March 23, 2009
-
News: Visa Credit Card Security Moves Forward.
With large scale credit card breaches still out of check, VISA is ramping up even further initiatives. Australia's recent breach continues to remind us that there's still work to be done. So, in addition to the new PCI DSS standard in early implementation, VISA is setting out to further buttress up additional credit card security measures. Complacency here, is not an option and the disillusioned public mustn't just sit back and accept that this is the way things are going to continue. Large-scale credit card breaches must be brought under control.
Many people are laying the blame on PCI standards because they can't stop these breaches. It's important to understand, explain the VISA security experts, that PCI compliance is a giant step in the right direction but, by itself, it does not pose as the end-all cure for credit card theft or fraud. It's just a major step to umbrella the huge exposure exhibited by the sheer size of the credit card industry.
Further steps are required above the credit card baseline that PCI provides. So now, VISA is testing a few new initiatives to further enhance credit card security. One of these is the time-tested method of ‘challenge-response'. This method has always been successful in warding off security breaches. It involves a person's requirement to respond to a challenge to prove who they are. In the case of credit cards it would mean something like providing personal information like part of a phone number in order to initiate a transaction.
The second initiative involves ‘biometrics'. Biometrics are metrics of a person's personal body. These are things like fingerprints, voice recognition, iris retinal scans and face recognition. This ultra-sensitive information can be encoded into a credit card's magnetic strip like is currently being used for e-passports. VISA is opting for fingerprinting. There is an on-going effort to implement this technology into credit card security. The opposition contends however that, exposing this type of data electronically creates the greater threat of identity theft for all things.