Hot on the heels of CARTES & IDentification 2009, SPVA members gathered last week for the first official members meeting. Joined by the SPVA board and myself, more than 20 representatives from leading payment industry companies assembled to discuss where SPVA has gone in its short existence and where it is headed.
So why SPVA and why now?
You don’t have to look much further than the recent data breaches (Radisson Hotels & Resorts, TJX Companies, Network Solutions, etc.) to know that payment security is not where it needs to be. What better way to contribute to the understanding and compliance of existing security standards than to utilize the knowledge of some of the biggest players in the industry. Ingenico, Hypercom and VeriFone are opening the door for an industry-wide meeting of the minds.
With the creation of four Technical Working Groups, SPVA members have the opportunity to affect the future of PCI compliance. One representative from each member company is allowed to sit on a TWG committee. The four TWGs address distinct and critical areas of payment security:
- Security Standards
- Payment Device Lifecycle
- Threat Analysis and Intelligence
- End-to-End Encryption
One important note is that SPVA does not endorse any one solution over another. Its impartiality allows that any and all retailers, acquirers, POS vendors/supplies and card brands are welcome to join the conversation and share best practices.
Our TWGs are already in action, and we anticipate the release of an end-to-end encryption implementation guideline in early 2010. Stay tuned for details because we’re not wasting any time getting moving or making our mark on the industry.