Payment card fraud rates are near "historic lows" today even with the economic situation and some high-profile data breaches, proclaimed Ellen Richey, chief enterprise risk officer with Visa (San Francisco). Richey also emphasized to attendees of Visa's Global Security Summit that there was still need for continued industry investment and collaboration to keep the electronic payment system secure in the future.
"Massive investments and innovative solutions have kept fraud rates near an all-time low," said Richey. "The best way to build on this track record is by having all players in the payment system share responsibility and maintain their investments in security—even during these times of economic challenge."
Richey also noted some of the recent security compromises and reminded the audience that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is still the best means to guard against theft of cardholder data and the best protection for businesses against unwanted intrusions. However, she said PCI DSS must be an ongoing effort and that meeting the minimum annual requirement is not enough.
"PCI DSS remains an effective security tool when implemented properly—and remains the best defense against the loss of sensitive data. No compromised entity to date has been found to be in compliance with PCI DSS at the time of the breach," she said.
To further drive home the problems faced by the card business around security, Visa released findings of a survey that showed many consumers are avoiding merchants they may perceive as not being capable of protecting their data. According to Visa, of the 800 U.S. credit and debit cardholders surveyed February 3 to 5, 2009, 59 percent said they had decided not to make an online purchase at a particular website because they did not trust that site. Another 49 percent said they had opted not to shop with a merchant they did not recognize, for fear of having their personal data stolen.
Richey outlined four priorities she thinks will be critical for the future security of the payment industry: accelerating global data breach preparedness with greater PCI DSS compliance; actively engaging consumers in the process of protecting their data; increasing collaboration across the payment system to close security gaps and share critical information more quickly; and reducing the value of stolen data through investment in new authentication measures.