Security Protection – Harry Waldron MVP Rotating Header Image

PCI Standard – Mobile Payment Acceptance Security Guidelines

These guidelines and best practices are shared in the following ISC article:

https://isc.sans.edu/diary/PCI+Security+Standard+Mobile+Payment+Acceptance+Security+Guidelines/14206

QUOTE: What would Cyber Security Awareness Month with a Standards theme be without discussing some semblance of PCI-related content? Carefully avoiding the debate over the benefits and drawback of PCI DSS, I’ll instead focus on a recent read with a quick summary of PCI Mobile Payment Acceptance Security Guidelines for Developers. This guideline hit my radar on 14 SEP courtesy of Ian’s Dragon News Bytes and was intriguing as I had just published Mobile application security best practices in a BYOD world a couple of weeks earlier in Information Security.

After discussing the security risks of mobile devices the guidelines describe three core objectives:
  1. Prevent account data from being intercepted when entered into a mobile device (crypto or trusted path)
  2. Prevent account data from compromise while processed or stored within the mobile device (sandbox)
  3. Prevent account data from interception upon transmission out of the mobile device (crypto)

 

Comments are closed.