa cardholder information, to implement and enforce the industry-setting security standards and for Visa’s members to monitor compliance with the program. AIS standards comprise 15 security controls to ensure that a business organizational, physical and logistical areas maintain the confidentiality, availability and integrity of sensitive account and transaction data. The 15 mandatory requirements help protect data throughout the entire life cycle of a transaction, focusing on critical security areas such as human resource, access, firewalls, virus protection, data disposal, encryption and physical security. These requirements are based on industry standards and best practices. Visa has appointed Qualified Security Assessors to help larger merchants and processors review their operations against the AIS standards. The assessors will provide consultancy services and help the larger, more sophisticated merchants and processors validate their compliance. Visa has also engaged a security firm - Dimension Data - to provide vulnerability scanning - a non-intrusive scan that does not disrupt merchants systems, but is able to identify areas where a hacker may possibly penetrate the system. By identifying the vulnerabilities in its network, a merchant or processor can then take the necessary corrective and preventive actions to manage the risk. The test phase of the AIS program in Asia-Pacific began in late 2003, with a key focus on e-commerce merchants. Working with its member financial institutions around the region, Visa is now stepping up the validation and education of processors and service providers which might have greater exposure to possible account compromise.