Visa's Australian and New Zealand country risk manager, Ian McKindley, told ZDNet Australia exclusively the pilot would kick off with five companies within the next six weeks, before being expanded to 31 companies with e-commerce transaction volumes of more than 10,000 per month by June next year. The longer term direction of the standards push - whether it would be pushed down to merchants with 5,000 or even 2,000 transactions per month - is yet to be determined, McKindley said.
The move comes amidst intensifying concerns over the security of credit card details on the Internet, fuelled lately by the ubiquity of the bugbear worm and its design to steal credit card numbers and passwords. A leading bank security expert on Friday called for Australia's corporate community to push into biometrics as a way of preventing widespread fraud, including online hacking.
McKindley, who specialises in credit card fraud reduction, said that direction would largely be determined by the "balance between risk and reward," with the card specialist being conscious both of the impact on merchant operations of achieving compliance and the security requirements of customer data.
He declined to specify how much money Visa was spending on the trial, saying only it would cost "many, many thousands of dollars".
While the initiative was being pushed by Visa without the direct cooperation of other card brands, he said, they would also benefit from its application to the merchant community.
He said the standards could assist in preventing breaches in security caused by companies' failure to implement the latest patches, for example. "The purpose of the trial is to ensure that there is a minimum security level upheld by our merchants to ensure confidence in e-commerce and general data storage.
"It's going to be right from ensuring there is proper passport protection up to ensuring the latest version of approved firewalls are in place.
"In computing, it's often the simple things that bring you unstuck. We're taking the courageous step to do something about it".
McKindley stressed the standards would set a bare minimum and would already be far exceeded by companies such as large telecommunications players.
Visa is subsidising the compliance questionnaire and vulnerability testing undertaken by companies involved in the pilot, with the cost structure for a more widespread deployment yet to be determined. The program is being rolled out in several countries worldwide, with the United States in line with the Australian deployment and Canada further ahead.
McKindley denied that the aim of the service was to provide merchants with a marketing tool, saying surveys had revealed that those who advertised their participation in such a scheme were likely to make themselves targets for hackers.
He said it was yet to be determined what sort of monitoring of ongoing compliance with the standards would be implemented. "It depends on reaction of merchants," he said.
Gee guys.. Maby if you started investigating and prosecuting the frauders for once, they might actually have a reason to stop trying!