Security Experts:

Connect with us

Hi, what are you looking for?



PCI Council Releases Mobile Payment Acceptance Guidance

The PCI Security Standards Council (PCI SSC), the body behind the Payment Card Industry Data Security Standard (PCI DSS), today shared guidance on how merchants can securely accept payments using mobile devices.

The PCI Security Standards Council (PCI SSC), the body behind the Payment Card Industry Data Security Standard (PCI DSS), today shared guidance on how merchants can securely accept payments using mobile devices.

In the form of a fact sheet, the guidance is designed to help merchants understand their responsibilities when it comes to mobile payment acceptance, as well as take advantage of the benefits provided by the Council’s recently published Point-to-Point Encryption (P2PE) standard program and choose a mobile payment acceptance solution that meets their PCI DSS compliance obligations.

Accepting Mobile Payments Compliance RequirementsAs use of mobile devices including smartphones and tablets being as point-of-sale terminals grows, the Council is making an effort to help ensure data security remains top of mind.

The guidance is the product of the Council’s Mobile Working Group and is the result of input from merchants, vendors and organizations actively involved in the in the mobile payment acceptance industry.

[Related: Embracing Mobile Payments? You Might Not Be Compliant]

The document helps clarify some of the technology and security terminology into straightforward, practical guidance, and also draws on recent updates made to the PIN Transaction Security (PTS) Requirements at the end of 2011, creating the foundation for data security in mobile payment acceptance.

“We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards,” said Bob Russo, general manager, PCI Security Standards Council. “And the Council and its stakeholders want to help the market to do this in a secure way. We’re excited about this easy-to-use reference that will help merchants understand how to use the suite of PCI Standards to enable their businesses while still keeping data security top of mind.”

It’s important to note, that along with all SSC fact sheets, this latest guidance does not replace or supersede any of the existing PCI Standards.

The Council said it would continue to work with the payments community to address mobile payment acceptance security and evaluate whether additional requirements are needed in this area and plans to publish best practices for securing mobile transactions later this year.

“The PTS and P2PE standards are being leveraged by mobile solution providers today. With this fact sheet we hope to help merchants understand how these standards work and the options that are available to them for accepting mobile payments in a secure and PCI DSS compliant manner,” said Troy Leach, chief technology officer, PCI Security Standards Council.

The Accepting Mobile Payments with a Smartphone or Tablet docuement can be found here as a PDF download.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.