PCI Security Standards Council Issues Mobile Payment Guidance (Feb. 19, 2013)
Feb. 19, 2013
The PCI Security Standards Council (PCI SSC) has issued guidance to educate merchants on the factors and risks they need to address to protect card data when using mobile devices, such as smartphones and tablets, to accept payments.
Because consumer mobile devices are not solely used as point-of-sale tools, but also carry out other functions, they introduce new security risks, according to the PCI SSC, an open global forum responsible for the development, management, education and awareness of the Payment Card Industry Data Security Standards. The document, “PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users,” focuses on the payment software that operates on mobile devices and explains how to isolate and prevent card data from exposure.
“When considering mobile payment acceptance, merchants need to go in with their eyes open,” said Troy Leach, chief technology officer, PCI SSC. “And that’s what the intent of this guidance is, to help merchants understand the risks so that together with developers and device vendors they can safely implement a solution that will enable mobile commerce to flourish.”
The guidance complements recommendations the council published last year for mobile app developers and device vendors on designing appropriate security controls for mobile payment acceptance.
The council also recently published the “Cloud Computing Guidelines Information Supplement” for businesses deploying cloud technology. The guide offers insight for businesses that want to select solutions and third-party cloud providers that will help them secure their customer payment data and support PCI DSS compliance.
