Maximise consumer confidence through card security

Credit and debit cards are becoming more popular as payment tools for the Vietnamese. Besides helping companies increase their sales revenue and business opportunities, cards can also help businesses build greater trust among consumers.

Business outlets with the Visa logo prominently displayed tend to get more customer traffic due to increased consumer confidence. This is because the Visa logo provides a sense of trust in the products and services offered. In fact, Visa is ranked 12^th out of 100 in Barron’s 2013 list of the world’s most respected companies.

Ensuring the security of your customers’ transactions goes a long way in maintaining and enhancing the trust your customers place in your business. In its ongoing efforts to protect consumer interests, Visa, a global payments technology company that connects consumers, businesses, financial institutions and governments to fast, secure and reliable electronic payments, shared some key tips for businesses to protect their card payment transactions.

“Card security is critical to consumer confidence and success in any market, and it is no different here in Vietnam,” said Lorijon Bacchi, Visa country manager, Vietnam, Cambodia and Laos. “Visa employs multiple layers of security that work together to keep businesses safe, from anti-counterfeit features to network-based fraud detection to data security standards that help keep sensitive information secure. We are committed to leading the industry towards a more secure, trusted payment system.”

Continual improvements and upgrades have enhanced Visa’s security capabilities in recent years through its new security alert models that have augmented the speed and accuracy with which Visa detects attempted breaches in security. In fact, because of the kinds of investments and commitment to protecting cardholders and merchants, Visa’s efforts have helped keep fraud rates steady at near historic lows. With technological innovations and advances in risk management, fraud rates have declined by more than two-thirds in the past two decades.

Businesses can take further action through some basic steps and methods that can further secure payments through the Visa Security Tips. The checklist allows for a healthier payment card system through fraud minimisation, helping to win consumers’ trust.

“While payment security in Vietnam is maintained, we must stay vigilant to protect cardholder data from misuse and take additional measures through our Visa Security Tips to protect each link in our system and work with others to maintain and enhance trust in Visa as the most secure way to pay and be paid.”

VISA Security Tips

Secure networks from intrusion

Business owners should familiarize themselves with these crucial security practices that can help safeguard against network intrusion:

· Install and constantly maintain a firewall. Any time a firewall is disabled, a business places itself and its guests at heightened risk of Internet attacks and potential system compromise.

· Enable firewall logging and maintain firewall logs for one year with a minimum of three months immediately available for analysis. These audit trails are essential tools used in reconstructing system events, helping to identify suspicious network activity and in facilitating forensic investigations.

·  Make certain that anti-virus, anti-malware and anti-spyware software programs are current. Outdated security software is often found at businesses that have been compromised.

·  Implement strong access controls. Access controls will help restrict inbound and outbound traffic on known ports to only traffic necessary for the cardholder data environment.

·  Routinely examine and secure all systems and networks for unknown and unauthorized software and newly added hardware devices.

·  Use outside resources to help identify new security vulnerabilities.

Visa provides a frequently updated data security alert listing malware and IP addresses identified in forensic investigations, publicly available at www.visa.com/cisp.

Practice good password management

Data compromises have occurred when business operators left the default database password blank, allowing criminals easy access. Compromises have also occurred when access was granted to a vendor who used a default password. Good password management includes:

· Check vendor manuals and Internet resources for default settings for all devices and software. Immediately change any default settings upon installation. This includes changing default passwords to a unique, secure password, and changing default account names to custom names as appropriate.

·  Make certain that necessary security functions for all devices and software are activated.

·  Use the most recent version of remote access software and implement the security features according to manual instructions. For example:

• Ensure that vendors accessing the system remotely change default settings
• Allow connections only from specific, known IP/MAC addresses
• Use strong authentication or complex passwords for logins
• Enable encrypted data transmission
• Enable account lockout after a certain number of failed login attempts
• Configure the system so a remote user must establish a secure connection through a firewall before access is allowed
• Ensure the logging function is enabled to monitor inbound and outbound activity

·  Disable all unnecessary services.

·  Use only those payment applications and versions that have been validated as compliant with the Payment Application Data Security Standards (PA-DSS), available at http://www.pcisecuritystandards.org/.

Keep an eye on wireless security

Data thieves have become very adept at manipulating improperly secured wireless networks to steal cardholder data. Business Managers should:

·  Have a proper awareness of the security risks associated with the technology

·  Develop risk-mitigation strategies to protect computing environments — compliant with PCI DSS and the PCI PIN Security Requirements.

·   Evaluate all payment applications against the PA-DSS to ensure prohibited card data such as PINs and security codes from the magnetic stripe are never stored or logged after transactions are complete.

By instituting this approach by Visa, businesses can look to minimise fraud in the payment system by preventing it from happening. Merchants can also rest assured in protection of vulnerable card data wherever it is stored, processed or transmitted throughout the payment system, and be able to monitor and manage fraud to ensure prompt response and minimise impact to all stakeholder involved, include cardholders.