All the latest UK technology news, reviews and analysis
|
|
|
19 Jan 2006
Analyst firm Gartner has slammed efforts by Visa and MasterCard to improve the security of web-based payments.
Both credit card providers are making inroads into bolstering the security of online payments, but their programmes are far too complicated for most merchants, according to Avivah Litan, a research vice president at Gartner.
"Enormous confusion remains among retailers at all levels about how to navigate the Payment Card Industry's complex processes," Litan wrote in a research note.
The PCI Data Security Standard (PDF) defines a series of 12 basic security requirements for merchants, ranging from the need to run a firewall to the tracking and monitoring of all access to network resources and cardholder data.
Although PCI compliance is mandatory, most smaller merchants are not yet participating in the programme.
Litan recommended that Visa and MasterCard should "begin a serious and comprehensive effort to make PCI practical and helpful for retailers and other card-accepting companies".
The complexity of the PCI compliance process will prevent merchants from adopting new consumer security programmes such as Verified by Visa or MasterCard's SecureCode, the analyst warned.
Both programmes allow for improved authentication for online payments by requiring consumers to use a password in addition to entering the credit card number.
Merchants have to enrol in a special programme to be able to handle the secure payments, and PCI compliance is one of the criteria that they have to meet before enrolling.
Merchants have a financial incentive to join the programme as the secure payments will result in fewer charge backs. Visa and MasterCard also offer reduced transaction fees for participating merchants.
But Litan warned that the financial incentives will not be enough to entice merchants to adopt the programme.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Order Processing Specialist - 12 Month Fixed Term Contract...
Great opening with one of the worlds leading information...
JAVA J2EE Developer required with RIA, web services...
Hi, Job Title : Linux Admin Location : Brussels...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
PCI the TRUTH!
CreditCall has just achieved the world?s first trans-regional PCI compliance. It has cost a huge amount to achieve, in both time and money to our company. We are now at a disadvantage commercially, as our competitors are ignoring the rules and the card acquirers & card schemes are; a) not taking a tough enough line and; b) the lower rates are a fantasy! We undertook PCI to protect our customers & cardholders. Do not expect any advantage by being PCI compliant. Until VISA & MasterCard reward those that are and switch off those that are not the whole system is flawed. As always the same deal...if you process enough transactions they will turn a blind eye and take the money.
Posted by: Nick McGarvey 26 Jan 2006