To encourage adoption of new security standards in the U.S., the most important tool is policy.
So says Eduardo Perez, head of global payment system risk for Visa Inc.
Perez has thought long and hard about the course of action necessary to bring the San Francisco payment network's security in the U.S. in line with global standards, particularly around adoption of the EMV chip card, where the U.S. has lagged.
"My career has been focused on the areas of safety and soundness and making sure we consider the policies we can promote to incent the right behavior," Perez says.
Perez draws on years of experience from the Federal Reserve Bank of San Francisco, where he was a senior examiner and financial analyst manager, and from Harvard University, where he earned a master's degree in public policy.
Perez started at Visa in 2002, first working for Michael E. Smith, who had a role similar to Perez's. Smith has since moved on to an international position in charge of risk for the Asia-Pacific, Central and Eastern Europe, the Middle East and Africa for Visa.
Perez has been instrumental in helping Visa create its external security policy, which has three legs for increasing the safety of participants in its payment network.
Those legs represent the devaluing of merchant data either at rest with the merchant or in transit to the issuer, pushing for the EMV standard and assessing fraud risk during the transaction through real-time scoring.
EMV, which stands for Europay MasterCard Visa, is a standard that is used in many countries to provide added security at the point of sale. The secure-card format is commonly paired with the use of a PIN, earning it the nickname of chip and PIN.
It's around EMV that Perez's understanding of the importance of policy is perhaps most marked, drawing on years of traveling and interacting with cultures globally, he says. One cornerstone: clear and concise language.
"I have learned throughout my career at Visa any good policy requires a lot of thought about how you communicate, explain or relate that policy to the intended audience," Perez says.
In August, Visa took a strong public stand on the need for EMV and set an aggressive timetable, along with a number of carrots and sticks that will either entice or force merchant acquirers, merchants and issuers to make chip card adoption a reality in the U.S.
Among the carrots: early incentives that include relieving merchants of the costly need to validate compliance with the Payment Card Industry data security standards if they handle at least 75% of their transactions from chip-accepting terminals by 2012.
And the sticks: By 2017, if Visa and Perez have their way, liability for not accepting chip cards will start shifting to merchants and card processors. Similar liability shifts have been among the chief catalysts for other regions moving to the chip card standard, Perez says.
"Chip lays the groundwork for a lot of the payment innovation we think is going to take place in the coming years, particularly as it relates to mobile," Perez says.
Policy-setting is not new territory for Perez. In 2006 he helped create a set of initiatives, including something called the PCI Compliance Acceleration Program, which provided incentives to merchant acquirers and merchants to get them up to snuff with PCI standards. This program provided $20 million to help merchants defray the cost of compliance validation.
The result is more than 90% compliance today. Previously compliance rates were in the teens.
Be the first to comment on this post using the section below.