Point of View

• Expanding Connections

  2/11/2010 2:35:32 PM

  The past two weeks have brought significant andexciting changes to the Secure POS Vendor Alliance.  When the SPVA launched less than ayear ago, the founding members – Hypercom, Ingenico and  VeriFone -always had the vision that the organization would not simply be a soapbox for the “big three,” but rather a more inclusive entity that provided a collaborative environment and a stronger voice for ensuring payments security. The 15 additional members that have joined the SPVA over the past eight months agreed, committing their time and resources in return for the value this organization could provide. With two recent developments, we’ve come even further in realizing our vision.

  Bob Carr, CEO of Heartland Payment Systems, was elected to the 2010 SPVA Board of Directors as our Associate Member Director.We are honored to have Bob take on this leadership position and feel there is currently no one better for this role. Bob expressed his commitment to 'bringing POS hardware and software vendors together for the good of all the stakeholders in the payments domain.” I look forward to working with Bob in continued support of our mission.

  In case you missed it, the SPVA also launched a new involvement opportunity – the Lab Network. Our Technical Working Groups have been working diligently in the development of implementation guidelines related to end-to-end encryption, payments lifecycle management protocols and other pressing industry needs. Members of theLab Network, including authorized QSA labs, will be given the opportunity to conduct security evaluations of our implementation guidelines and connect with our other members in sharing best practices and raising the security level within the POS industry.  

  So as you can see, we’ve been busy around here! We’re convinced that the strides we are making to expand our connections will help to further our goals. If you want to know more about what’s going on at SPVA, reach out to me at any time. 

  Full story

  Comments (0)

  Steven Hughes

  Ingenico Technical Working Groups end-to-end encryption Heartland Payment Systems PCI POS VeriFone Hypercom

• Five Good Reasons

  12/28/2009 10:31:52 AM

  As we head (or sprint) toward the finish line that will bring an end to 2009, 2010 promises to be an even more exciting year in the payment processing world. The rapidly-changing mobile marketplace, increasing scrutiny of payment standards, and continuing economic uncertainty are sure to play a role in our industry in the coming year. As you look ahead at ways to grow your business, might I suggest putting “join SPVA” at the top of the list?

   

  Here are my top five reasons you should join:

   

  1)       Work with leading POS vendors to enrich and develop security guidelines

   

  2)       Acquire first-hand knowledge of current security threats and ways to mitigate them

   

  3)       Cultivate a common interpretation of existing security standards and public collective implementation guidelines

   

  4)       Develop end-to-end lifecycle security guidelines

   

  5)       Create industry encryption framework of cardholder data

   

  I hope you’ll take the opportunity to contact me for more details on what the SPVA is bringing to the industry and what we can bring to your business.

   

  I look forward to talking to you.

  Full story

  Comments (0)

  Steven Hughes

  end-to-end encryption membership POS

• Bonjour de Paris!

  11/23/2009 3:12:28 PM

  Hot on the heels of CARTES & IDentification 2009, SPVA members gathered last week for the first official members meeting. Joined by the SPVA board and myself, more than 20 representatives from leading payment industry companies assembled to discuss where SPVA has gone in its short existence and where it is headed. 

  So why SPVA and why now? 

  You don’t have to look much further than the recent data breaches (Radisson Hotels & Resorts, TJX Companies, Network Solutions, etc.) to know that payment security is not where it needs to be. What better way to contribute to the understanding and compliance of existing security standards than to utilize the knowledge of some of the biggest players in the industry. Ingenico, Hypercom and VeriFone are opening the door for an industry-wide meeting of the minds. 

  With the creation of four Technical Working Groups, SPVA members have the opportunity to affect the future of PCI compliance. One representative from each member company is allowed to sit on a TWG committee. The four TWGs address distinct and critical areas of payment security:  

  • Security Standards
  • Payment Device Lifecycle
  • Threat Analysis and Intelligence
  • End-to-End Encryption

  One important note is that SPVA does not endorse any one solution over another. Its impartiality allows that any and all retailers, acquirers, POS vendors/supplies and card brands are welcome to join the conversation and share best practices. 

  Our TWGs are already in action, and we anticipate the release of an end-to-end encryption implementation guideline in early 2010. Stay tuned for details because we’re not wasting any time getting moving or making our mark on the industry.

   

   

   

   

   

   

   

   

   

   

  Full story

  Comments (0)

  Steven Hughes

  Technical Working Groups end-to-end encryption membership PCI POS CARTES

• Taking the Helm

  11/2/2009 10:37:00 AM

  It’s an exciting time to be taking the helm of SPVA. New members, our first membership meeting, and increasing interest in our role and place in the payments security realm all contribute to making my first month here an exciting one. With the introduction of Point of View, we will share industry expertise and encourage dialogue among our members and others involved in this dynamic industry.

  Over the coming months, we’ll share insights from our board leadership and from those in the trenches – our Technical Working Groups – as they progress toward achieving SPVA’s goal of establishing best practices and ensuring consistency of payment security standards.

  Over the past few weeks, I’ve had the pleasure of reaching out to many companies and organizations to talk about the value of SPVA. Throughout these conversations, it has become clear that there are several topics that receive the most interest. I’d like to address the top three here:
  
  

  1) Who, within SPVA, establishes the best practices around implementation and security standards developed by PCI?

  The SPVA has a Security Standards Technical Working Group (TWG) focused on interpretation of and POS vendor alignment with PCI standards. Chaired by Eric Brier, chief security officer, Ingenico, this TWG is made up of members from POS vendors, acquirers, security technology companies and other service providers.

  
  2) How many people from our company can participate in SPVA activities?

  Members are allowed to have one individual designated as the primary company contact on each of the four Technical Working Groups, meaning that up to four designees could be named, to include different skills sets and expertise from your company. Other employees of the member company may also participate in SPVA, but should communicate through the primary contact representing their company.

  
  3) What benefits do non North American-based companies gain from being a member?

  All SPVA members are able to help shape the activities of the association through their direct participation in Technical Working Groups, meetings and more. This participation has the added benefit of exposing members to the thoughts and ideas of industry security professionals who are already participating with SPVA, and allow them to have a say in best practice standards that affect the global marketplace.

  If you are headed to Paris for CARTES, please join us there. Schedule a Prospective Member Meeting on November 17-19, or, if you are already a member, enjoy our first Membership Meeting & Luncheon on November 19. It would be my pleasure to meet with you and discuss how you can benefit from membership in SPVA.

  
  

  Full story

  Comments (0)

  Steven Hughes

  Message from Steven Hughes

  Technical Working Groups membership PCI POS CARTES