Visa said its decision was based on combating on-line fraud and on boosting consumer confidence in e-commerce. The new requirements will be phased in world wide over the next year. They will be mandatory for all ISPs assisting Visa transactions by the end of this year, and for all on-line merchants by the end of 2001.
Although the detail of the requirements is not yet known (it is expected in a few weeks), they range from educating employees on security procedures to implementing secure firewall and encryption technologies. Enforcement is expected to involve fines, restricting the value of sales that individual merchants can process, or terminating their Visa membership.