"Trust is emerging as one of the critical business issues of the 21st century," Coghlan told the audience. "Data security must move out of the back office and into the boardroom. Corporate officers must apply the same rigor to data security as they do to their financial controls."

The summit, co-sponsored by Visa USA and Harvard Business School Publishing, was convened to discuss specific measures that can be taken to better protect cardholders and maintain trust in the payment system. Five panels were assembled to cover topics related to securing customer trust, recovering from data compromises, the balance between technology and convenience, fighting data crimes globally, and the role of government. Additionally, Meg Whitman, President and CEO, eBay Inc. shared her thoughts on data security in a keynote address to the broad audience.

Role for All Participants

A common resolve to ensuring customer trust by staying ahead of today's data thieves was stressed as various participants shared their own perspectives on the topic. "Our job is to make sure that trust is protected. And achieving that goal requires unity of purpose. We must work together," said Coghlan.

The idea that today's data security investments can help ensure customer trust into the future was a theme echoed throughout the day. "More than ever before, consumers are demanding that the businesses with which they transact will deliver on their expectations of iron-clad data security," Coghlan said. "Every time the criminals succeed, the most valuable asset they steal isn't money -- it is trust."

Upside to Security

Coghlan encouraged the audience to consider the potential upsides to investing in data security for their businesses.

"There is more to security than just protecting downside losses. There is an upside as well," Coghlan observed. "As surely as data security lapses can lead to loss -- the reverse is equally true. There is enormous opportunity for businesses to use trust as a way to differentiate themselves and, consequently, to build client loyalty and grow more rapidly."

A new Javelin Strategy & Research poll released today shows that 85 percent of consumers would likely increase their shopping at a store if they knew it was a leader in devoting resources and technology to protecting its customers' personal account data.

Visa's Efforts

Looking at the challenge of data security breaches, Coghlan declared that, "there is much we can do to prevent them."

"Companies that adhere to the Payment Card Industry Data Security Standard significantly reduce their vulnerability to a compromise," he said. "In fact, the majority of compromises stem from a consistent set of practices that include the storage of prohibited data and using vulnerable payment applications. Becoming PCI compliant would remediate these obvious sources of vulnerability."

Since 2001, Visa has required any entity that touches data to be compliant with industry security standards. "In the last year, PCI compliance among the largest merchants doubled, from less than 15 percent to more than one-third," observed Coghlan. "We applaud those entities that are already making the necessary investments in data security. But that still leaves us -- today -- with less than half of the top merchants as certified compliant. That is simply not good enough -- and that is why we are moving forward with new approaches to convince merchants to accelerate their efforts to comply with these important standards."

This past year, Visa launched the PCI Compliance Acceleration Program, a $20 million program that combines both incentives and penalties as a means of growing industry compliance levels. As part of the program, Visa is adopting a new policy related to interchange fees. Visa's best interchange rates will only be available to merchants through their acquirers if they validate PCI compliance by September 30, 2007. The impact to tiered merchants varies from $250,000 to more than $20 million depending on the merchant's qualifying Visa volume. "It is our hope that these programs will provide powerful, market- based incentives for all entities to get compliant and stay compliant," Coghlan said.

New Technology Pilots

At the same time, Coghlan signaled the company's intent to forge ahead with new technologies that are designed to drive down system-wide fraud. He specifically outlined a promising approach using dynamic information in the transaction aimed at rendering card data useless to criminals. "Current fraud tools rely on static information, such as card verification codes, PINs or passwords, and these tools have been very effective," he observed. "But criminals aren't static. In the future, our system will have to rely on more adaptive forms of security." Similar technologies are already in use on all Visa Contactless cards.

Visa will be working with issuers and merchants to pilot these new forms of dynamic authorization in the coming months and any solution must have industry-wide participation to be successful. "New solutions will require adoption by merchants and processors, and issuance by financial institutions," Coghlan noted. "There must be a shared commitment to prevention at all points in the transaction from swipe to settlement."