The Green Sheet Online Edition
September 22, 2008 • Issue 08:09:02
Certify payment pros on security?
The Society of Payment Security Professionals, an organization formed in April 2008 by risk management firm Aegenis Group Inc., has created two new certification programs focused on nine aspects of payment card security, risk management and auditing.
The Certified Payment Card Industry Security Manager (CPISM) and the Certified Payment Card Industry Security Auditor (CPISA) are designed to give payments industry professionals, including ISOs and merchant level salespeople (MLSs), a comprehensive knowledge of the security and regulatory issues imposed on the industry.
Once individuals take the CPISM and CPISA courses, they are administered exams covering nine domains, including payments industry structure and data, processing, fraud trends, merchant risk analysis, the regulatory environment, third-party relationships, information security and auditing.
Sometimes the twain shall meet
Dr. Heather Mark, Executive Director for the SPSP and a Senior Vice President of Operations for Aegenis, sees SPSP's training and certification as an opportunity to bridge the chasm between security and payment professionals.
"The Society found tremendous asymmetry between security experts who don't know the [payments] industry and industry professionals who didn't necessarily know security," Mark said.
"It was sort of a case that never the twain shall meet. There was a lot of tension because the viewpoints between the two groups didn't jive from a business perspective.
"The certification was designed to provide payment card professionals with a high-level understanding of the industry and the data security and privacy regulations that impact it.
It also provides ISOs and MLSs sufficient understanding of the issues to address their customers' questions."
Reinventing the wheel
However, Deana Sellens, Chief Operating Officer for TCB Consulting LLC, questions the SPSP's objectives. "I'm not thrilled about it, and I don't believe that we should continue reinventing the wheel over and over again," she said.
Sellens feels that the SPSP and other organizations could better spend their time lobbying for tougher laws against fraudsters. "I don't understand why we can't unite on some of this stuff," she said. "Eventually, none of these certifications are going to mean squat."
But Mark disagreed. "I'm surprised to hear that because we've gotten extremely positive feedback from everybody that we've dealt with," she said.
According to Mark, the SPSP's ultimate goal is the protection of consumer data. SPSP believes this certification is good for everyone, from the card brands and acquirers to merchants and MLSs. "If we can get everybody speaking the same language, we can raise the security bar across the country," Mark said.
The SPSP conducted its first training event and certification in August 2008 and will hold its next training workshop and exams for both CPISM and CPISA certification programs at the Outdoor World Embassy Suites in Dallas from Nov. 4 to 7, 2008. For more information on the SPSP and certification training and exam registration, visit www.paymentsecuritypros.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.