Visa, MasterCard fall short in explaining database security requirements

Visa and MasterCard have not done enough to explain to online retailers the card industry standards for protecting databases of customers’ confidential information, Bob LaGarde, CEO of e-commerce platform provider LaGarde Inc, tells InternetRetailer.com. “Although I applaud the premise of the card associations’ efforts with regard to data security, their execution is far short of acceptable,” he says. “There’s just far too much confusion.”

Many merchants believe that if they pass an audit of their data security, their databases are secure, LaGarde says. But often the auditors don’t fully understand the standards they’re evaluating, especially if the audit is done by representatives of the retailers’ merchant banks, he says.

“Even for somebody who has a professional job that involves data security, some of the stuff is complicated,” he says. “Someone whose primary background is financial services is ill-equipped to do this.”