The Green Sheet Online Edition
May 11, 2009 • Issue 09:05:01
Trade Association News
Data security dominates ETA Expo
The Electronic Transactions Association's Annual Meeting & Expo is a barometer of the state of the payments industry. The focus of the 2009 convention, held April 21 to 23 at the Mandalay Bay Resort & Casino in Las Vegas, was squarely on data security.
Booth after booth on the showroom floor proclaimed the latest and greatest in data encryption, from end-to-end security to tokenization. Meanwhile, a stunning event occurred in the Desert Willow Room in the Four Seasons Hotel within the Mandalay Bay complex.
A call to arms
In an unprecedented spirit of cooperation among fiercely competitive rivals, the three largest POS terminal manufacturers in the world - Ingenico, Hypercom Corp. and VeriFone - heralded the formation of the Secure POS Vendor Alliance.
"When we talk about security we need to make sure that all the elements related to security fit together," said Christophe Dolique, Executive Vice President, Global Marketing & Transaction Services at Ingenico and the SPVA's first Chairman. "Today we think that, in fact, that is not the case."
Therefore, the alliance's mission is to:
- Increase awareness of security issues
- Encourage adoption of best practices
- Bring consistency to the standards that govern disparate technological components and participants in the payments industry
The big three terminal makers believe they are ideally situated within the payments industry to provide leadership, since they create the POS devices that connect merchants to electronic payment networks.
Paul Rasori, VeriFone's Vice President of Global Product Marketing and the SPVA's first Treasurer, said, "We talk to every bank. We talk to every card association. We talk to every processor. We talk to every enterprise-level merchant. We're talking to everybody. I don't think there's another industry that is talking to everybody. So it puts us in a pretty unique perspective."
Stuart Taylor, Vice President, Global Marketing at Hypercom, said the big three hatched the idea of the alliance back in January 2009; they recognized the lack of clarity and uniformity across the payments ecosystem concerning certain security standards the manufacturers apply to their POS devices.
"It's just a matter of VeriFone goes to their customers saying you need this, this and this," Taylor said. "Ingenico goes to theirs saying you need this, this, and this. Hypercom does the same thing.
And so you have the three circles. Yes, there's some overlap. But there's this gray space on the outside where our message is different from their message."
Christopher Justice, Ingenico's new President, North America, believes that by collaborating on a single POS standard, manufacturers have a "real opportunity to share the information that we need collectively to hopefully slow - more than stop - fraud."
Membership in the SPVA is open to all constituents in the industry. To find out more about the alliance, go to www.spva.org.
To kick off Compliance Day at the ETA, Bob Russo, General Manager of the Payment Card Industry (PCI) Security Standards Council (SSC), provided an update on the council's effort to secure the global payment card infrastructure against data theft through implementation of the PCI Data Security Standard (DSS).
According to Russo, the PCI SSC has made great strides in securing data and communicating that necessity to businesses all across the world, but much more needs to be done. Back in 2006, when the council was formed, Russo said a business would ask Visa Inc. and MasterCard Worldwide the same question about data security and get different answers.
But with the council now managing the standard, that doesn't happen anymore, Russo said. PCI has become "one global voice for the industry," he stated.
Despite the PCI's accomplishments, Russo warned that the security-threat landscape has gotten worse. To counter that growing threat, Russo believes business compliance with the PCI DSS is all the more vital.
While Russo recognizes the financial and time burdens on businesses associated with gaining compliance and - more importantly - staying compliant, he emphasized that security breach remediation may cost a business 20 times the price of compliance, with brand name damage, loss of customers and lawsuits being particularly unsavory results.
Russo stressed that data security must become second nature to businesses. "It's got to become part of your DNA," he said.
An ETA for 'doers'
While attendance was down at the ETA this year, participants recognized an improved atmosphere over last year. Henry Helgeson, whose company Merchant Warehouse won the ETA's ISO of the Year award, considered ETA 2009's general attitude to be upbeat in comparison to 2008's "doom and gloom, the world is ending" mentality.
Cocard Corp.'s Rick Pylant said that when he looked around at this year's ETA participants, he saw "the doers, not the lookers" of the industry. Doers were in evidence at the first Prepaid Day at the ETA, which included presentations from World Gift Card, Now Prepay and FirstView LLC, among others, that touted the revenue and merchant retention potential of prepaid cards.
Helgeson called the SPVA formation a "fantastic" idea. "Probably some of the best news we've heard," he said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.