October 2014 Newsletter
This Month's Focus: 

The Emerging Mobile Payments Battle - Apple Pay vs. CurrentC

How important is security to mobile wallet success?

Despite the hiccups, early experience with Apple Pay suggests that the service really is easier and faster than using plastic at the point-of-sale. With less friction of use and more security than other payment methods offer, we might expect Apple Pay to be a sure winner in this hypercharged, security conscious environment. But other events in the last week or so suggest there is a battle ahead, and that security may not be upmost in the minds of all players. What are the real world issues that could hold back Apple Pay? Although many large issuers are backing the program, many large merchants are not, because of contractual obligations related to their participation in the Merchant Customer Exchange (MCX), a retailer owned payments group that will launch a QR code based competitive product called CurrentC during the first half of 2015. The CurrentC wallet bypasses conventional bank issued debit and credit cards (and associated interchange) and closely tracks customer purchases to enable better value (coupons, special offers, etc.) enabled by a superior understanding of consumer preferences. But it's already been hacked in pilot mode, and MCX has announced it won't fine retailers who want to leave the group.

Click here to read more on this subject.
The following articles provide additional information related to this months topic:
Registration Opens November 2nd!
2015 Shared Assessments Summit

Join us for the 2015 Shared Assessments Summit 
Four Seasons Hotel - Baltimore. Email invitations will be sent beginning November 2, 2014.

Schedule of Events

April 27: SIG 101 & AUP 101 Pre-Conference Workshop(s)
April 28: Contracts & CFPB Pre-Conference Workshop(s)
April 29: Shared Assessments Summit (full day session)
April 30: Shared Assessments Summit (morning session)
May 1: *CTPRP Certification Workshop & Exam

Sponsorship Opportunities

Your organization is invited to participate as a sponsor/exhibitor at the Shared Assessments Summit 2015 and Pre-Conference Workshops on April 27-30, 2015, at the Four Seasons Hotel in Baltimore, Maryland. Now in its eighth year, the Shared Assessments Summit is the premier event for all stakeholders in the vendor risk assessment process from a range of industries including financial services, healthcare, telecommunications, energy and higher education. 

View Sponsorship Brochure

To learn more about sponsorship opportunities, contact us at

Members Only
To promote your upcoming speaking events here, please send details to Kelly Wagner, Project Manager, The Santa Fe Group.
Commonly asked questions asked and answered


 We have been providing the Standard Information Gathering (SIG) questionnaire to our vendors that are receiving personally identifiable information (PII). Do you recommend we use the SIG for third parties not receiving such PII?


You should not limit your third party risk pool to just those organizations receiving PII, protected health information (PHI) and card holder/payment card industry (PCI) data. Many organizations seem to focus on their customer's and client's data and neglect third party controls for their own intellectual property.


Any vendor coming in contact with intellectual property, strategic or company confidential data (IPSCC) should also be assessed. It would worry many in your organization if proprietary intellectual property data housed on an unencrypted backup, flash drive or laptop went missing due to a third party's ineffective/inefficient process, and it falls into the hands of a competitor.   


In summary, third party organizations receiving your IPSCC data should be under the same scrutiny as those receiving your personally identifiable information (PII).



Apple Pay is Live and Has (Just) A Few Hiccups

By Gary Roboff, Senior Consultant, The Santa Fe Group

Apple Pay hit the streets with the release of IOS 8.1 the week of October 20th and at least at the physical point of sale, the mechanics largely seem to be working as planned. With the exception of about 1000 Bank of America customers who experienced quickly corrected duplicate charges, there have been few reported issues with in-store use.

...Read more

Interested in becoming a Shared Assessments Member?

Contact us by Email
OCC Guidance 2013-29
Federal Reserve Guidance on Managing Outsourcing Risk
ISO/IEC 27001:2013
NIST: Framework for Improving Critical Infrastructure Cybersecurity
Future Topic Suggestions
Do you have a topic you'd like to see covered in an upcoming newsletter or presented on a future monthly Member Forum call? 
Send your ideas to Kelly Wagner, Project Manager for Shared Assessments.
Guest Bloggers
Interested in serving as a guest blogger on the Shared Assessments Authorities on Risk Assurance blog? Contact  Kelly Wagner, Project Manager for Shared Assessments.
Career Opportunities Available
Current Position(s) Available:

VP of Member Relations & Sales 

View job description

Send your resume or questions to jobs@santa-fe-group.com

Copyright � 2014. All Rights Reserved.