QUOTE: What would Cyber Security Awareness Month with a Standards theme be without discussing some semblance of PCI-related content? Carefully avoiding the debate over the benefits and drawback of PCI DSS, I’ll instead focus on a recent read with a quick summary of PCI Mobile Payment Acceptance Security Guidelines for Developers. This guideline hit my radar on 14 SEP courtesy of Ian’s Dragon News Bytes and was intriguing as I had just published Mobile application security best practices in a BYOD world a couple of weeks earlier in Information Security.
After discussing the security risks of mobile devices the guidelines describe three core objectives:
- Prevent account data from being intercepted when entered into a mobile device (crypto or trusted path)
- Prevent account data from compromise while processed or stored within the mobile device (sandbox)
- Prevent account data from interception upon transmission out of the mobile device (crypto)