GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Social media reshaping the marketing landscape

News

Industry Update

SEPA moving forward incrementally

Square evolves but will it prevail?

V.me by Visa the answer or an answer?

Features

Research Rundown

A company built for its agents

Reach out and engage someone

Selling Prepaid

Prepaid in brief

Longevity, inclusion sought in new AML rules

Risks posed by extra links in prepaid value chain

Views

Money isn't what it used to be

Jeffrey I. Shavitz
Charge Card Systems Inc.

Education

Street SmartsSM:
EMV, are we there yet?

Bill Pirtle
C3ET Credit Card Consortia for Education & Training Inc.

'Tis the season of happy (hacker) days

Rich Running
SecurityMetrics Inc.

Pushing past roadblocks to success

Jeff Fortney
Clearent LLC

Game plan 2012

Karin Bellantoni
Blueprint SMS

Getting Level 4 merchants to the PCI doctor

Tim Cranny
Panoptic Security Inc.

Discipline and persistence pay off

Peggy Bekavac Olson
Strategic Marketing

Company Profile

SignaPay Ltd.

New Products

A virtual call and payment center

IVR Pay-by-Phone gateway
Global eTelecom Inc.

A cloud-based payment remedy for docs

Medical office billing/payment portal
Kareo Inc.

Inspiration

Giving - the scalable solution

Miscellaneous

2012 Calendar of events

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

December 12, 2011  •  Issue 11:12:01

previous next

SEPA moving forward incrementally

Europe is close to adopting a single security standard for payment devices, according to Peter Puttick, VeriFone Inc. Senior Security Manager. Puttick affirmed this at a Vendorcom meeting in London in November 2011.

His comments were good news for the many people working to create a Single European Payments Area (SEPA), a 10-year-old payments integration initiative of the European Payments Council, a group founded by the European Central Bank and the European Commission. In 2006, the European Parliament issued the Payment Service Directive - an attempt to negate national borders when it comes to credit transfers, direct debit and credit cards.

Vendorcom is a European membership organization for the payments industry. Puttick was asked to speak to the group's Terminals and UPT Special Interest Group because he works with a number of groups focusing on the technical challenges of forming a SEPA.

Puttick is also a member of the Secure POS Vendor Alliance, an association founded by equipment manufacturers VeriFone Inc., Hypercom Corp. and Ingenico to promote more effective payment security. The SPVA focuses on such issues as standardized implementation of existing security standards, security of the payment device lifecycle, and security threat analysis and intelligence.

An uphill climb

Given the level of technical difficulty, it is not surprising the road to SEPA has been rocky. Other challenges include multiple security requirements and multiple currencies in different regions, a cautious relationship with the PCI Security Standards Council (PCI SSC), and difficulty in conforming to the timetable mandated by the European Central Bank, Puttick noted.

"Right now there are different approval processes in every zone. This makes it difficult for deploying terminals across the area," Puttick said in an interview with The Green Sheet shortly after his Vendorcom appearance. "SPVA is in negotiations to harmonize the process across the region. This is an important issue to move away from multiple regions with different security requirements to an approval through one process."

The route to compliance

Puttick indicated the effort to establish a single security standard for POS devices is now in the approval process stages with multiple tests going on throughout the regions. Ingenico, for instance, recently launched in France and neighboring countries a card payment acceptance pilot that meets SEPA standards and is within the scope of the OSCar Consortium's technical specifications. In addition, SEPA-compliant pilots underway in Germany and the United Kingdom are designed to demonstrate that international retailers can accept all general purpose cards across the SEPA.

Puttick said each region will have an opportunity to study the test results. "Each region's representatives will view the lab reports to ensure there is sufficient basis to give approval for their region," he said. "We should know the outcome by the end of next year. This is a valuable evaluation methodology that gives the process credibility. In the end we will be able to say to vendors, 'This is the route to compliance.'"

In addition to local approval, the POS device security standard will also need PCI SSC approval in all regions. Puttick said the PCI SSC is interested in the SEPA POS security initiative and will assess the reports to evaluate for compliance and see if a way can be found to move forward from the results.

Puttick expects when the SEPA requirements for payment terminals are in place the "scheme, style, look and feel of the transactions will be the same" no matter where the electronic payment is made in the SEPA. He added that there is "a lot of common ground among the requirements of each region, but there are still a lot of different and specific requirements for each region. The SPVA requirements are built to have all the requirements of each region covered."

A moving target

Puttick pointed out that security needs for POS terminals are changing as new technology such as contactless and near field communication enter the marketplace. "We need to get on top of security to encompass contactless and other new technologies that are coming along," he said. "It is a high priority.

"If you're not involved, you wouldn't realize what progress is being made. There are a lot of people out there working really hard to make this happen. The harmonization of payments across Europe sends the message that Europe is moving to one region rather than a number of diverse economic regions. Everyone will have the same requirements and the same hardware. This is an ongoing battle where moves are made incrementally."

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems