Christopher Rodrigues: Secure payments

Technology and cooperation are key to global data security, says Christopher Rodrigues

In the time it takes to read this sentence, Visa’s worldwide payments network will have processed more than 3,000 transactions. By 2010, the Visa network will be processing about 160 million payments, valued at more than $12 billion, on any given day. Some of those transactions will be yours, and you will expect them to be settled securely and accurately down to the last dollar, euro or Swiss franc.

Our challenge, every second of every day, is to connect millions of buyers and sellers quickly and securely. It is a matter of trust: by consumers that when they buy an item, we will complete the transaction; and by merchants that they will be paid quickly. Finally, it is trust by our members that their accounts will be settled accurately each day. However, especially important is the trust that consumers place in the information system and the belief that the system will keep their data safe and secure.

Recent research, including a global survey by Visa International, shows that people are increasingly concerned about information security and want their concerns addressed. That solution is embodied in two words: technology and cooperation.

There have been tremendous technological advances in payment systems in recent years. Anyone who has received a call asking if they had purchased something in a city they never visited or a store they never patronized is a beneficiary of neural-network technology. This enormously-sophisticated technology flags unusual spending patterns so that our member banks can refuse to authorize transactions they suspect are fraudulent.
Consider the case of Roman Vega. This Ukrainian citizen was indicted on 40 charges of alleged credit-card trafficking and wire fraud in California in June 2004 after having been extradited from Cyprus. A Visa member bank, with the help of the Visa system, had identified a suspicious surge in volume at one of its small Cyprus merchants. This vigilance touched off a series of events that resulted in Vega’s arrest. Today, he is remanded in custody facing trial. He has denied all charges.

Collaboration

Technology can do much to apprehend those suspected of fraud, but criminals are innovative too. They are always probing to find the most vulnerable point in a system. Although technology is important, it is only part of the solution. To be effective, technology needs to be employed in a collaborative partnership by all parties in the payment system. We must work together as an industry if we are ever going to address the public’s growing concerns over data security. All parties in the payment-system chain must share the responsibility of protecting information.

As leaders in our industry, we are committed to helping anyone who uses data to understand how to keep the information secure. We are working with all stakeholders to reinforce three data security imperatives:
»detect what data you have, because you cannot protect what you don’t know you have;
»restrict access to data on a “need-to-know basis”;
»protect data sent across public networks or in your own systems by implementing effective security policies.
Detecting, restricting and protecting sensitive information can go a long way towards sustaining a payments system that people trust. At the same time, fraud origination needs to be contained and mitigating actions put in place to minimize the impact of any breach.

No phishing

The public also has a role to play in data security. Consumers need to know how to protect their sensitive information. This is why we started an educational programme to inform consumers about the potential dangers of emails asking for personal information – a threatening practice known as “phishing”.

What can we do as an industry to harness the intent, the capabilities and the resources we each have individually more effectively?

Last year, Visa, MasterCard, American Express and other payment brands adopted a common set of data-security requirements. It is a good first step. We can also strive for greater international collaboration to ensure that criminals are brought to justice and face tougher penalties for their crimes. The internet and tumbling phone-call rates may be bringing our world together, but the fact remains that criminals still use national borders to hide from prosecution. This is why we support international efforts to ban trafficking in stolen card data.

Common defence

We are also working to support a forum that brings together all stakeholders in the payment chain to create an objective, stand-alone entity to manage data security issues for the industry. It is a bold idea that requires an unusual degree of cooperation among stakeholders that are otherwise fierce competitors. This new entity would offer a “best-practice” certification to merchants and other stakeholders that meet strict industry-security standards.

It is clear that the issue of data security must be addressed now and we are open to any suggestion that holds promise. However, one thing is clear. Given the lengths to which criminals will go to undermine electronic payments systems, we must work closely and creatively to defend against the threat of attack.

In far simpler times village shopkeepers would always help apprehend a thief, even if that criminal was stealing from a competitor. Each merchant knew the true threat was not the individual criminal, but the larger culture of crime.

Today, in our modern, interconnected world, criminals are using advanced technology to find and exploit points of weakness in our payments system. None of us is secure if any part of our global marketplace is at risk. Only by working together can we maintain the trust our system depends upon.

CV Christopher Rodrigues

Christopher Rodrigues is president and chief executive officer of Visa International.