Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

PCI Council Releases Mobile Payment Acceptance Guidance

The PCI Security Standards Council (PCI SSC), the body behind the Payment Card Industry Data Security Standard (PCI DSS), today shared guidance on how merchants can securely accept payments using mobile devices.

The PCI Security Standards Council (PCI SSC), the body behind the Payment Card Industry Data Security Standard (PCI DSS), today shared guidance on how merchants can securely accept payments using mobile devices.

In the form of a fact sheet, the guidance is designed to help merchants understand their responsibilities when it comes to mobile payment acceptance, as well as take advantage of the benefits provided by the Council’s recently published Point-to-Point Encryption (P2PE) standard program and choose a mobile payment acceptance solution that meets their PCI DSS compliance obligations.

Accepting Mobile Payments Compliance RequirementsAs use of mobile devices including smartphones and tablets being as point-of-sale terminals grows, the Council is making an effort to help ensure data security remains top of mind.

The guidance is the product of the Council’s Mobile Working Group and is the result of input from merchants, vendors and organizations actively involved in the in the mobile payment acceptance industry.

[Related: Embracing Mobile Payments? You Might Not Be Compliant]

The document helps clarify some of the technology and security terminology into straightforward, practical guidance, and also draws on recent updates made to the PIN Transaction Security (PTS) Requirements at the end of 2011, creating the foundation for data security in mobile payment acceptance.

“We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards,” said Bob Russo, general manager, PCI Security Standards Council. “And the Council and its stakeholders want to help the market to do this in a secure way. We’re excited about this easy-to-use reference that will help merchants understand how to use the suite of PCI Standards to enable their businesses while still keeping data security top of mind.”

It’s important to note, that along with all SSC fact sheets, this latest guidance does not replace or supersede any of the existing PCI Standards.

The Council said it would continue to work with the payments community to address mobile payment acceptance security and evaluate whether additional requirements are needed in this area and plans to publish best practices for securing mobile transactions later this year.

Advertisement. Scroll to continue reading.

“The PTS and P2PE standards are being leveraged by mobile solution providers today. With this fact sheet we hope to help merchants understand how these standards work and the options that are available to them for accepting mobile payments in a secure and PCI DSS compliant manner,” said Troy Leach, chief technology officer, PCI Security Standards Council.

The Accepting Mobile Payments with a Smartphone or Tablet docuement can be found here as a PDF download.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.