Secure POS Vendor Alliance Releases Requirements for the Post Manufacturing Stage of a Payment Device
15 Juni 2011 - 3:45PM
Business Wire
The Secure POS Vendor Alliance (SPVA), a non-profit business
organization founded by Hypercom (NYSE: HYC), Ingenico S.A.
(EURONEXT: ING) and VeriFone (NYSE: PAY), announces the release of
standards for the post manufacturing stage of a secure payment
device. The new guidelines require that a payment device be
properly handled from the moment it is produced to the moment it is
loaded with customer keys.
The newly introduced requirements are designed to increase
accountability for numerous stakeholders including payment device
vendors, manufacturers, key injection providers responsible for the
initial loading of the payment device, acquirers and security audit
firms.
“The current standards in the post manufacturing stage cannot
provide complete authenticity and we feel that we have identified a
list of solutions to improve security,” said Roberto Fananas,
Hypercom security manager. “The SPVA’s guidelines for the post
manufacturing stage ensure that key data and materials used in the
key loading process meet specific security requirements, thus
eliminating the risk of fraudulent behavior.”
Prepared by the association’s Lifecycle of a Secure Payment
Device Technical Working Group, the guidelines feature key elements
including:
- Secure storage and transport:
The payment device must be stored and transported in a manner that
meets requirements for security and accountability.
- Transfer and accountability:
Documented processes must be in place to ensure the accountability
for the device is properly transferred from the manufacturer to the
entity performing the initial key load.
- Authentication: The payment
device must have a secure mechanism authenticating the identity of
the device.
- Key management: Documented
processes must be in place to identify and respond to any security
incidents.
- Incident response: Documented
processes must be in place to identify and respond to any security
incidents.
- Outsourcing: When any process of
the post-manufacturing stage is outsourced, the outsourcing
organization must ensure that the vendor meets the security
requirements of that process.
- Auditing: Audits must be
performed at planned intervals to ensure that the security
requirements are met.
“The recommended guidelines by our Lifestyle of a Secure Payment
Device Technical Working Group are designed to meet the security
objectives of confidentiality, integrity, accountability,
authenticity and non-repudiation,” said Steven Hughes, SPVA
president. “The ultimate goal is to protect cardholder information
and defend merchants and acquirers against security breaches.”
The release of requirements for the post manufacturing stage of
a payment device will conclude the work of the SPVA’s Lifestyle of
a Secure Payment Device Technical Working Group.
Since its launch in April 2009, SPVA has experienced rapid
growth with prominent industry leaders joining, including Atos
Worldline, Heartland Payment Systems, Chase Paymentech, Radiant
Systems, Inc., Voltage Security and many others. All members are
eligible to participate in SPVA’s Technical Working Groups and
contribute to future industry standard publications.
For more information about the SPVA or to view the post
manufacturing stage of secure payment device white paper, visit
www.spva.org.
About Secure POS Vendor Alliance (www.spva.org)
The Secure POS Vendor Alliance (SPVA) is a non-profit
organization that works with the multiple stakeholders of the
payment value chain. Its aim is to develop an end-to-end security
framework and to enhance security elements of payment solutions
which protect cardholder information and defend merchants and
acquirers against security breaches, while helping reduce fraud and
lowering risk for all electronic payment stakeholders.
Hypercom (NYSE:HYC)
Historical Stock Chart
Von Okt 2024 bis Nov 2024
Hypercom (NYSE:HYC)
Historical Stock Chart
Von Nov 2023 bis Nov 2024