Home | Member Login | Contact | Blog
 

Point of View


Twitter Logo

Linked In Logo

RSS Feed Logo

Blog Archive

Tags

Display as : cloud | list

  • Everyone's Talking About EMV

    2/1/2012 11:47:32 PM

    EMV has been a hot topic in the U.S. of late as a growing number of American financial institutions adopt EMV-enabled chip cards they claim are the future of secure payments. However, some argue the technology may be outdated by the time it’s implemented.

    For more than a decade, EMV (Europay, MasterCard and Visa) cards have been widely embraced across the globe as a means to reduce credit card fraud. The U.S., however, has been slow to adopt the technology, mainly due to expenses related to converting EMV-compliant credit and debit cards and cash registers. That is now changing. Visa recently announced plans to speed the adoption of EMV contact and contactless chip technology in the U.S., offering incentives to merchants and processors and the promise of increased card security to banks and other card issuers. In addition, MasterCard introduced a comprehensive roadmap this week focused on EMV adoption in the U.S., while several banks and credit unions have announced the addition of EMV chips to the credit cards they offer.

    Response to the EMV push has been a mixed bag. Some retailers are embracing the technology as the next step toward a new world of payment transactions, while others are questioning why they are being asked to upgrade to an old technology instead of preparing for a more modern approach to payments.

    “EMV is 20 year-old technology that already has known deficiencies—no security for online use, no security of the card number and susceptible to man-in-the-middle attacks,” said Trinette Huber in a recent Convenience Store Decisions article. Huber is manager of information privacy and security for Sinclair Oil’s PCI program. “U.S. merchants want the next generation of EMV—one that protects the card number so that PCI compliance requirements are thrown out, and one that addresses online fraud. Let’s update that technology and do full card encryption. Then the return on investment would be worth it.”

    Despite some of these merchant concerns, industry experts welcome the EMV migration. SPVA member VeriFone, for example, says the move to EMV will help further reduce the potential for fraud.

    “With the coming shift in liability for fraud costs, and in light of growing evidence that card fraud is increasingly migrating to non-EMV countries, VeriFone encourages earliest adoption of this critical payment technology to assist in building a complete defense against criminal elements,” said VeriFone in an official statement.

    So what do you think? Is the U.S. ready for chip and PIN payment card authentication? Is EMV is the future of the secure payments industry?

     


    Full story

    Comments (0)

    Steven Hughes

    Message from Steven Hughes

    payment industry trends EMV PCI EMV, Europay-MasterCard-Visa intergrated circuit cards

  • Security a Top Priority for Retailers

    1/19/2012 10:11:20 AM

    With data breaches and skimming incidents already garnering headlines in 2012, it’s perhaps no surprise that secure payments was a hot topic among attendees at the National Retail Federation’s 101st Annual Convention & EXPO this week. As a growing number of smartphone makers unveil NFC technology that transforms mobile devices into wallets – and more consumers replace their traditional wallets with those of the virtual variety – concerns over security threats are likely to grow.

    The rapid development and deployment of mobile payment technologies has certainly been a source of concern for those of us in the secure payments field. According to the 2011 KPMG Mobile Payments Outlook, a survey of nearly 1,000 global executives in the financial services, technology, telecommunications and retail industries, 83 percent of the respondents believe the use of cell phones for financial transactions will be a mainstream practice within four years. And 46 percent claim mobile payments will be common in the next two years. Also of note, 58 percent said they already have a mobile payments strategy in place.

    As a response to this growing trend, the PCI Security Standards Council recently expanded its PIN Transaction Security (PTS) program guidelines to include all payment card acceptance devices, including those optimized for mobile devices. Previously, the program only applied to devices that accepted a PIN. The updated requirements address secure card readers, further facilitating the use of open platforms, such as mobile phones, to accept payments. So now, merchants looking to use magnetic stripe readers (MSRs) or plug-ins can ensure the devices have been tested and approved to encrypt data before it reaches the device. The new guidelines provide device manufacturers with a consistent set of data security and encryption standards. 

    As many of you know, achieving and maintaining security is vital in the payments industry. The complexity of mobile payment technology has certainly introduced new risks and threats that may affect the security of cardholder data. That’s why it is more important now than ever for participants in the field to understand and support a uniform and widely understood compliance standard.  

    Full story

    Comments (3)

    Steven Hughes

    Message from Steven Hughes

    payment industry trends compliance mobile payments

  • Resolve to be Compliant in the New Year

    1/5/2012 10:01:18 AM

    From card skimming attacks to insider theft, 2011 was a tough year for U.S. businesses, with many falling victim to massive network security breaches. Unfortunately, industry experts predict more of the same in 2012 due to the proliferation of Internet connectivity, mobile devices and Web applications.

    However, there are ways to protect against this risk. Now that the holiday crunch is over, it’s a good time to determine where your business is with regard to information security technology and PCI compliance. Do you have the right policies and procedures in place to ensure customer information confidentiality, data integrity and user accountability? Resolve now to take more steps to secure sensitive cardholder data and prevent breaches this year. After all, the risks of non-compliance – such as fines, legal fees, decreases in stock equity and lost business – can far outweigh the cost of implementation.

    Here are a few tips to better protect your business in 2012.

    • PCI compliance is crucial to security efforts. Recent studies have shown that PCI-compliant companies experience less data breaches than those that are non-compliant. Many vendors offer an array of software and services for PCI compliance. Be sure to look for a security and compliance platform that covers as many of the 12 categories of the PCI standards as possible. That way, you can take a more holistic, integrated approach to securing your information and meeting compliance.
    • Set clear business policies for your employees regarding the processing of credit/debit and payroll card data. Many security breaches actually happen within an organization, so it is critical that policies are clear to employees.
    • Update staff regularly with new or different measures being used to ensure PCI compliance. Make sure that your employees are up-to-date with any changes that affect the security of the data you store or transmit. Require strong passwords and educate users on effective password management to minimize the risk of account takeovers.
    • Keep records of how your business is complying with and validating PCI standards. Remember that you will be audited, and keeping good records will assure that your company remains in good standing.
    • Develop a proactive plan to respond to any potential data breach and data loss incidents, minimizing the risk and impact to customers and business partners.

    It’s important to remember that fraud can affect any company, regardless of size or industry. There is no “silver bullet” for data security, but by ensuring PCI compliance and staying abreast of changing guidelines, businesses can stay a step ahead in 2012.

    Full story

    Comments (3)

    Steven Hughes

    Message from Steven Hughes

    PCI compliance data breach

  • Survey Says: Unencrypted Data on the Rise

    12/15/2011 3:56:22 PM

    A new study reveals that a whopping 71 percent of merchants claim to have stored unencrypted payment card data in 2011 – an increase of 8 percent over the previous year. These are troubling numbers, especially for an industry marked by ever-changing technology and increasingly sophisticated hackers. The fact of the matter is this: merchants who store unencrypted payment card data directly violate Payment Card Industry Data Security Standard (PCI DSS) requirements and may be subject to fines and other penalties after a compromise. The lapse in encrypted data may indicate a variety of factors, such as an improperly designed or configured payment application, a non-PCI compliant payment application or improper card handling by employees.

    Since our inception in 2009, SPVA has been at the forefront of efforts to advance international payment security. Our end-to-end encryption security requirements, released last year, were established to set a baseline for the industry – ultimately allowing companies to engage different solutions and select secure products that can be trusted.  Targeted to vendors of POS devices, key elements covered by this SPVA-approved standard include:            

    • Data to be encrypted during transmission
    • Key management
    • Physical and logistical security of the Tamper-Resistant Security Module and key components
    • Encryption monitoring and management systems requirements

    As studies like the recent SecurityMetrics one reveal, there is still a lot of work to be done to better protect cardholder information and defend against security breaches. SPVA members represent all points along the payment continuum, from POS payment terminal vendors to software developers to acquirers and so many more. Confused by the industry’s complex and ever-shifting compliance standards? Join us and stay ahead of the game, ultimately keeping your clients and consumers safe from security compromise. To download our End-to-End Encryption Security Requirements white paper and to learn more about the SPVA, visit www.spva.org.


    Full story

    Comments (4)

    Steven Hughes

    Message from Steven Hughes

    end-to-end encryption PCI DSS PCI POS encryption

  • ‘Tis the Season… to Get Hacked

    12/1/2011 9:38:07 AM

    It’s been a good year for hackers, with some of the world’s largest companies  falling victim to cybercrime. And with the hectic holiday shopping season now in full-swing, security experts warn that the number of data breaches could escalate.

    Both brick-and-mortar and online businesses are currently processing an extremely high volume of credit and debit card transactions from consumers stocking up on holiday gifts, dining at a favorite restaurant or paying for an overnight stay.  Despite the growing numbers of data breaches, a recent Verizon report reveals that a majority of businesses continue to struggle to comply with payment card security standards, ultimately putting consumers’ confidential information at risk.

    Fortunately, there are steps merchants can take to help protect their customers, their sales and their good names. Perhaps the most important is to become PCI compliant or work with a payment vendor who is compliant with the industry’s most current security standards. Other suggestions include:

    • Setting clear business policies for your employees regarding the processing of credit/debit and payroll card data. Many security breaches actually happen within an organization, so it is critical that policies are clear to employees.
    • Updating your employees regularly with new or different measures being used to ensure PCI compliance. Make sure that your employees are up-to-date with any changes made that affect the security of the data you store or transmit.
    • Keeping records of how your business is complying and validating PCI standards. Remember that you will be audited and keeping good records will assure that your company will remain in good standing with the credit card companies.
    • Being involved in all IT decisions regarding how your business will comply with the regulations.

    There is no “silver bullet” to maintaining a secure system this holiday season, but by ensuring PCI compliance and staying abreast of changing guidelines, merchants can stay a step ahead.

    Since 2009, the SPVA has worked to create a common understanding of existing and newly released standards in the world of secure payment solutions. Our member-driven Technical Working Groups are constantly evaluating the latest information to keep stakeholders informed and responsive to what they are reading in the news.

    Interested in learning how SPVA can help you? Contact me at 404.803.0636, steven.hughes@spva.org or visit www.SPVA.org.

    Full story

    Comments (0)

    Steven Hughes

    Message from Steven Hughes

    SPVA Membership PCI compliance data breach

  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 6
  8. 7
  9. 8
  10. 9
  11. Next page



Sitemap | Privacy Policy | Legal © 2009 Secure POS Vender Alliance. All Rights Reserved.