Thursday, September 20, 2012

PCI Council releases Security Guidlines for Mobile Payments Acceptance applications

Fresh from the oven -- "PCI Mobile Payment Acceptance Security Guidelines" – released last week, is the first outcome of the PCI council "Mobile taskforce" which was established late last year, in order to handle the rapidly evolving and spreading (yet lacking security best practices) mobile payment acceptance solutions.

This first of a kind formal guidance regarding cardholder data security and PCI compliance in payment acceptance mobile applications (such as mobile POS), provides an extensive (while not exhaustive and not without its limitations) guide for both traditional and less conventional mechanisms to isolate account data and protect it from exposure in mobile payment acceptance solutions/applications.

Most importantly, this release somewhat eases the conclusive tone towards the P2PE standard as the only way to gain compliance with PCI DSS in mobile payment acceptance solutions, and serves as a more practical way in terms of PCI DSS and specific mobile security guidelines.