Skip to main content

Mobile Payments Face the PCI Treatment


Author: Awepay

The concept of mobile payment has increased over the past couple of years, and with it has the need for decent levels of security.

Last month the PCI council announced the development of a new standard for software-based PIN entry on commercial off the shelf (COTS) devices. The concept behind this was one of permitting secure PIN-based applications and card readers to work with a mobile device, utilizing a back-end system for transaction monitoring and processing.

This week Infosecurity attended a presentation by MyPinPad featuring speakers from across payment security and retail technology. The theme was based around the fact that its been 12 years since the roll-out of Chip and PIN, and how the development of mobile-enabled payments have enabled more merchants to offer payments in instances where cash or cheques would only have been accepted in the past.

Jeremy King, international director of the Payment Card Industry Security Standards Council (PCI SSC), said that in instances such as local social clubs or outdoor festivals, those vendors offering mobile payments saw the most business. Therefore there was a need to determine a secure and practical solution to enable mobile payments, and the first draft of its new standard was published in January.

While this could take most of 2018 to come to light, as King admitted that the validation program documentation is expected in Q2, and it would be the end of 2018 before any approved solutions are released for merchants to use.



The concept that the PCI SSC have developed works around encrypting data so that it is never in plain text, using an application on the phone where the data is sent to a back end system and then to a processor, which will see it as a standard chip and PIN transaction.

King admitted that the “hard work” is in securing the PIN and mobile device so that it is one simultaneous secure process, however when questioned about updates to the PCI-certified applications, he did clarify that any application updates would not affect the overall operating system.

Also presenting was Gary Munro, senior consultant at Consult Hyperion, who said that the enablement of mobile point of sale (POS) functionality had brought cost and capability issues down, as well as the problem of unpatched payment terminals, as in the past a payment terminal would be deployed and never updated.

This, he claimed, would resolve the problem of unpatched vulnerabilities, and being application-based, could see flaws fixed in a rapidly changing threat landscape.

Much like the problem with low grade Internet of Things (IoT), the commercial devices in mobile payments have seen costs reduced but at the same time, the quality of the software and the build has diminished.

The PCI guidance will provide a set of principles, requirements and an evaluation methodology for a mobile payment-acceptance solution where the PIN Cardholder Verification Method (CVM) entry is performed on a COTS device in a merchant attended environment.

Will this provide some reassurance to an audience that have been delivered into a world of mobile-enable payments? Potentially yes, but also the sight of regulation will inject a much needed dose of security into the technology.

#awepay #awepayawesome #payment #paymentgateway #money #casy #monday
#api #web #wallet #moneywallet 

Comments

Post a Comment

Popular posts from this blog

Apple Pay is coming to eBay.

As the online marketplace moves away from its official relationship with PayPal, it is moving into new relationships with new providers. As of this fall, Apple Pay will be one of the first new options on its new payment platform, making it possible for customers to either use Apple Pay in eBay’s mobile app, or for web purchases (provided they are using Safari as Apple Pay doesn’t work with Chrome or other browsers). The Apple Pay option will roll out slowly at first — only a small group of select Marketplace customers will get to use Apple Pay in the first phase of its introduction to eBay. The goal, however, is to make the transition to their own in-house payment platform by the end of 2021. The transition marks a definitive split from PayPal. eBay formally parted ways with PayPal in 2015, when it spun out as a stand-alone firm. eBay — as their contractually mandated partnership with PayPal is drawing to a close — is now working with Amsterdam-based company Adyen to...
Post a Comment
Read more

10 ways to protect your customers' credit card data

Accepting credit cards doesn't have to be a constant exercise in paranoia about whether your customers' credit card data is safe or not. Here are 10 solutions for protecting the credit card data of your customers. 1. You can’t go it alone Like anything in life—when there's a lot on your plate, you can't manage it all without help. Card data security, fraud protection and securing your customers’ information in your store is more than a one-person job. It's everyone's job. Get everyone in your business, including your customers, thinking about card data security and fraud at the point of sale. 2. EMV installation You're probably tired of hearing about EMV and chip cards at this point, but if you don't have one, you're putting yourself and your own profits in jeopardy. Chip cards, and the EMV-enabled credit card terminals that can read them, are designed to stop fraud at the point-of-sale. A "forged" card is difficult to pa...
Post a Comment
Read more

A Robust Payment Platform

Owing to the radical evolution of Fintech companies, heightened customer expectations for value-added services, and ever-changing regulatory landscape, the prominence of payment technologies has undeniably risen to new heights. These dynamics are reinvigorating the traditional financial landscape and enabling merchants to tap into the potential benefits of nascent technologies. At the same time, moving away from conventional methods of payments is bringing unprecedented opportunities to carry out international trade for both sellers and buyers. Although the disruption in the payments landscape seems stimulating for global trades, not all ventures gain from them as stringent compliance standards often undermine the use of technologies for cross-border transactions. Enunciating the same, Casey Seow, managing director of AWEpay, mentions that the new breed of technologies is revamping the entire payments space, enabling companies to cater to the untargeted market segments. He f...
Post a Comment
Read more