Home | Member Login | Contact | Blog
 

About SPVA

The Secure POS Vendor Alliance (SPVA) is a non-profit organization that works with multiple stakeholders of the payment value chain.
Vision
Mission
Board Members
Management
Spokesperson
Corporate Governance
SPVA Members
Technical Working Groups

Overview

Founded by the three largest players in the payments industry, that is, VeriFone, Ingenico and Hypercom, the SPVA mission is to enhance the security elements of payment solutions which protect cardholder information and defend merchants and acquirers against security breaches, while reducing fraud and lowering risk for all electronic payment stakeholders.

The initial charter of the SPVA focuses on standardized implementation of existing security standards, security of the payment device lifecycle, and security threat analysis and intelligence.

A major objective of the SPVA is to foster widespread compliance with existing security standards (PCI Security Standards Council, EMVco, domestic card schemes) by making sure they are properly implemented.

SPVA members already work closely with these standard bodies and expect to offer a more unified support to these organizations going forward, while giving visibility regarding business intelligence for merchants.


SPVA Structure

To drive this initiative to define and prioritize strategy and activities, the SPVA encourages all payment industry stakeholders to participate in this initiative by joining the SPVA, contributing their expertise and sharing their views.

The SPVA is governed by a Management Committee consisting of five Directors. These Directors are all highly experienced managers within their member organizations. Currently, the Management Committee is made up of the three members (VeriFone, Ingenico and Hypercom) and two elected members who represent secure POS vendors and organizations involved in the delivery of solutions or services for the payments industry.

These vendors and organizations can become members AND all are eligible to be elected to serve on the Management Committee and contribute to Technical Working Groups. Membership types are classified as General Members and Associate Members.


Providing Visibility & Understanding: The Technical Working Groups

The main contribution and guidelines the SPVA can provide the payment industry with will be achieved through the efforts of working groups focused on key industry issues.

Each Technical Working Group works on a per-project basis bringing together specialists from each of the SPVA members companies. Through regular meetings, these teams liaise to develop the outputs required to design recommendations and solutions that would be impossible without such industry cooperation.

Through their participation and leadership on Technical Working Groups, SPVA members can contribute to enrich and develop future security guidelines and acquire first-hand knowledge of current security threats.


SPVA Priorities

Four critical issues have been identified. A Technical Working Group will be established to cover each of:

  • Standardized Implementation of Existing Security Standards
    Goal is to release a common interpretation of existing security standards and publish collective implementation guidelines
  • Security of Payment Device Lifecycle
    Goal is to develop an end-to-end lifecycle security guideline to:
    • Ensure security during all the complete POS terminal lifecycle - from manufacture through deployment, field maintenance and application software upgrades and eventual end-of-life and removal and secure destruction
    • Manage digitally signed applications
    • Provide mechanisms to track and manage devices, to ensure security compliance and respond to new threats
    • Create development, manufacturing/supply chain, deployment and repair security standards and audit procedures
  • Security Threat Analysis and Intelligence
    Goal is to provide education and resources to educate members and payment industry stakeholders regarding the current threats and ways to mitigate them
  • End-to-End Security Transactions
    Goal is to create an industry encryption framework of cardholder data utilizing hardware level security module capabilities of secure payments systems to adequately secure cardholder information before it enters the application environment

Encouraging Implementation of Solutions Compliant with SPVA Standards

Merchants that choose “solutions that comply with SPVA guidelines” will be assured that they are providing consumers with the highest level of security currently possible and protection against future threats. They will be able to more easily comply with current industry security mandates, such as PCI, and compliance with individual card brand rules. This will reduce their risks and insure their investments against future changes to security requirements.

Acquirers that choose to deploy solutions that comply with SPVA guidelines will significantly reduce their risk of security compromise. Because they will require secure POS vendors to provide a more proactive and comprehensive security mechanisms and tools, they will be able to quickly respond to current and future security threats as they develop.



Sitemap | Privacy Policy | Legal © 2009 Secure POS Vender Alliance. All Rights Reserved.