Stamp out FRAUD

American Express Co., Morgan Stanley's Discover Financial Services division, MasterCard Inc., Visa International Inc. and Japan's JCB Co. formed an independent group to help prevent debit- and credit-card fraud.

PCI Security Standards Council LLC will maintain worldwide security standards to protect accountholders' data and produce a list of qualified security-service providers on its Web site, the companies said today in a joint statement.

Merchants and other business partners may face fines if they're out of compliance with the rules, which mandate such security measures as maintaining computer firewalls and changing vendor-supplied defaults for system passwords.

Retailers including BJ's Wholesale Club Inc. and Retail Ventures Inc.'s DSW Shoe Warehouse have been the target in recent months of identity thieves who obtained information including credit-card numbers. The card companies said today the council will help blunt such attacks by making merchants conform to a uniform policy, erasing confusion caused by different regulations at each of the companies.

'By giving everyone in the payments chain a clear single standard it makes being compliant much more simple,' Rob Tourt, vice president of network services for Discover, said in an interview. 'As technology changes, we also need a body to react quickly with one voice to emerging threats.'

Each card brand will be responsible for making sure its business partners adhere to the standards, Tourt said.

The single set of standards will also help lower costs for merchants, payment processors and financial institutions, the companies said.

Other rules include encrypting the transmission of cardholder data over public networks, regularly updating anti-virus software and assigning a unique ID to each person with computer access.