Home | Member Login | Contact | Blog
 

Point of View


Twitter Logo

Linked In Logo

RSS Feed Logo

Blog Archive

Tags

Display as : cloud | list

Go Back

SPVA Releases Requirements for the Post Manufacturing Stage of a Payment Device

Steven Hughes

6/16/2011 9:46:35 AM

Signaling our continued commitment to strengthening global payment security standards, I am pleased to announce the release of SPVA’s second white paper, the Lifecycle of a Secure Payment Device: Post-Manufacturing Stage

Drafted by our Lifecycle of a Secure Payment Device Technical Working Group, the newly introduced requirements are designed to increase accountability for numerous stakeholders including payment device vendors, manufacturers, key injection providers responsible for the initial loading of the payment device, acquirers and security audit firms. These guidelines require that a payment device be properly handled from the moment it is produced to the moment it is loaded with customer keys, thus eliminating the risk of fraudulent behavior. 

The Lifecycle of a Secure Payment Device: Post-Manufacturing Stage sets a baseline for the industry, and focuses on:

  • Secure storage and transport: The payment device must be stored and transported in a manner that meets requirements for security and accountability.
  • Transfer and accountability: Documented processes must be in place to ensure the accountability for the device is properly transferred from the manufacturer to the entity performing the initial key load. 
  • Authentication: The payment device must have a secure mechanism authenticating the identity of the device.
  • Key management: Documented processes must be in place to identify and respond to any security incidents.
  • Incident response: Documented processes must be in place to identify and respond to any security incidents.
  • Outsourcing: When any process of the post-manufacturing stage is outsourced, the outsourcing organization must ensure that the vendor meets the security requirements of that process.
  • Auditing: Audits must be performed at planned intervals to ensure that the security requirements are met.

The release of this whitepaper is a significant accomplishment for our Lifecycle of a Secure Payment Device Technical Working Group, as it concludes their work. Due to their extensive research and collaboration, these recommended guidelines will help us achieve our ultimate goal: protect cardholder information and defend merchants and acquirers against security breaches.

The document is now posted on our website and available to download.  We welcome your thoughts and feedback. If you are interested in contributing to our next white paper, membership in the SPVA allows you to join any of our Technical Working Groups and contribute to future industry standard publications.

 

Message from Steven Hughes

SPVA Membership SPVA Technical Working Group Lifecycle of a Secure Payment Device

Facebook DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Furl it!

Post a comment!
  4. Formatting options
       
     
    		 
    		 
     
       



Sitemap | Privacy Policy | Legal © 2009 Secure POS Vender Alliance. All Rights Reserved.