Hypercom, Ingenico, VeriFone Launch SPVA Payment Security Alliance

The SPVA will increase awareness of security issues, encourage adoption of best practices and ease consistency among standards that govern disparate components and participants in the payment environment. The SPVA founders recognize that stakeholders’ consistent adherence to security standards and rules are a vital necessity in the continued growth of the electronic payments industry.

The SPVA will encompass the companies that provide the key security elements among consumers, merchants and transaction acquirers and issuers. Members of the SPVA deliver a unique global experience with security standards, ensure best practice implementation and continue to evolve the security enhancements and interoperability required to reduce fraud and lower risk for all participants in card payment transactions.

Membership is open to all payment industry stakeholders. The SPVA encourages general membership among all vendors that develop secure POS payment systems, and associate membership among organizations who sell or utilize products or solutions that interact with secure POS payment devices: retailers, acquirers, software vendors, ECR vendors, banks and other standard setting associations.

VeriFone, Ingenico and Hypercom, as founding members of the new alliance, will serve on the SPVA managing committee, along with two other directors to be elected by the membership in the coming months. The founding members have appointed the following individuals to serve a one year term as executive managers of the alliance:

• Christophe Dolique – will serve as SPVA Chairman and is EVP, Global Marketing & Transaction Services at Ingenico
• TK Cheung – will serve as SPVA Vice Chairman and Chief Technology Officer and is the VP, Global Quality and Security at Hypercom
• Paul Rasori – will serve as SPVA Secretary/Treasurer, and is the SVP, Global Marketing at VeriFone

A primary objective of the SPVA will be to bring together industry experts to participate in “Technical Working Groups”. Through their participation, SPVA members can contribute to enrich and develop future security guidelines and acquire first-hand knowledge of current security threats.

Initially, the SPVA will create Technical Working Groups that will focus on critical security topics, such as:

• Standardized Implementation of Existing Security Standards – with the goal to release a common interpretation of existing security standards. This includes fostering widespread compliance to those promulgated by the Payment Card Industry (PCI) Security Standards Council, EMVco and European Payments Council (EPC).
• Security of the Payment Device Lifecycle – aimed at developing end-to-end lifecycle management protocols to ensure digitally signed applications, track and manage devices in the field, and suggest security standards and audit procedures over development, manufacturing, supply chain, deployment and repair.
• End-to-End Encryption – to create recommended implementation guidelines for the encryption of cardholder data utilizing hardware level security Security Threat Analysis and Intelligence – to provide education and resources to educate members of current threats and ways to mitigate them.

Once these types of guidelines and standards are fully developed, the SPVA will establish an “SPVA approval” program targeted at Secure POS system vendors wishing to display the SPVA Logo on their solutions. Merchants, Acquirers and Processors choosing SPVA-approved solutions can then be assured of the highest level of security currently available.

“Hypercom, Ingenico and VeriFone hope to act as a catalyst and kick off a common initiative by establishing a forum for industry-wide cooperation. By combining their expertise in the payment systems arena, the three companies are committed to succeed in accelerating widespread adoption of enhanced security guidelines,” Christophe Dolique, SPVA Chairman, says. “Security is the cornerstone of the electronic payment industry and its continuous enhancement among the payment value chain is mandatory to protect all stakeholders’ interests. In the meantime, security must also be synonymous with convenience, cost control and the ability to be easily deployed and maintained. To address this dual challenge, the industry requires a common view through which experiences can be shared and best practices developed. This is the goal of the SPVA.”