POS TERMINAL VENDOR ALLIANCE

The Nilson Report

Ingenico, VeriFone, and Hypercom, which collectively ship more than 75% of all POS terminals world wide, have formed the nonprofit Secure POS Vendor Alliance (SPVA) to develop a shared set of specifications for how POS equipment meets security standards. Standards already circulating in the industry from more than 30 organizations cover a variety of media and world regions — most prominently EMV standards for smart payment cards and terminals, and PCI standards set by the PCI Security Standards Council for PIN pads (PCIPED), data security (PCI-DSS), and payment applications (PA-DSS). Visa, MasterCard, American Express, JCB, and Discover can mandate compliance with these standards, and then impose fines or revoke acceptance agreements when they aren’t met. The SVPA will not play a role in enforcement, but rather in recognizing equipment from any manufacturer that meets its guidelines with a seal of approval. Testing will be provided by third-party security labs. There are over 50 POS terminal manufacturers worldwide who could potentially apply for the seal. The SPVA believes it can also serve as an advocacy group for merchants and acquirers by developing collective opinions on matters of security and compliance. It hopes to be in a position to influence other organizations, such as the PCI Council. Last year, after several well publicized data breaches, terminal vendors and others in the industry suggested the council add end-to-end data encryption to its standards. So far, this has not happened, although the council is considering the matter in an upcoming study of emerging technologies. All vendors that develop secure POS systems, and particularly those with products currently listed as PCI-PED approved devices, have been invited to purchase a general membership ($30,000 annually) in SPVA. Associate memberships ($5,000 annually) are open to organizations that use or interact with those systems, including retailers, acquirers, software vendors, banks, and other standard-setting associations.

Technical working groups organized around specific topics are open to both types of memberships. The governing Managing Committee will have four seats for general members and one for associates. Representatives of the three founding companies will hold three rotating seats for the first six years.