Skip to main content

Mobile Payments Face the PCI Treatment


Author: Awepay

The concept of mobile payment has increased over the past couple of years, and with it has the need for decent levels of security.

Last month the PCI council announced the development of a new standard for software-based PIN entry on commercial off the shelf (COTS) devices. The concept behind this was one of permitting secure PIN-based applications and card readers to work with a mobile device, utilizing a back-end system for transaction monitoring and processing.

This week Infosecurity attended a presentation by MyPinPad featuring speakers from across payment security and retail technology. The theme was based around the fact that its been 12 years since the roll-out of Chip and PIN, and how the development of mobile-enabled payments have enabled more merchants to offer payments in instances where cash or cheques would only have been accepted in the past.

Jeremy King, international director of the Payment Card Industry Security Standards Council (PCI SSC), said that in instances such as local social clubs or outdoor festivals, those vendors offering mobile payments saw the most business. Therefore there was a need to determine a secure and practical solution to enable mobile payments, and the first draft of its new standard was published in January.

While this could take most of 2018 to come to light, as King admitted that the validation program documentation is expected in Q2, and it would be the end of 2018 before any approved solutions are released for merchants to use.



The concept that the PCI SSC have developed works around encrypting data so that it is never in plain text, using an application on the phone where the data is sent to a back end system and then to a processor, which will see it as a standard chip and PIN transaction.

King admitted that the “hard work” is in securing the PIN and mobile device so that it is one simultaneous secure process, however when questioned about updates to the PCI-certified applications, he did clarify that any application updates would not affect the overall operating system.

Also presenting was Gary Munro, senior consultant at Consult Hyperion, who said that the enablement of mobile point of sale (POS) functionality had brought cost and capability issues down, as well as the problem of unpatched payment terminals, as in the past a payment terminal would be deployed and never updated.

This, he claimed, would resolve the problem of unpatched vulnerabilities, and being application-based, could see flaws fixed in a rapidly changing threat landscape.

Much like the problem with low grade Internet of Things (IoT), the commercial devices in mobile payments have seen costs reduced but at the same time, the quality of the software and the build has diminished.

The PCI guidance will provide a set of principles, requirements and an evaluation methodology for a mobile payment-acceptance solution where the PIN Cardholder Verification Method (CVM) entry is performed on a COTS device in a merchant attended environment.

Will this provide some reassurance to an audience that have been delivered into a world of mobile-enable payments? Potentially yes, but also the sight of regulation will inject a much needed dose of security into the technology.

#awepay #awepayawesome #payment #paymentgateway #money #casy #monday
#api #web #wallet #moneywallet 

Comments

Post a Comment

Popular posts from this blog

12 Startups Utilizing Blockchain Technology in New Ways

Author: Awepay Cryptocurrency created quite the buzz this past year. Although the technology has been around for a few years, 2017 was the year it really took off. Bitcoin, the first application of cryptocurrency technology, hit $20,000 a coin, while coins like Ethereum also saw their prices increase. However, the technology behind these tokens, blockchain, has far more applications than just cryptocurrencies. Through a network of smart contracts that operate utilizing decentralized information on a ledger, blockchain is able to provide unmatched security and speed for data transfers. This means that blockchain technology has an application in nearly every industry where value is exchanged. For this reason, many startups have started to explore how this technology can change the way the world works. Here are twelve of those startups, each of which are utilizing blockchain technology in new ways. Related: 10 Reasons Why Good Customer Service Is Your Most Important Metric ...
6 comments
Read more

EMV transactions: Is it time for you to upgrade?

Even if your business has not yet adopted an EMV-enabled solution, you’re probably somewhat familiar with the technology since it's among the most talked about developments in payments. EMV has proven to be an effective tool to fight card present payment fraud in Canada and many European countries. While EMV is new to the U.S., payment card fraud is not, with nearly $8.5 billion in fraudulent transactions in the U.S. in 2015 alone. What’s more, the U.S. represents nearly 40 percent of worldwide fraud, despite having less than 25 percent of transaction sales volume. EMV defined So what is EMV? EMV technology is based on specifications developed to ensure worldwide acceptance of secure payments by an organization called EMVCo, a group of leading companies in the payments industry including American Express, Discover, JCB, MasterCard, UnionPay, and Visa and supported by dozens of other companies in the industry. EMV has become the global standard for authenticating credit...
Post a Comment
Read more

5 MAJOR BENEFITS OF MOBILE PAYMENTS

Author: Awepay When customers come to the register to pay for their meal or purchases, many can now simply hold up their mobile phones instead of handing over dollar bills or pulling out a credit card. Since mobile payment programs are relatively inexpensive and don’t require sophisticated technical knowledge to implement, many small businesses have been quick to adopt the new technology. “Mobile has really taken away the requirement that you have to build big systems and be a large company to be successful with technology,” says Gene Signorini, the vice president of mobile insights at Mobiquity. “In many ways, it is easier for small businesses to adopt mobile payment programs because they don’t have a large infrastructure to work through so small businesses can jump right in.” Here are five ways offering a mobile payment to your customers will help you increase sales: Integrate and increase incentive programs. One of the biggest benefits of using a mobile payment option i...
Post a Comment
Read more