Analyst firm Gartner
has slammed efforts by Visa
and MasterCard to
improve the security of web-based payments.
Both credit card providers are making inroads into bolstering the security of
online payments, but their programmes are far too complicated for most
merchants, according to Avivah Litan, a research vice president at Gartner.
Advertisement
"Enormous confusion remains among retailers at all levels about how to
navigate the Payment Card Industry's complex processes," Litan wrote in a
research note.
The
PCI
Data Security Standard (PDF) defines a series of 12 basic security
requirements for merchants, ranging from the need to run a firewall to the
tracking and monitoring of all access to network resources and cardholder data.
Although PCI compliance is mandatory, most smaller merchants are not yet
participating in the programme.
Litan recommended that Visa and MasterCard should "begin a serious and
comprehensive effort to make PCI practical and helpful for retailers and other
card-accepting companies".
The complexity of the PCI compliance process will prevent merchants from
adopting new consumer security programmes such as
Verified
by Visa or MasterCard's
SecureCode,
the analyst warned.
Both programmes allow for improved authentication for online payments by
requiring consumers to use a password in addition to entering the credit card
number.
Merchants have to enrol in a special programme to be able to handle the
secure payments, and PCI compliance is one of the criteria that they have to
meet before enrolling.
Merchants have a financial incentive to join the programme as the secure
payments will result in fewer charge backs. Visa and MasterCard also offer
reduced transaction fees for participating merchants.
But Litan warned that the financial incentives will not be enough to entice
merchants to adopt the programme.
Do you agree?
Have your say on this article