Certify payment professionals on security � yea or nay?

The Society of Payment Security Professionals, an organization formed in April 2008 by risk management firm Aegenis Group Inc., has created two new industry level certification programs focused on nine different aspects of payment card security, risk management and auditing.

The Certified Payment Card Industry Security Manager (CPISM) and the Certified Payment Card Industry Security Auditor (CPISA) are certification programs designed to give payments industry professionals, including ISOs and merchant level salespeople (MLSs), a comprehensive knowledge of the security and regulatory issues imposed on the bankcard processing industry.

Once individuals take the CPISM and CPISA courses, they are administered exams covering nine domains, including payments industry structure and data, processing, fraud trends, merchant risk analysis, the regulatory environment, third-party relationships, information security and auditing.

Sometimes the twain shall meet

Dr. Heather Mark, Executive Director for the SPSP and a Senior Vice President of Operations for Aegenis, sees SPSP's training and certification as an opportunity to bridge the chasm between security and payment professionals.

"The Society found tremendous asymmetry between security experts who don't know the [payments] industry and industry professionals who didn't necessarily know security," Mark said. "It was sort of a case that never the twain shall meet. There was a lot of tension because the viewpoints between the two groups didn't jive from a business perspective.

"The certification was designed to provide payment card professionals with a high-level understanding of the industry and the data security and privacy regulations that impact it. It also provides ISOs and MLSs sufficient understanding of the issues to address their customers' questions."

Reinventing the wheel

However, Deana Sellens, Chief Operating Officer for TCB Consulting LLC, questions the SPSP's objectives. "I'm not thrilled about it, and I don't believe that we should continue reinventing the wheel over and over again," she said.

Sellens feels that the SPSP and other organizations could better spend their time lobbying for tougher laws against fraudsters. "I don't understand why we can't unite on some of this stuff," she said. "Eventually, none of these certifications are going to mean squat."

But Mark disagreed. "I'm surprised to hear that because we've gotten extremely positive feedback from everybody that we've dealt with," she said.

According to Mark, the SPSP's ultimate goal is the protection of consumer data. SPSP believes this certification is good for everyone, from the card brands and acquirers to merchants and MLSs. "If we can get everybody speaking the same language, we can raise the security bar across the country," Mark said.

The SPSP conducted its first training event and certification in August 2008 and will hold its next training workshop and exams for both CPISM and CPISA certification programs at the Outdoor World Embassy Suites in Dallas from Nov. 4 to 7, 2008. For more information on the SPSP and certification training and exam registration, visit www.paymentsecuritypros.com .

Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.