A primary focus of the newly formed Secure POS Vendor Alliance is to develop its membership base. To that end, five payment organizations have joined its ranks since May 2009: Heartland Payment Systems Inc., Moneris Solutions Inc., Radiant Systems Inc., Atos Worldline and Witham Laboratories. The SPVA is a nonprofit organization dedicated to enhancing data security worldwide.
"We decided to join because we want to support all attempts to build a more secure payment network," said Robert O. Carr, Chairman and Chief Executive Officer at Heartland. He doesn't know what Heartland's role will be at the SPVA, but he expects it will be an active one.
Brian Strange, Senior Manager for Product Development for the Hospitality Division for Radiant Systems, said his company wanted to participate in the SPVA's information sharing mandate. "Exposure to other people in the payments space is just all around good for business," he said. "There is some sharing, but certainly processors aren't jumping through hoops to tell us exactly how one of our competitor's may have been breached. And so being around other people in this space is definitely important."
Australia-based Witham Laboratories has similar goals. "There are various security requirements and standards that apply around the world," said Mario Sist, Operations Manager at Witham. "Sometimes they align well and other times they don't. Membership to SPVA will provide a forum to discuss how these requirements interact."
Additionally, Witham hopes to achieve "a closer relationship with POS vendors within the industry, as well as an increased exposure for our company worldwide," Sist noted.
At the April 2009 press conference to announce the founding of the SPVA, Paul Rasori, VeriFone's Vice President of Global Product Marketing and the SPVA's first Treasurer, said, "Membership is the most important part of what we are putting together." The SPVA has two classes of membership. General membership is open to organizations in POS terminal manufacturing, such as founders Ingenico, VeriFone and Hypercom Corp. Their mission is to create secure POS terminals. An associate member is defined as any payments industry organization that offers products and solutions that interact with POS terminals.
"Obviously we want to have a much broader view of the overall environment, so we're also inviting membership to essentially any other company that is involved with the payment system, which would include banks, acquirers, merchants, point of sale vendors, software vendors, other standard setting bodies," Rasori said.
Through working groups, general and associate members will attack security issues together, Rasori added. The SPVA's management committee, which will be elected on a rotating basis after the founding members have completed their terms, will oversee the working groups.
The committee currently consists of founding members Christophe Dolique, Ingenico's Executive Vice President, Global Marketing & Transaction Services, serving as the SPVA's first Chairman; T.K. Cheung, Vice President of Global Quality and Security at Hypercom, serving as the SPVA Vice Chairman and Chief Technology Officer; and Rasori. Two additional general membership participants elected by their peers serve on the committee as well.
The goal of the management committee is to "maintain an open and inclusive membership, facilitate these technical working groups, agree on what problems we are going to try to attack in the marketplace, and then bring the entire membership together to actually solve those problems and create best practices and other types of auditable security guidelines," Rasori said.
Once security standards are formalized and ratified by the committee, the SPVA will implement an approval program where POS vendors can achieve certification and receive the alliance's endorsement, Rasori said.
Earlier in 2009, Carr founded the Payments Processing Information Sharing Council, which held its first meeting in May. Carr said a priority of the PPISC is to develop end-to-end security, and since that requires security parameters for the POS terminals themselves, it made sense for Heartland to join the hardware manufacturers' association.
Carr said that to do a better job of securing the payments system from destructive data breaches, it is vital that payment businesses talk to each other about security issues through facilitators like the SPVA, the PPISC and the Payment Card Industry Security Standards Council.
"The most important thing is to share information about known attacks," he said. "I think that's the key. And a lot of people, I think, agree with that."
The SPVA will hold its first meeting Aug. 26 to 27, 2009, at the Hotel InterContinental in Miami. It is scheduled to host its next meeting in Paris in November 2009.
To find out more about the SPVA, visit www.spva.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next