Mobile Payments New PCI Guidance

  • Phone Verification

The Payment Card Industry Security Standards Council has addressed new merchant guidance in regards to data protection and mobile devices that accept payments. These new mobile payment guidelines are vital to both banking institutions and card issuers & acquirers that assist merchant with mobile transactions. By providing more specific recommendations, a higher level of security will become more obtainable. The newest PCI guidelines will be a tool that can help increase merchant security. Bankinfo Security has outlined some of the considerations addressed by the PCI Council:

1.) Risks associated with account data entry on mobile devices, account data residing or stored on the devices and account data transmitted through mobile devices

2.) Steps merchants should follow to ensure the physical and transactional security of mobile devices used for payment acceptance

3.) Guidelines for components involved in payment acceptance, such as hardware, software, the use of payment acceptance solutions and customer relationship considerations

As many of the experts state, mobile devices were not created with the intention of being payment processor like many point-of-sale terminals were. This is one of the major reasons as to why securing mobile payments is a different beast. Although the process and risks may be very different, banking institutions should still treat mobile security just as seriously as they do with their physical security. Security should be approached with the mindset of a fraudster. Because the same reasons why mobile payments are attractive to merchants, are also the reasons why they attractive to thieves; theyre simple, easy to use, and easy to transport. Most of the responsibility falls on the acquirers and they need to be seen as a resource to their merchants. They must communicate with their merchants and provide them with tools or third parties that can assist with identification needs. As acquirers gain increased responsibilities, they should educate themselves on the options for mobile identity verification and authentication available on the market. By knowing the risks and options to prevent these risks, mobile payments will become more secure as more businesses choose to implement this option.

[Contributed by EVS Marketing]