Retailers rush to meet creditcard deadlines

Share this article:

Merchants scrambled this summer to meet a Sept. 30 deadline for compliance with Visa's Cardholder Information Security Program (CISP), while also working to meet requirements of a separate MasterCard infosec program.

CISP, launched four years ago, defines steps – including firewall and encryption requirements – merchants and service providers must take to ensure security of Visa cardholder data. Merchants that process more than six million Visa transactions annually faced the Sept. 30 compliance deadline while smaller merchants must comply by next March. Any that fail to comply face an initial fine of $50,000.

A lot of retailers were under the gun to comply with the CISP requirements, some of which are viewed as draconian, said Michael Rasmussen, Forrester Research analyst: "They require 30-day patching and a lot of things organizations aren't prepared to do."

Not only are CISP's security requirements daunting for merchants, but those which do business online also are dealing with MasterCard's Site Data Protection (SDP) program's 88 requirements, of which about 47 resemble CISP requirements, noted Pat Gilmore, a director at security consultancy InfoSecurityOne and vice-president of (ISC)2. MasterCard will begin assessing fines on large online merchants in January if they are not SDP compliant.

While Visa and MasterCard agreed to support only one network scanning program, they could agree to an overall consolidated program, said Gilmore, who is helping companies with compliance.

"Who's next? American Express and DiscoverCard? Why don't they just all get together and establish one program that all will be satisfied with?" she asked.

Visa did not respond to our requests for comment. A MasterCard spokesperson said that the company is working with Visa to find similarities between CISP and MasterCard SecureCode, an online authentication solution, and "align where appropriate."

http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.