GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Virtual money, tangible profits


Industry Update

Interac seeks for-profit status

GO-Tag a show-stopper

Certify payment pros on security?

Beltway interest drives interchange book sales

CharlieCard gets charley horse


Karen Lazer

Prepaid acceptance online

David Fish
Mercator Advisory Group


Banking on mobile

Patti Murphy
The Takoma Group


Street SmartsSM:
Stay the course

Jason Felts
Advanced Merchant Services

The residual-buying game

Lane Gordon

Old is new in POS fashion

Dale S. Laszig
DSL Direct LLC

Body language

Vicki M. Daughdrill
Small Business Resources LLC

A day in the life of a successful MLS

Jason Felts
Advanced Merchant Services

A day in the life of a successful MLS

Jason Felts
Advanced Merchant Services

Company Profile


Affinity Solutions

New Products

Cash advance reaches new vertical

ProMAC Electronic Payment Advance
Companies: Professional Merchant Advance Capital L


Information, please



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

September 22, 2008  •  Issue 08:09:02

previous next

Certify payment pros on security?

The Society of Payment Security Professionals, an organization formed in April 2008 by risk management firm Aegenis Group Inc., has created two new certification programs focused on nine aspects of payment card security, risk management and auditing.

The Certified Payment Card Industry Security Manager (CPISM) and the Certified Payment Card Industry Security Auditor (CPISA) are designed to give payments industry professionals, including ISOs and merchant level salespeople (MLSs), a comprehensive knowledge of the security and regulatory issues imposed on the industry.

Once individuals take the CPISM and CPISA courses, they are administered exams covering nine domains, including payments industry structure and data, processing, fraud trends, merchant risk analysis, the regulatory environment, third-party relationships, information security and auditing.

Sometimes the twain shall meet

Dr. Heather Mark, Executive Director for the SPSP and a Senior Vice President of Operations for Aegenis, sees SPSP's training and certification as an opportunity to bridge the chasm between security and payment professionals.

"The Society found tremendous asymmetry between security experts who don't know the [payments] industry and industry professionals who didn't necessarily know security," Mark said.

"It was sort of a case that never the twain shall meet. There was a lot of tension because the viewpoints between the two groups didn't jive from a business perspective.

"The certification was designed to provide payment card professionals with a high-level understanding of the industry and the data security and privacy regulations that impact it.

It also provides ISOs and MLSs sufficient understanding of the issues to address their customers' questions."

Reinventing the wheel

However, Deana Sellens, Chief Operating Officer for TCB Consulting LLC, questions the SPSP's objectives. "I'm not thrilled about it, and I don't believe that we should continue reinventing the wheel over and over again," she said.

Sellens feels that the SPSP and other organizations could better spend their time lobbying for tougher laws against fraudsters. "I don't understand why we can't unite on some of this stuff," she said. "Eventually, none of these certifications are going to mean squat."

But Mark disagreed. "I'm surprised to hear that because we've gotten extremely positive feedback from everybody that we've dealt with," she said.

According to Mark, the SPSP's ultimate goal is the protection of consumer data. SPSP believes this certification is good for everyone, from the card brands and acquirers to merchants and MLSs. "If we can get everybody speaking the same language, we can raise the security bar across the country," Mark said.

The SPSP conducted its first training event and certification in August 2008 and will hold its next training workshop and exams for both CPISM and CPISA certification programs at the Outdoor World Embassy Suites in Dallas from Nov. 4 to 7, 2008. For more information on the SPSP and certification training and exam registration, visit

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios