The PCI Security Standards Council has published the PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users to help educate merchants on the risks that must be addressed to protect consumer data when accepting payments on a mobile device.
The guidelines center around the following:
- Objectives and Guidance for the Security of the Payment Transaction, which focus on account data as it enters, resides in and leaves the mobile device;
- Guidelines for Securing the Mobile device, which focus on the physical and logical security of mobile devices, and provide recommendations for merchants accepting mobile payments;
- Guidelines for Securing the Payment Acceptance Solution, which focus on various components of payment acceptance solutions and consumer relations.
The Guidelines further recommend that merchants only use a mobile payment solution that is PCI-validated, with a P2P Encryption.
“Even with rapid adoption of mobile technology in payments, security still tops concerns for merchants. It comes down to the basic element of trust. Consumers want to have confidence that their information is protected,” said Troy Leach CTO of PCI Security Standards Council. “Currently, it is challenging to demonstrate a high level of confidence in the security of sensitive financial data in devices that were designed for other than consumer purposes. Which is why we encourage merchants to consider encrypting cardholder data securely prior to using mobile devices to process transactions.”