Tuesday, July 28, 2009
"We decided to join because we want to support all attempts to build a more secure payment network," said Robert O. Carr, Chairman and Chief Executive Officer at Heartland. He doesn't know what Heartland's role will be at the SPVA, but he expects the Princeton, N.J.-based processor to take an active one.
Brian Strange, Senior Manager for Product Development for the Hospitality Division for Radiant Systems, said the Atlanta-headquartered POS hardware and software developer wanted to participate in the SPVA's information sharing mandate.
"Exposure to other people in the payments space is just all around good for business," he said. "There is some sharing, but certainly processors aren't jumping through hoops to tell us exactly how one of our competitor's may have been breached. And so being around other people in this space is definitely important."
Witham Laboratories, a Melbourne, Australia-based information security consultancy and auditor, has similar goals. "There are various security requirements and standards that apply around the world," said Mario Sist, Operations Manager at Witham. "Sometimes they align well and other times they don't. Membership to SPVA will provide a forum to discuss how these requirements interact."
Additionally, Witham hopes to achieve "a closer relationship with POS vendors within the industry, as well as an increased exposure for our company worldwide," Sist noted.
At the April 2009 press conference to announce the founding of the SPVA, Paul Rasori, VeriFone's Vice President of Global Product Marketing and the SPVA's first Treasurer, said, "Membership is the most important part of what we are putting together." The SPVA has two classes of membership. The general membership is open to organizations in POS terminal manufacturing, such as founders Ingenico, VeriFone and Hypercom Corp. Their mission is to create secure POS terminals.
The associate member is the other membership level. An associate member is defined as any payments industry organization that offers products and solutions that interact with POS terminals.
"Obviously we want to have a much broader view of the overall environment, so we're also inviting membership, essentially any other company that is involved with the payment system, which would include banks, acquirers, merchants, point of sale vendors, software vendors, other standard setting bodies," Rasori said.
Through working groups, general and associate members will attack security issues together, Rasori added. The SPVA's management committee, which will be elected on a rotating basis after the founding members have completed their terms, will oversee the working groups.
The committee currently consists of founding members Christophe Dolique, Ingenico's Executive Vice President, Global Marketing & Transaction Services, serving as the SPVA's first Chairman; T.K. Cheung, Vice President of Global Quality & Security at Hypercom, serving as the SPVA Vice Chairman and Chief Technology Officer; and Rasori.
Two additional general membership participants elected by their peers serve on the committee as well, Rasori said.
The goal of the management committee is to "maintain an open and inclusive membership, facilitate these technical working groups, agree on what problems we are going to try to attack in the marketplace, and then bring the entire membership together to actually solve those problems and create best practices and other types of auditable security guidelines," he added.
Once security standards are formalized and ratified by the committee, the SPVA will implement an approval program where POS vendors can achieve certification and receive the alliance's endorsement, Rasori said.
Earlier this year, Carr founded the Payments Processing Information Sharing Council, which held its first meeting in May 2009. Carr said a priority of the PPISC is to develop end-to-end security; since that requires security parameters for the POS terminals themselves, it made sense for Heartland to join the hardware manufacturers' association.
In order to do a better job of securing the payments system from destructive data breaches, Carr said it is vital that payment businesses talk to each other about security issues through facilitators like the SPVA, the PPISC and the Payment Card Industry Security Standards Council.
"The most important thing is to share information about known attacks," he said. "I think that's the key. And a lot of people I think agree with that."
The SPVA will hold its first meeting Aug. 26 to 27, 2009, at the Hotel InterContinental in Miami. It is scheduled to host its next meeting in Paris in November. To find out more about the SPVA, go to www.spva.org .
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.