Banking on honesty: where does the e-buck stop?

Visa has revealed to silicon.com plans to hold acquiring banks - those financial institutions that enable vendors to accept credit card payments - responsible for safe online transactions. On one hand, this is a move that should be welcomed.

The recent Powergen episode which saw 7,500 customer account details - including debit card numbers - exposed on the web was a wake-up call. The relevant industry regulator Ofgem chose not to take any action, while the first reaction of the Data Protection Commission (DPC) was to say it was too busy to act. Even on a good day it would only have been able to take action after issuing a warning.

So it's good to see Visa picking up the loose ball. It understands something needs to be done.

But think about it - banks taking responsibility for wayward merchants?

A likely result of this approach will be acquiring banks drawing up strict e-competency rules for retailers and others. It isn't hard to see them passing on any penalties handed down by Visa, or MasterCard, or JCB, or whoever decides on this course of action.

Banks are already conservative when it comes to letting certain SMEs accept credit card payments, as we've reported before ('NatWest slammed for failing high-tech SMEs' http://www.silicon.com/a36437 ). So what will happen when every company online has to prove its competency?

Assuming vendors have promised they can look after confidential online information, will the same penalties passed on to a multinational oil company or retailer be passed on to a niche ecommerce outfit with a staff of three?

Perhaps clarification of any scheme will answer these questions. Or perhaps a more suitable solution would be for the DPC to be given more power, making sure we all take responsibility.