Blog

PCI Compliance for mobile payments

February 20, 2012

Security experts for the Payment Card Industry Security Standards Council (PCI SSC) remind retailers that PCI security compliance should be considered before implementing mobile payments in stores.

Security experts for the Payment Card Industry Security Standards Council (PCI SSC) remind retailers that PCI security compliance should be considered before implementing mobile payments in stores. Failure to adhere to standards not only puts customers’ payment data at risk, but it can also result in businesses’ accumulating fines and penalties. Since mobile payments are still in development, it’s uncertain how the new technology will influence the standard.

“The adoption of mobile is running rampant, and when it comes to using personal mobile devices, people have not thought about all of the security,” Bob Russo, PCI SSC general manager told Bank Info Security. “We have a task force looking at this, and in 2011 we issued some guidance. This year we will be issuing some best practices.”

Businesses should be aware that EMV chip card technology is not a replacement for PCI standards and that end-to-end encryption and tokenization can be used in combination with other security solutions to keep businesses PCI compliant, Russo said.

Many of the companies that are developing mobile credit card processing equipment are including security solutions that can keep businesses and consumers safe. Some services take PINs and can capture signatures for verification.

Back To Blog