| |
SPVA NEWSLETTER VOLUME 1 President's Letter
A Message from Steven Hughes, SPVA President Recently, I assumed the position of SPVA president, a role I am honored to serve at a time of dynamic change and increasing importance in the payments industry. This newsletter is one of many ways that the SPVA is helping its growing member base increase dialogue and influence around PCI standards and security. In the coming months, we will offer even more methods for members and potential members to share information, receive education and engage in advocacy about topics that are essential to the health and future growth of the industry.
Our mission is to increase awareness of security issues, encourage adoption of best practices and encourage consistency among standards that govern disparate components and participants in the payments environment. I am working closely with our founding members, Hypercom, Ingenico and VeriFone, to grow SPVA into the industry’s premiere source for facilitating a common understanding and acceptance of various security requirements and standards. We all have a stake in ensuring that the SPVA evolves as PCI compliance expands, leverages new technology and platforms, and advances the complex world of electronic transactions.
We are pleased to welcome a rapidly growing member base including prominent industry leaders. SPVA leadership has been featured at five industry speaking engagements at conferences worldwide, with many more, including CARTES 2009, in the near future. We have formed four Technical Working Groups that are making great strides toward their goals of implementing best practice security standards, providing education and resources to mitigate threats and creating implementation guidelines. If your organization has not yet sought involvement in one of our TWGs, we encourage you to do so.
I am most excited to host SPVA’s first Membership Meeting convening in Paris, during the CARTES show. I hope to meet many of you there, but please do not hesitate to reach out to me at any time. Technical Working Group Update Four Technical Working Groups (TWGs) within the SPVA add value to your membership by researching security topics and developing guidelines. Working on a per-project basis, these groups are the heart of our organization and are comprised of specialists from SPVA member companies. Together, they develop recommendations and solutions that will impact all of us by helping to increase security through a coordinated, consistent approach.
In the first six months of the SPVA, each Technical Working Group has established its goal and is now hard at work to that end.
Implementation of Existing Security Standards
The goal of the Security Standards TWG is to release a common interpretation of existing security standards and to foster widespread compliance.
The Security Standards group, chaired by Eric Brier, chief security officer, Ingenico, has been reviewing SEPA Standardization and PCI POS - PED and developing suggested improvements to the process. They are also focusing on standardizing applicable rules on PCI PA - DSS for payment terminals and ways to educate the industry on terminal knowledge on PA - QSA evaluations. EMV Co-Relationship has also been a focus with optimizing contactless evaluation process and establishing new validity dates for EMV Level 1 and 2 Certifications top priority. They will also continue to explore options for educating the industry on these dates and processes.
Security of Payment Device Lifecycle
This TWG is working to develop end-to-end lifecycle management protocols and suggest security standards and audit procedures over development, manufacturing, supply chain, deployment and repair.
Chaired by Roberto Fananas, security manager, Hypercom, this group is working to establish commonly acceptable standards and processes and reviewing self-audit mechanisms, with an eye toward creating a third party audit mechanism. In addition, the group is concentrating on the SPVA Certification Requirements definition and developing a white paper to establish a reference model for aPayment Device Lifecycle from a security perspective.
Security Threat Analysis and Intelligence
The goal of the Security Threats Analysis TWG is to provide education and resources for members regarding current threats and ways to mitigate them.
The Threat Analysis group, chaired by Ottilia Rouguet, head of strategic partnerships and SEPA, Ingenico, is focusing on threat tracking, reporting and communications (crises cell) and establishing SPVA terminal best practices.
End-to-End Security Transactions
This TWG is working to create recommended implementation guidelines for the encryption of cardholder data utilizing hardware-level security.
The group is chaired by Dave Faoro, vice president, chief security officer, VeriFone, and is focused on defining an interoperable solution and affecting improvements and changes to local, regional and PCI SSC standards and update requirements accordingly.
We encourage all members to get involved with one or more TWG to share their expertise and help shape the future of payment security. If you’d like to get involved and are not already a member of SPVA, join today! SPVA in the News Get the latest in secure card payment news. Learn about recent developments and read what the experts are saying. Upcoming Events
SPVA Membership Meeting The SPVA members will convene in Paris, November 17-19 during CARTES. For more information, please contact Steven Hughes or call directly at +44.75900.943.50. Prospective Member Meetings
• Tuesday - 15:00 p.m.
• Wednesday - 13:00 p.m.
• Thursday - 10:00 a.m.
• Location - Booth 4L027
Membership Luncheon & Meeting
• Thursday (12:00 – 5:00)
• Location - Room 504, Ground Floor, Hall 5 Presentations will include updates from the Board as well as updates from each of the Technical Working Groups. Stay Connected Read our Point of View, the new blog from SPVA or follow us on Twitter or LinkedIn.
|