Security Experts:

PCI Council Releases Mobile Payment Acceptance Guidance

The PCI Security Standards Council (PCI SSC), the body behind the Payment Card Industry Data Security Standard (PCI DSS), today shared guidance on how merchants can securely accept payments using mobile devices.

In the form of a fact sheet, the guidance is designed to help merchants understand their responsibilities when it comes to mobile payment acceptance, as well as take advantage of the benefits provided by the Council’s recently published Point-to-Point Encryption (P2PE) standard program and choose a mobile payment acceptance solution that meets their PCI DSS compliance obligations.

Accepting Mobile Payments Compliance RequirementsAs use of mobile devices including smartphones and tablets being as point-of-sale terminals grows, the Council is making an effort to help ensure data security remains top of mind.

The guidance is the product of the Council’s Mobile Working Group and is the result of input from merchants, vendors and organizations actively involved in the in the mobile payment acceptance industry.

[Related: Embracing Mobile Payments? You Might Not Be Compliant]

The document helps clarify some of the technology and security terminology into straightforward, practical guidance, and also draws on recent updates made to the PIN Transaction Security (PTS) Requirements at the end of 2011, creating the foundation for data security in mobile payment acceptance.

“We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards,” said Bob Russo, general manager, PCI Security Standards Council. “And the Council and its stakeholders want to help the market to do this in a secure way. We’re excited about this easy-to-use reference that will help merchants understand how to use the suite of PCI Standards to enable their businesses while still keeping data security top of mind.”

It’s important to note, that along with all SSC fact sheets, this latest guidance does not replace or supersede any of the existing PCI Standards.

The Council said it would continue to work with the payments community to address mobile payment acceptance security and evaluate whether additional requirements are needed in this area and plans to publish best practices for securing mobile transactions later this year.

“The PTS and P2PE standards are being leveraged by mobile solution providers today. With this fact sheet we hope to help merchants understand how these standards work and the options that are available to them for accepting mobile payments in a secure and PCI DSS compliant manner,” said Troy Leach, chief technology officer, PCI Security Standards Council.

The Accepting Mobile Payments with a Smartphone or Tablet docuement can be found here as a PDF download.

Subscribe to the SecurityWeek Email Briefing
view counter