The Payment Card Industry Security Standards Council (PCI SSC) released new guidelines during its recent Community Meeting in Orlando. The new Mobile Payment Acceptance Security guidelines apply to the payment applications identified in Mobile Payment Acceptance Application Category 3, and they give software developers and mobile device manufacturers the necessary steps for creating secure mobile payment acceptance solutions.
The SSC’s release of guidelines for mobile developers and device manufactures brings the payments industry closer to an established security standard for mobile payment transactions. However, the Council has made it clear it is still too early to codify requirements into the PCI Data Security Standard (DSS). To this end, it is important to note that the newly-issued guidelines do not represent new requirements nor do they supersede or replace any part of the PCI DSS.
As indicated by the Council earlier this year, point-to-point encryption (P2PE) is a key component to securing mobile payment transactions. With the release of this new guidance for developers, P2PE assessors, solution providers and application vendors can complete their assessments and submit their reports and validation documentation for acceptance and listing on the PCI SSC website as a validated P2PE solution.
Merchants wishing to implement mobile payment acceptance technology can expect to begin seeing validated P2PE solutions within the next few months. In addition, the Council plans to release further merchant-facing guidance in early 2013.
For more information and access to the PCI Mobile Payment Acceptance Security guidelines, please click here.
ISOs and acquirers serving small merchants are also encouraged to download the research report, “Small Merchants and Mobile Payments: A Pulse Check on Technology Awareness and Adoption.” This report addresses small merchants’ current and planned integration of mobile payment technologies within their business operations, as well as their understanding of consumer demand for mobile payment options.