A new study reveals that a whopping 71 percent of merchants claim to have stored unencrypted payment card data in 2011 – an increase of 8 percent over the previous year. These are troubling numbers, especially for an industry marked by ever-changing technology and increasingly sophisticated hackers. The fact of the matter is this: merchants who store unencrypted payment card data directly violate Payment Card Industry Data Security Standard (PCI DSS) requirements and may be subject to fines and other penalties after a compromise. The lapse in encrypted data may indicate a variety of factors, such as an improperly designed or configured payment application, a non-PCI compliant payment application or improper card handling by employees.
Since our inception in 2009, SPVA has been at the forefront of efforts to advance international payment security. Our end-to-end encryption security requirements, released last year, were established to set a baseline for the industry – ultimately allowing companies to engage different solutions and select secure products that can be trusted. Targeted to vendors of POS devices, key elements covered by this SPVA-approved standard include:
- Data to be encrypted during transmission
- Physical and logistical security of the Tamper-Resistant Security Module and key components
- Encryption monitoring and management systems requirements
As studies like the recent SecurityMetrics one reveal, there is still a lot of work to be done to better protect cardholder information and defend against security breaches. SPVA members represent all points along the payment continuum, from POS payment terminal vendors to software developers to acquirers and so many more. Confused by the industry’s complex and ever-shifting compliance standards? Join us and stay ahead of the game, ultimately keeping your clients and consumers safe from security compromise. To download our End-to-End Encryption Security Requirements white paper and to learn more about the SPVA, visit www.spva.org.