Sunday, March 22, 2009

HomeATM at the (Security) Summit!

HomeATM CEO, Ken Mages and I, just returned from Salt Lake City, where we attended the ProPay Data Security Summit. 

On Wednesday, March 18th, after ProPay CEO Gary Goodrich completed his opening remarks, he introduced PCI Security Standards Council General Manager Bob Russo.

We had been informed by our PCI Testing Lab representative (Witham Labs) that the PCI SSC would probably "officially list" our Safe-T-PIN (the T stands for Transaction) device later that morning.
 
Ironically, while Bob Russo was a featured speaker at the event. 

While he  was addressing attendees, I refreshed my laptop's screen to see that, indeed,  HomeATM had been added to the distinguished list of PCI 2.0 PED Devices on the PCI SSC website.  My first thought was, how ironic is that?  Two plus years in the making, an we get certified while the GM for PCI SSC is 50 feet away talking about the importance of such certification. But all irony aside, the fact remains that:

For the first time in the history of the PCI Security Standard Council's existence, a PIN Entry Device designed for e-Commerce, achieved PCI 2.0 certification.  That device is HomeATM's SAFE-T-PIN, which provides consumers and merchants with an unmatched level of 3DES DUKPT "fully beginning to end encrypted" security on Web Transactions.


In order to duly record the moment, I "pinned down" (yeah...pun intended) PCI SSC's Bob Russo and asked if he would participate in a picture with Ken Mages, HomeATM's CEO.   Bob kindly obliged, and pictured above is the resulting photo...forever capturing this historic milestone in e-payments history! (Click Pic to Enlarge)

So, what does this all mean?  The security benefits of a PCI 2.0 PED certified device CANNOT be overstated.  Tomorrow I will publish a review of the Safe-T-PIN device, conducted by The Society of Secure Payment Professionals. 

About the PCI Security Standards Council 

The PCISecurity Standards Council is an open global forum, launched in 2006,that is responsible for the development, management, education, andawareness of the PCI Security Standards, including: the Data SecurityStandard (DSS), Payment Application Data Security Standard (PA-DSS),and Pin-Entry Device (PED) Requirements.

All of the five founding members have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs. Each founding member also recognizes the QSAs and ASVs certified by the PCI Security Standards Council as being qualified to validate compliance to the PCI DSS.

A Limited Liability Corporation (LLC) chartered in Delaware, USA, the PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc..

All five payment brands share equally in the council's governance, have equal input to the PCI Security Standards Council and share responsibility for carrying out the work of the organization. Other industry stakeholders are encouraged to join the group and review proposed additions or modifications to the standards.
 
Executive Committee - PCI SSC
  • Seana Pitt, Vice President, Merchant Policy & Data Quality, American Express
  • Suzanne Smits, Vice President, Network Services, Discover Financial Services
  • Lib de Veyra, Vice President, Emerging Technologies, JCB International
  • Bruce Rutherford, Group Head, Fraud Management Solutions, MasterCard Worldwide
  • Lance Johnson, Senior Vice President, International Risk Management, Visa Inc.
From Digital Transaction News, earlier today:

Online PIN debit continues to move from concept to reality in the early months of 2009.  HomeATM ePayment Solutions announed its PIN pad and point-of-sale device, the Safe-T-PIN, has achieved certification under the Payment Card Industry PIN Entry Device (PED) 2.0 standard.

The device, which attaches via a USB connection to PCs to allow consumers to make PIN debit transactions on Web sites and to do person-to-person money transfers online, is the first of its kind to win PED 2.0 certification. For more on HomeATM, click here


Editor's Note: To learn more about a software based solution, which is NOT PCI certified (and never CAN be) click any of the related articles below...



PIN Entry Devices

To gain approval by PCI Security Standards Council, PIN entrydevices must comply with the requirements and guidelines specified inthe following documents. Vendors preferring to complete formselectronically should download the appropriate documents.

Listing of PCI Security Standards Council Approved PIN Entry Devices

Payment Card Industry Resources

  • Testing and Approval Program Guide (PDF)
Security Requirements
Evaluation Vendor Questionnaires
FAQs
  • General Frequently Asked Questions (PDF)
  • Technical Frequently Asked Questions** (PDF)
  • Technical Frequently Asked Questions 2.0** (PDF)
Derived Test Requirements
Payment Card Industry (PCI) Recognized Laboratories
PED AnnouncementsFor questions please contact, pciped@pcisecuritystandards.org.










Reblog this post [with Zemanta]

Disqus for ePayment News