martes, 9 de abril de 2013

New PCI Guidance for Mobile Payments

New merchant guidance from the Payment Card Industry Security Standards Council addresses card data protection for mobile devices used to accept payments, an area that poses increasing risks.
Banking institutions, as card issuers and acquirers, should use the guidance when assisting merchants with end-to-end mobile transaction security, says Steve Kenneally, who works in the Center for Regulatory Compliance at the American Bankers Association. 

New PCI Guidance for Mobile Payments 

 "Shining a spotlight on the need to improve payment security is always a great idea," he says. "Providing specific recommendations on how to achieve a higher level of security is even better."
As payments acquirers, banking institutions work with merchants to ensure the payment environment is secure, Kenneally says. "We expect the PCI guidelines to become one more tool that acquirers can use to increase merchant security," he adds.
Among mobile security considerations addressed in the PCI Council's new guidance are:
  • Risks associated with account data entry on mobile devices, account data residing or stored on the devices and account data transmitted through mobile devices;
  • Steps merchants should follow to ensure the physical and transactional security of mobile devices used for payment acceptance; and
  • Guidelines for components involved in payment acceptance, such as hardware, software, the use of payment acceptance solutions and customer relationship considerations.

Mobile for Payment Acceptance

"The PCI guidelines recognize that some of the qualities that make mobile acceptance so attractive to merchants, also make it attractive to fraudsters," Kenneally says. "The applications are simple to obtain, easy to use and, by definition, are easy to transport. It may be easier just to steal a merchant's phone or tablet, rather than hacking into the system. You can't say that about a gas pump or checkout line at the supermarket." 



No hay comentarios: