Visa U.S.A. Teams with Internet Security Systems To Tighten e-Commerce Security Program
Alliance Represents Key Component of 'Visa Secure Commerce' Program; Aimed at Protecting Merchant and Customer Data from Hackers
November 02, 2000 07:47

FOSTER CITY, Calif. and ATLANTA, Nov. 2 /PRNewswire/ -- Visa U.S.A. announced today an alliance with Internet Security Systems (ISS) (Nasdaq: ISSX), a leading provider of security management solutions for the Internet, to test Visa's newly-developed Electronic Compliance Monitoring (ECM) program. Visa's ECM program aims to verify that e-merchants and Internet Service Providers (ISPs) meet Visa's online data security requirements in order to protect cardholder data from hackers. This program is a key component of the overall "Visa Secure Commerce" program also launched today, a series of online security measures that protect cardholders and merchants from the start of an online transaction through securing of cardholder data after an order is fulfilled.

"Our work with ISS builds upon the cardholder data security requirements Visa published earlier this year, which help ensure that merchants are adequately protecting cardholder data," said Steve Ruwe, executive vice president, Operations, Visa U.S.A. "The availability of electronic compliance monitoring allows e-merchants to take security for the e-commerce environment a step further, and more accurately identify and minimize security risks."

Later this month when the ECM testing begins, e-merchants will be able to thoroughly assess the security of their systems on an ongoing basis. Internet Security Systems will provide routine vulnerability monitoring through a remote, managed security service that utilizes mock attempts to compromise merchants' networks, systems and databases. During this first phase of implementation, ISS will utilize its market-leading network vulnerability assessment technology and managed security assessment service to remotely test a battery of merchants' internal and external security measures. Each testing phase is meant to measure merchants' compliance with Visa's stringent data security requirements.

During these "mock hack" attacks, ISS will check hundreds of vulnerabilities related to external "hacking" as well as hundreds of security risks from within the merchant organization. As routine security assessments are performed, Internet Security Systems will provide detailed summaries of security risk exposures and prioritized compliance information to minimize security risks. In addition, program participants will be automatically eligible for cyber-insurance coverage through ISS' risk partner, Marsh (NYSE: MMC), the world's leading risk advisor and insurance broker.

"Our partnership with Visa is a significant leap forward in delivering a powerful and easy mechanism to e-merchants for facilitating continuous security improvement and ensuring the protection of millions of cardholders worldwide," said Tom Noonan, president and chief executive officer of Internet Security Systems. "We are thrilled that Visa has recognized Internet Security Systems as a trusted security provider to deliver the managed security services their e-merchants need to secure their infrastructures and ensure safe and effective e-business."

e-Merchants are concerned about site security and are constantly looking for new ways to verify security and fend off hacking attempts. Similarly, there are many new e-merchants that are just learning about accepting and securing online transactions. Internet Security Systems will provide merchants with two levels of ongoing assessment services. The first level, external assessments, help to analyze merchants' security from an outside perspective, while the second level includes more thorough analysis of the their business system infrastructures and security policies. Visa e-merchants will also gain access to ISS' market-leading line of SAFEsuite security management software and Managed Security Services to help them meet the requirements of Visa's plan.

By mid-2001, online merchants that accept Visa-branded cards must have Visa's data security requirements in place -- ranging from adopting high-tech data firewalls to designating information security officers and encrypting stored data.

About Visa U.S.A.

Visa U.S.A. is the leading payment brand and the largest payments system in the United States, with more volume than all other major payment cards combined. Visa U.S.A. plays a pivotal role in advancing new payment products and technologies to benefit its 14,000 U.S. member financial institutions and their cardholders. There are more than 344.7 million Visa credit, commercial and check cards, which generate more than $765 billion in annual transaction volume. Visa-branded cards are accepted at over 19 million locations worldwide, including some 500,000 ATMs in the Visa/PLUS Global ATM Network.

About Internet Security Systems (ISS)

Internet Security Systems (ISS) is a leading global provider of security management solutions for the Internet. By providing industry-leading SAFEsuite(R) security software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to its customers, protecting digital assets and ensuring safe and uninterrupted e-business. ISS' security management solutions protect more than 6,000 customers worldwide including 21 of the 25 largest U.S. commercial banks, the top 10 telecommunications companies and more than 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at <http://www.iss.net> or call 888-901-7477.

Internet Security Systems is a trademark and SAFEsuite is a registered trademark of Internet Security Systems, Inc.

SOURCE Visa U.S.A.; Internet Security Systems