New merchant guidance from the Payment Card Industry Security
Standards Council addresses card data protection for mobile devices used
to accept payments, an area that poses increasing risks.
Banking institutions, as card issuers and acquirers, should use the
guidance when assisting merchants with end-to-end mobile transaction
security, says Steve Kenneally, who works in the Center for Regulatory Compliance at the American Bankers Association.
"Shining a spotlight on the need to improve payment security is
always a great idea," he says. "Providing specific recommendations on
how to achieve a higher level of security is even better."
As payments acquirers, banking institutions work with merchants to
ensure the payment environment is secure, Kenneally says. "We expect the
PCI guidelines to become one more tool that acquirers can use to
increase merchant security," he adds.
Among mobile security considerations addressed in the PCI Council's new guidance are:
- Risks associated with account data entry on mobile devices, account data residing or stored on the devices and account data transmitted through mobile devices;
- Steps merchants should follow to ensure the physical and transactional security of mobile devices used for payment acceptance; and
- Guidelines for components involved in payment acceptance, such as hardware, software, the use of payment acceptance solutions and customer relationship considerations.
Mobile for Payment Acceptance
"The PCI guidelines recognize that some of the qualities that make
mobile acceptance so attractive to merchants, also make it attractive to
fraudsters," Kenneally says. "The applications are simple to obtain,
easy to use and, by definition, are easy to transport. It may be easier
just to steal a merchant's phone or tablet, rather than hacking into the
system. You can't say that about a gas pump or checkout line at the
supermarket."
More...Fuente: www.bankinfosecurity.com
No hay comentarios:
Publicar un comentario