Visa and MasterCard Security Requirements

Forum Moderators: buckworks

Message Too Old, No Replies

Visa and MasterCard Security Requirements

Larry Howard

7:05 pm on Mar 23, 2006 (gmt 0)

Just received a letter from NOVA stating that our web site does not meet the security requirements set forth my Visa and MasterCard and adhered to by the NOVA Network for all electronic commerce merchants.

NOVA does not tell me what is missing in their letter.

I did see while doing a test purchase that a "Security Alert" screen came up that said "The name on the security certificate is invalid or does not match the name of the site".

Can you give me some guidance as to what more is required for security on our web site so we may function?

Thank you.

LifeinAsia

7:11 pm on Mar 23, 2006 (gmt 0)

Go to visa.com and search for "self-assessment" Follow one of the first results to get the CISP requirements for accepting Visa.

If you have an invalid security certificate on your site, I'd be willing to bet you have a lot of other non-compliance issues.

bunltd

7:22 pm on Mar 23, 2006 (gmt 0)

An SSL cert is issued to a specific domain: www.yourdomain.com is different from yourdomain.com.

If your cert is issued to www.yourdomain.com and you visit [yourdomain.com...] you'll see the warning that the name doesn't match. Quickest way to fix this is to redirect all the non-www requests to www. (although I've seen sites that are the other way around that don't use www)

Hope that helps.

LisaB