23 August 2017
Find out more

Secure POS Vendor Alliance releases end-to-end encryption requirements

27 May 2010  |  7484 views  |  0 Source: Secure POS Vendor Alliance

The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom (NYSE:HYC - News), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE:PAY - News) today announced the release of its End-to-End Encryption Security Requirements related to payment card data in payment card reading devices. Targeted to vendors of POS devices, this newly released framework marks a critical step toward SPVA's mission of widespread understanding of payment security issues and the adoption of best practices.

"The SPVA's end-to-end security requirements guidelines set a baseline for the industry and represent the first step to further strengthen payment security standards globally," said T.K. Cheung, SPVA chairman and Hypercom vice president global quality & security. "We will be enhancing this guideline as the security environment evolves and will announce each update as it occurs."

Prepared by the association's End-to-End Encryption Technical Working Group, the newly released SPVA guideline allows companies to engage different solutions and select products that can be trusted and are secure. Key elements covered by the SPVA-approved standard include:

* Data to be encrypted during transmission
* Key management
* Physical and logistical security of the Tamper-Resistant Security Module and key components
* Encryption monitoring and management systems requirements

The SPVA defines end-to-end as: the transmission of cardholder data in an encrypted form, from its point of presentment, such that it prevents the data from being known in plain text until the point of decryption.

"SPVA does not endorse any specific vendor's solution, nor does it have any intention of supporting one solution over another," said Steven Hughes, SPVA president. "We recognize that end-to-end encryption requirements can be complex. Against this backdrop, our goal is to use existing published standards and provide an auditable set of requirements that creates a secure payment environment."

Since its launch in April 2009, SPVA has experienced rapid growth with prominent industry leaders joining, including Atos Worldline, Heartland Payment Systems, Chase Paymentech, Radiant Systems, Inc., Voltage Security and many others. All members are eligible to participate in SPVA's Technical Working Groups and contribute to future industry standard publications.

Comments: (0)

Comment on this story (membership required)

Related company news

 

Related blogs

Create a blog about this story (membership required)
download the paper nowvisit www.abe-eba.euvisit www.worldpaymentsreport.com

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
12850 views comments | 27 tweets | 23 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
11476 views comments | 22 tweets | 34 linkedin
Rabobank constructs physical model to understand IT architectureRabobank constructs physical model to unde...
10838 views comments | 23 tweets | 51 linkedin
Australia regulates digital currenciesAustralia regulates digital currencies
10663 views comments | 21 tweets | 35 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
10595 views comments | 10 tweets | 8 linkedin