How to practice safe B2B
In summer 2000, Visa unveiled its "Digital Dozen," a list of security requirements calling for firewalls, encryption, testing and access policies that its service providers and merchants must have as a condition of doing business with Visa. That's right—if a bank or merchant can't play by these rules, they don't play with Visa.
Visa's merchants and service providers must annually demonstrate compliance, through an online self-assessment for Mom-and-Pop shops and extensive third-party audits for merchants or service providers handling large volumes of cardholder information. And if a merchant refuses to comply, Visa can fine the bank that processes that store's transactions. Then it's up to the bank to punish the merchants. "Eventually, if we don't have proof from an independent third party that you qualify with our requirements, we really don't want you to take the card," says John Shaughnessy, Visa USA's senior vice president of risk management in Tampa, Fla.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.