A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

April 26, 2010 • Issue 10:04:02

Security standard in store for stored-value

sellingprepaidIn March 2010, gift and loyalty card processors ProfitPoint Inc. and SparkBase announced a joint effort to establish best practices for the stored-value card industry. The processors said the initial Stored-Value Industry Certification (SVIC) Data Security Standard (DSS) will set up general best practice guidelines; it will then be followed by a more detailed certification standard scheduled for rollout in the fourth quarter of 2010.

The SVIC DSS will address how to best secure data on closed-loop programs: card numbers, data concerning purchasing habits, loyalty point information, as well as other consumer-specific demographic data (birthdays, anniversaries, even shoe sizes) unique to stored-value transaction processing.

Out in front

According to Vaden Landers, Chief Executive Officer at ProfitPoint, the initiative was borne out of a need recognized by Landers and SparkBase CEO Doug Hardman for the stored-value industry to stay ahead of data security issues that may arise. They wanted to "work to limit the potential for any horror stories popping up in the news that would create growth barriers for closed-loop players," he said.

Landers was not aware of any data security breaches having occurred on stored-value networks. But once fraudsters recognize the detailed information available on stored-value, closed-loop networks, and what they can do with that data, their level of interest in the stored-value industry will undoubtedly increase. And as their interest increases, the threat level increases proportionately.

Currently, there is no mechanism in place to track fraud on stored-value networks, Landers said. However, he noted that fraud on stored-value cards is of a different variety than fraud that occurs on the credit and debit card side.

"Anyone who could hack into a system and steal credit card information could get much more personal data from a stored-value network, whether at the merchant or the processor level," he said. "The potential for something really bad to happen that would give the industry a black eye is there, so we feel responsible for addressing it given that we are leaders in the space."

Leading by example

Landers said the standard will be based on the best practices already in place at ProfitPoint and SparkBase. "We are starting with our networks because it is our experience that offers the ability to capture and retain the most robust set of cardholder data of any other network in the industry," he added. "We felt that if we could secure our platform first, with its comprehensive toolset, other platforms would be simpler to certify."

The Payment Card Industry (PCI) Data Security Standard (DSS) will be useful in setting up a similar structure for the SVIC DSS, Landers noted. He expects ProfitPoint, SparkBase and Valutec Card Solutions (also involved in developing best practices) to collaborate with other leading players in the space on security protocols, much as the PCI Security Standards Council has done for the PCI DSS. end of article

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing