The Payment Card Industry Security Standards Council has issued its anticipated guidance for software developers and mobile device manufacturers on the security of mobile payment acceptance applications. The guidance is in addition to a mobile payment security fact sheet for merchants the Council released in May 2012. BankInfoSecurity.com has audio from an interview with Bob Russo and Troy Leach of the PCI SSC.
“We know that people are excited about this new technology, and the benefits are obvious to merchants and commerce in general,” says Leach, the Council’s CTO. “However, mobile payment is still in its infancy and needs to be approached with a certain amount of caution.”
The new guidance, developed by a council task force, focuses on two areas: best practices for securing payment transactions and guidelines for securing the supporting mobile application platform environment. Among the recommendations: implement secure coding best practices; eliminate unnecessary third-party access and privilege escalation;create the ability to remotely disable payment applications.