Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, May 27, 2010

Secure POS Vendor Alliance Releases End-to-End Encryption Security Requirements

The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom (NYSE: HYC), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) today announced the release of its End-to-End Encryption Security Requirements related to payment card data in payment card reading devices.  Targeted to vendors of POS devices, this newly released framework marks a critical step toward SPVA’s mission of widespread understanding of payment security issues and the adoption of best practices.  “The SPVA’s end-to-end security requirements guidelines set a baseline for the industry and represent the first step to further strengthen payment security standards globally,” said T.K. Cheung, SPVA chairman and Hypercom vice president global quality & security.

Prepared by the association’s End-to-End Encryption Technical Working Group, the newly released SPVA guideline allows companies to engage different solutions and select products that can be trusted and are secure.  The SPVA defines end-to-end as: the transmission of cardholder data in an encrypted form, from its point of presentment, such that it prevents the data from being known in plain text until the point of decryption.

Against this backdrop, our goal is to use existing published standards and provide an auditable set of requirements that creates a secure payment environment.”  Its aim is to develop an end-to-end security framework and to enhance security elements of payment solutions which protect cardholder information and defend merchants and acquirers against security breaches, while helping reducing fraud and lowering risk for all electronic payment stakeholders.

Posted on 05/27