Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

PCI Council Releases Mobile Payment Acceptance Guidance

The PCI Security Standards Council (PCI SSC), the body behind the Payment Card Industry Data Security Standard (PCI DSS), today shared guidance on how merchants can securely accept payments using mobile devices.

The PCI Security Standards Council (PCI SSC), the body behind the Payment Card Industry Data Security Standard (PCI DSS), today shared guidance on how merchants can securely accept payments using mobile devices.

In the form of a fact sheet, the guidance is designed to help merchants understand their responsibilities when it comes to mobile payment acceptance, as well as take advantage of the benefits provided by the Council’s recently published Point-to-Point Encryption (P2PE) standard program and choose a mobile payment acceptance solution that meets their PCI DSS compliance obligations.

Accepting Mobile Payments Compliance RequirementsAs use of mobile devices including smartphones and tablets being as point-of-sale terminals grows, the Council is making an effort to help ensure data security remains top of mind.

The guidance is the product of the Council’s Mobile Working Group and is the result of input from merchants, vendors and organizations actively involved in the in the mobile payment acceptance industry.

[Related: Embracing Mobile Payments? You Might Not Be Compliant]

The document helps clarify some of the technology and security terminology into straightforward, practical guidance, and also draws on recent updates made to the PIN Transaction Security (PTS) Requirements at the end of 2011, creating the foundation for data security in mobile payment acceptance.

“We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards,” said Bob Russo, general manager, PCI Security Standards Council. “And the Council and its stakeholders want to help the market to do this in a secure way. We’re excited about this easy-to-use reference that will help merchants understand how to use the suite of PCI Standards to enable their businesses while still keeping data security top of mind.”

It’s important to note, that along with all SSC fact sheets, this latest guidance does not replace or supersede any of the existing PCI Standards.

The Council said it would continue to work with the payments community to address mobile payment acceptance security and evaluate whether additional requirements are needed in this area and plans to publish best practices for securing mobile transactions later this year.

Advertisement. Scroll to continue reading.

“The PTS and P2PE standards are being leveraged by mobile solution providers today. With this fact sheet we hope to help merchants understand how these standards work and the options that are available to them for accepting mobile payments in a secure and PCI DSS compliant manner,” said Troy Leach, chief technology officer, PCI Security Standards Council.

The Accepting Mobile Payments with a Smartphone or Tablet docuement can be found here as a PDF download.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...