FOSTER CITY, Calif., Nov. 1 /PRNewswire/ -- In a move to heighten confidence in online commerce, Visa U.S.A. today announced "Visa Secure Commerce", a series of online security measures that, taken together, protect cardholders and merchants alike -- from the start of an online transaction to fulfillment of an order. The latest elements to be added to the Visa Secure Commerce program include a new payer authentication service and an alliance with Atlanta-based Internet Security Systems (Nasdaq: ISSX) to help online merchants comply with Visa's data security requirements.

"The only way e-commerce will continue to grow is if consumers feel secure using a merchant's site and if merchants are confident that they're dealing with a legitimate cardholder," said Carl Pascarella, President and CEO, Visa U.S.A. "While our current security programs have kept card fraud to historic lows, Visa Secure Commerce will continue to add new layers of protection to ensure we stay one step ahead of the criminals."

Visa has a vested interest in online security. Payment cards now account for some 95 percent of online transactions, and Visa accounts for some 52 percent of the payment card portion. What's more, e-Visa, Visa's Internet unit, expects 10 percent of Visa's overall transaction volume to come from Internet purchases by 2003, up from 2 percent today. Maintaining a high degree of confidence and trust in the Visa brand is central to building e- commerce volume for banks and merchants. As a result, Visa will continue to invest in protecting all participants in the Visa payment system. Unlike other security products that seek to address a single element of an online transaction, Visa's holistic approach offers an arsenal of end-to-end solutions.

Internet Security Systems Alliance

Earlier this year, Visa published data security guidelines for online merchants that accept Visa for payment. These guidelines help ensure that merchants are adequately protecting cardholder data. Visa is working with Internet Security Systems to launch an electronic monitoring program to test that e-merchants and Internet service providers meet Visa's cardholder information security requirements to protect data from hackers. By mid-2001, online merchants that accept Visa-branded cards must have Visa's data security requirements in place -- ranging from adopting high-tech data firewalls to designating information security officers and encrypting stored data.

In November, Visa and ISS will begin electronic compliance monitoring, where participating merchants will volunteer for mock attempts to compromise their networks and databases to ensure the security of their high-tech firewalls.

"While consumers are already protected by Visa's zero liability policy, the new electronic compliance monitoring program should give them increased peace-of-mind that their cardholder information is being adequately protected at the merchant," said Pascarella. "We're pleased to be working with one of the most respected Internet security organizations to provide this additional layer of protection."

Payer Authentication

Visa's payer authentication service will enable the card issuer to confirm their cardholder's identity to the merchant during the virtual checkout process. This will be accomplished by using a password that the cardholder registers with his or her card issuer. Enabling merchants to verify the cardholder's identity will deal a significant blow to criminals seeking to use lost or stolen card numbers online. What's more, the service will minimize the potential for customer disputes. Visa is pilot testing the service at select merchants and will expand payer authentication participation throughout 2001, with a goal of reaching the top 100 online shopping sites.

The Visa payer authentication service will not require major changes by merchants, processors or Visa member financial institutions. For consumers, impact at checkout will be minimal. Cardholders will continue to shop online as they do now, adding items to a virtual shopping cart, proceeding to the merchant's checkout page. Once the "buy" button is clicked, the authentication process creates a window to confirm the cardholder's identity by requesting the registered password (stored only at the card-issuing bank) and then transparently passes a notice of authentication from the card issuer to the merchant.

The payer authentication process was designed to take advantage of the data storage and processing capabilities of the recently announced smart Visa chip platform.

Visa expects to announce additional elements of the Visa Secure Commerce program in the coming weeks.

About Visa U.S.A.

Visa U.S.A. is the leading payment brand and the largest payments system in the United States, with more volume than all other major payment cards combined. Visa U.S.A. plays a pivotal role in advancing new payment products and technologies to benefit its 14,000 U.S. member financial institutions and their cardholders. There are more than 344.7 million Visa credit, commercial and check cards, which generate more than $765 billion in annual transaction volume. Visa-branded cards are accepted at over 19 million locations worldwide, including some 500,000 ATMs in the Visa/PLUS Global ATM Network.

About Internet Security Systems (ISS)