Three payment industry participants - Hypercom (NYSE: HYC), Ingenico, S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) today announced the formation of the Secure POS Vendor Alliance, a non-profit business organization chartered with implementing common payment security standards among vendors of secure point-of-sale (POS) devices used by retailers, acquirers and cardholders alike.
The SPVA will increase awareness of security issues, encourage adoption of best practices and ease consistency among standards that govern disparate components and participants in the payment environment. The SPVA founders recognize that stakeholders' consistent adherence to security standards and rules are a vital necessity in the continued growth of the electronic payments industry.
The SPVA will encompass the companies that provide the key security elements among consumers, merchants and transaction acquirers and issuers. Members of the SPVA deliver a unique global experience with security standards, ensure best practice implementation and continue to evolve the security enhancements and interoperability required to reduce fraud and lower risk for all participants in card payment transactions.
Membership is open to all payment industry stakeholders. The SPVA encourages general membership among all vendors that develop secure POS payment systems, and associate membership among organizations who sell or utilize products or solutions that interact with secure POS payment devices: retailers, acquirers, software vendors, ECR vendors, banks and other standard setting associations.
VeriFone, Ingenico and Hypercom, as founding members of the new alliance, will serve on the SPVA managing committee, along with two other directors to be elected by the membership in the coming months. The founding members have appointed the following individuals to serve a one year term as executive managers of the alliance:
- Christophe Dolique - will serve as SPVA Chairman and is EVP, Global Marketing & Transaction Services at Ingenico
- TK Cheung - will serve as SPVA Vice Chairman and Chief Technology Officer and is the VP, Global Quality and Security at Hypercom
- Paul Rasori - will serve as SPVA Secretary/Treasurer and is the SVP, Global Marketing at VeriFone
A primary objective of the SPVA will be to bring together industry experts to participate in "Technical Working Groups." Through their participation, SPVA members can contribute to enrich and develop future security guidelines and acquire first-hand knowledge of current security threats.
Initially, the SPVA will create Technical Working Groups that will focus on critical security topics, such as:
- Standardized Implementation of Existing Security Standards - with the goal to release a common interpretation of existing security standards. This includes fostering widespread compliance to those promulgated by the Payment Card Industry (PCI) Security Standards Council, EMVco and European Payments Council (EPC).
- Security of the Payment Device Lifecycle - aimed at developing end-to-end lifecycle management protocols to ensure digitally signed applications, track and manage devices in the field, and suggest security standards and audit procedures over development, manufacturing, supply chain, deployment and repair.
- End-to-End Encryption - to create recommended implementation guidelines for the encryption of cardholder data utilizing hardware level security.
- Security Threat Analysis and Intelligence - to provide education and resources to educate members of current threats and ways to mitigate them.
Once these types of guidelines and standards are fully developed, the SPVA will establish an "SPVA approval" program targeted at Secure POS system vendors wishing to display the SPVA Logo on their solutions. Merchants, Acquirers and Processors choosing SPVA-approved solutions can then be assured of the highest level of security currently available.
"Hypercom, Ingenico and VeriFone hope to act as a catalyst and kick off a common initiative by establishing a forum for industry-wide cooperation. By combining their expertise in the payment systems arena, the three companies are committed to succeed in accelerating widespread adoption of enhanced security guidelines," Christophe Dolique, SPVA Chairman, says. "Security is the cornerstone of the electronic payment industry and its continuous enhancement among the payment value chain is mandatory to protect all stakeholders' interests. In the meantime, security must also be synonymous with convenience, cost control and the ability to be easily deployed and maintained. To address this dual challenge, the industry requires a common view through which experiences can be shared and best practices developed. This is the goal of the SPVA."
The chief executives of the three companies issued the following statements:
"Security is paramount. Hypercom is aggressively focused on providing standards-based security solutions that give customers and consumers confidence that their payment transactions are protected against criminal and negligent acts. Today's standards have served the industry well, but as criminal attacks become more sophisticated, this industry's security implementations must evolve to cover the complete secure POS lifecycle. The SPVA will advance security implementations based on the unique perspective and experience of payment vendors around the world," said Philippe Tartavull, CEO and President, Hypercom.
"Ingenico is strongly committed to further promoting security compliance globally. The formation of an alliance of secure POS payment system vendors will dramatically enhance our customers' ability to fight fraud, while making security more convenient to deploy and to maintain for all stakeholders of the payment ecosystem," said Philippe Lazare, CEO, Ingenico.
"Secure POS devices represent the entry point for all transactions in retail environments. In this age where criminals are able to pinpoint any weaknesses in the end-to-end system, the obvious place security strategy must begin is as at the point of sale. The SVPA will build on the unique experience of its members and their 'entry point' position to advance more secure solutions that lower risk for consumers, merchants and acquirers," said Doug Bergeron, CEO, VeriFone.