For those companies seeking clarity on securing mobile card payment acceptance solutions, the PCI Security Standards Council sent a long-awaited Valentine on last Thursday.
A new guidance, PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, provides details to help those very constituents along those very lines. The movement of payment acceptance activity to smart devices from purpose-built devices has necessitated broader understanding of the security concerns inherent in their utilization as card processing tools.
The guidance also comes closely on the heels of a set of recommendations released last September by the Council that addressed the issue of mobile card acceptance apps and development processes.
From the Council’s press release:
Even with rapid adoption of mobile technology in payments, security still tops concerns for merchants. It comes down to the basic element of trust. Consumers want to have confidence that their information is protected – whether at their favorite restaurant, shopping online or making a purchase using a mobile device in lieu of a traditional POS. Currently, it is challenging to demonstrate a high level of confidence in the security of sensitive financial data in devices that were designed for other consumer purposes. Which is why we encourage merchants to consider encrypting cardholder data securely prior to using mobile devices to process transactions, said Troy Leach, chief technology officer, PCI Security Standards Council.
Added Leach, “When considering mobile payment acceptance, merchants need to go in with their eyes open. And that’s what the intent of this guidance is, to help merchants understand the risks so that together with developers and device vendors they can safely implement a solution that will enable mobile commerce to flourish.”
Click here to read more from the Council.