Home | Member Login | Contact | Blog
 

Point of View


Twitter Logo

Linked In Logo

RSS Feed Logo

Tags

Display as : cloud | list

Go Back

  • Staying One Step Ahead

    9/9/2010 12:20:05 PM

    As I was reading the latest issue of The Green Sheet, two articles caught my eye. “Fraud trends in 2010” and “Skimmers shifting from ATMs to gas pumps.” To briefly summarize: despite the industry’s attempts to secure cardholder data, fraud is as prevalent today as it was yesterday. And not surprisingly, thieves can adapt just as easily as we can.

    In the latter article, the point is made that the moment of data theft at gas pumps is happening before the information even has a chance to be encrypted. The fact that many gas stations are behind the PCI compliance curve aids thieves who are getting usable data right at the pump, before it is transmitted back to the station’s central terminal. The industry focuses on ATMs, criminals move to gas pumps. The industry focuses on data encryption, criminals get data sooner in the payment cycle.

    And it’s not just skimmers that we are fighting. It should come as no surprise that a man in India (Saurabh Sachar, to be exact) can produce “hundreds of credit and debit cards each week at $10 USD per card.” Or that anyone can log onto an online forum, and with only a username and password, find easy access to stolen data – or better yet – how to steal data.

    Despite the industry’s best efforts, criminals are still keeping up with security countermeasures. So are we staying one step ahead of criminals or are they staying one step ahead of us?

    Full story

    Comments (0)

    Steven Hughes

    PCI compliance The Green Sheet skimming credit cards

  • My Data Breach Costs More Than Your Data Breach

    8/27/2010 1:44:31 PM

    Earlier this year, the Ponemon Institute released a study (“Five Countries: Cost of Data Breach”), and the results paint a dichotomous picture of security and loss among counties.

    All participating companies experienced one or more data breach incidents over the past year. The companies were based in the United States, the United Kingdom, Germany, France and Australia.

    Right off the bat, one thing stands out. The total cost of a data breach in the US is off the charts ($6.75 million) compared to the study average of $3.55 million. Similarly, the US stands alone in the “lost business cost” results. It is the only one of the five countries above the average of $1.6 million. The US comes in at $4.47 million while its next closest data point is Germany at $1.19 million.

    One immediate question is: why? The root cause of these breaches may be surprising (or maybe not!), but the US had the smallest percentage in the “malicious or criminal attack” category yet the highest in the “system glitch” category and second highest in “negligence” (topped only by the UK).

    With so many compliance standards and rules regarding data security, where is the kink? Are things changing too quickly? Is there a general lack of understanding? Is there a false sense of security among C-level executives? Let us know what you think.

    And here’s hoping you never meet the requirements to participate in next year’s study.

    Full story

    Comments (0)

    Steven Hughes

    Ponemon Institute PCI compliance data breach

  • U.S. Credit Cards Not Welcome?

    8/11/2010 12:00:47 PM

    A number of recent surveys show that anywhere from one-half to two-thirds of people who carry U.S. credit cards experience difficulty when trying to use their cards outside of the United States. The hang-up, as most of you know, is magnetic stripes versus chip-and-PIN technology.

    The perennial question is whether chip-and-PIN will make it to U.S. shores, and what factors will line up to motivate a change. Wal-Mart pulled its weight earlier this year when it announced that it would accept chip-and-PIN in its U.S. stores, and the U.S.’s neighbors to the north and south have also moved to adopt chip technology. Still, it hasn’t taken hold here, maybe due to cost – estimated to be nearly $9 billion.

    But an article posted Monday on CreditCards.com describes the next generation of payment cards. LCD screens, videos, passwords, voiceover features, etc. In a word – innovative.

    From an aesthetic and interactive standpoint, this new generation of cards will pique interest. From a security perspective, the new cards will help prevent fraud through a password protected feature that allows for safer online and in-store purchases.

    The catch – these cards are only being tested in the European EMV market on cards that use the chip technology. So will interactive cards take off? Are magnetic-stripe cards becoming obsolete? Will interactive cards nudge the public into creating demand? What do you think?

     

     

    Full story

    Comments (0)

    Steven Hughes

    PCI EVM credit cards chip-and-PIN

  • Now’s The Time

    7/12/2010 12:49:00 PM

    Google “PCI compliance” or “payment security” and you’ll always find a long list of news stories, but media is picking up the pace, and there couldn’t be a better time to join the fight for tighter security and a common solution to the various – and constantly shifting – security standards.

    As Infosecurity Magazine reports, “PCI DSS hurdles loom,” and the industry is taking note. Every stakeholder in the payment process has an ear to the ground, working to keep up with the ever more complex and shifting set of rules and requirements.

    As these worldwide security threats grow and compliance standards evolve, the SPVA is working to stay one step ahead, working not to add another layer but to create a common understanding of existing and newly released standards. Our member-driven Technical Working Groups are constantly evaluating the latest information to keep stakeholders informed and one step ahead of what they are reading in the news.

    SPVA members represent all points along the payment continuum, from POS payment terminal vendors to software developers to acquirers and so many more. Before your company gets lost in the payment security news and looming regulations, join us and stay ahead of the game, ultimately keeping your clients and consumers safe from security compromise.

    Steven
    steven.hughes@spva.org

     

    Full story

    Comments (0)

    Steven Hughes

    Technical Working Groups membership PCI

  • From End to End – A Guideline is Born

    5/27/2010 9:59:31 AM

    After a year of collaboration and research from our End-to-End Encryption Technical Working Group, I am pleased to announce the release of SPVA’s first white paper, the End-to-End Encryption Security Requirements.

     

    This guideline represents SPVA’s commitment to strengthening global payment security standards and creating a common understanding of best practices. The insight and thoroughness with which this framework has been prepared is a testament to our members and to the Technical Working Groups.

     

    The End-to-End Encryption Security Requirements sets a baseline for the industry, and focuses on:

     

    • Data to be encrypted during transmission

    • Key management

    • Physical and logistical security of the TRSM and key components

    • Encryption monitoring and management systems requirements

    We invite you to download the End-to-End Encryption Security Requirements. We welcome your thoughts and feedback.

     

    If you are interested in contributing to our next white paper, membership in the SPVA allows you to join any of our four Technical Working Groups.

     

    Steven

    steven.hughes@spva.org

    Full story

    Comments (0)

    Steven Hughes

    Technical Working Groups end-to-end encryption white paper PCI

  2. 1
  3. 2
  4. Next page



Sitemap | Privacy Policy | Legal © 2009 Secure POS Vender Alliance. All Rights Reserved.