The Payment Card Industry Security Standards Council has released best practices guidance for mobile payment acceptance security, Mobile Payments Today reports. The guidelines are intended to offer guidance to mobile app developers and handset device manufacturers on security controls.
The best practices are outlined in the Council’s PCI Mobile Payment Acceptance Security Guidelines and separate mobile payment acceptance security into two categories: best practices to secure transactions on mobile devices, and measures necessary to secure the mobile application platform environment. Recommendations in the guidelines include:
Isolate sensitive functions and data in trusted environments
Implement secure coding best practices
Eliminate unnecessary third-party access and privilege escalation
Create the ability to remotely disable payment applications
Create server-side controls and report unauthorized access
“Applications are going to market so quickly — anyone can design their own app today that can be used to accept payments tomorrow,” said PCI SSC Chief Technology Officer Troy Leach.
“It’s our hope that in educating this new group of developers, as well as device vendors on what they can do to build security into their design process, we’ll start to see the market drive more secure options for merchants to protect their customers’ data.”
The Council said it will release guidelines in 2013 to help merchants process mobile payments securely. (NACS: www.nacsonline.com)