Visa - customer data theft neither random nor unavoidable

Very revealing speech last week by John Coughlan, Visa USA's CEO, who insists that the technology is available to prevent cardholder data falling into the wrong hands.

In a speech at Visa's security summit in Washington late last week, Coughlan said that cardholder data breaches are neither random nor inevitable if proper security measures are taken.

The TJX (TJ Maxx) data hack, he said, "was a stark reminder to all of us that such events can have vast reach and consequences."

According to Coughlan, such hacks can create mistrust and undermine efforts to build a positive brand image. But, he said, the majority of system compromises result from the storage of prohibited data and using vulnerable systems to process data.

To tackle the problem of card fraud, Visa and MasterCard have developed the Payment Card Industry (PCI) data security standard, but, at the Visa event, it was revealed that only level 1 merchants - i.e. the really big ones - have to undergo an on-site PCI audit.

Even so, only around a third of Visa's major global card processing merchants are using PCI.

Because of issues like this, Visa is developing a new online card technology called dynamic CVV, under which each online transaction uses a different and one-time-use CVV, which is generated securely by the card issuer.

According to Visa, not only does dynamic CVV prevent the re-use of CVVs, but it also flags up ant re-use attempts and, because the original usage was one-time-only, Visa can work out where the fraudulent card data originated from - neat, or what?...