The Payment Card Industry Security
Standards Council has addressed new merchant guidance in regards to data
protection and mobile devices that accept payments. These new mobile
payment guidelines are vital to both banking institutions and card issuers
& acquirers that assist merchant with mobile transactions. By providing
more specific recommendations, a higher level of security will become more
obtainable. The newest PCI guidelines
will be a tool that can help increase merchant security. Bankinfo
Security has outlined some of the considerations addressed by the PCI Council:
1.)
Risks associated with account data entry on mobile devices, account data
residing or stored on the devices and account data transmitted through mobile
devices
2.)
Steps merchants should follow to ensure the physical and transactional security
of mobile devices used for payment acceptance
3.)
Guidelines for components involved in payment acceptance, such as hardware,
software, the use of payment acceptance solutions and customer relationship
considerations
As
many of the experts state, mobile devices were not created with the intention
of being payment processor like many point-of-sale terminals were. This is one
of the major reasons as to why securing
mobile payments is a different beast. Although the
process and risks may be very different, banking institutions should still
treat mobile
security just as seriously as they do with
their physical security. Security should be approached with the mindset of a
fraudster. Because the same reasons why mobile payments are attractive to
merchants, are also the reasons why they attractive to thieves; theyre simple,
easy to use, and easy to transport. Most of the responsibility falls on the
acquirers and they need to be seen as a resource to their merchants. They must
communicate with their merchants and provide them with tools or third parties
that can assist with identification needs. As acquirers gain increased responsibilities,
they should educate themselves on the options for mobile
identity verification and authentication available on the
market. By knowing the risks and options to prevent these risks, mobile
payments will become more secure as more businesses choose to implement this
option.
[Contributed
by EVS Marketing]