PCI SSC Publishes Mobile Guidelines 

Feb. 19, 2013

Late last week, the PCI Security Standards Council (PCI SSC), an independent body that sets payment-card security standards, published the PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users . The new guidance is aimed at merchants offering mobile payments to their customers and focuses on security issues that arise from the fact mobile devices can be used for other functions.

“Consumers want to have confidence that their information is protected—whether at their favorite restaurant, shopping online or making a purchase using a mobile device in lieu of a traditional POS,” said Troy Leach, chief technology officer, PCI Security Standards Council. “Currently, it is challenging to demonstrate a high level of confidence in the security of sensitive financial data in devices that were designed for other consumer purposes. Which is why we encourage merchants to consider encrypting cardholder data securely prior to using mobile devices to process transactions.”

The guidance document addresses three main areas: the security of data entering, residing and leaving the device during mobile transactions; recommended measures for mobile devices used by merchants for payment acceptance; and guidance for other facets of the mobile acceptance solution.