The Payment Card Industry Security Standards Council (PCI SSC) has released guidance making PCI compliant hosting a must forsecure mobile transactions.
Online PR News – 01-December-2012 – Chicago , IL – Chicago, Illinois (November 2012) - The PCI SSC recently issued best practices for the protection of payment card data irrespective of the channel used for payment. PCIHosting.com (http://www.pcihosting.com/) says that now it is crucial for merchants to choose PCI compliant web hosting to make online payments on mobile devices secure. As the global market for mobile payment solutions continues to grow, the new guidelines are a step in the right direction, offering professionals in thisfield guidance on achieving PCI compliance, and thus helping customers make safe online payments on their mobile phones.
According to the PCI SSC, existing mobile platforms can make it difficult for customers to determine the security of online transactions using mobile devices. This bolsters the need for best practices for mobile payment acceptance. Among the PCI SSC’s key recommendations for merchants is to choosePCI compliant web hosting in order to isolate sensitive data, information, and functions in a reliable environment. This will ensure secure coding best practices, eliminate unnecessary privilege escalations or access, prevent unintentional data leakage, remotely disable site payment applications, set up server side controls, and report data security breaches.
The trusted execution environment existing between the mobile device and dataentry mechanism offered by a PCI compliant hosting provider ensures that no unauthorized party can intercept account data. This restricts access between secured mobile device memory and the mechanism receiving account data.
The PCI SSC’s initiative is directed toward ensuring secure distribution of account data, controlling account data while being accessed, preventing account data from being breached when processed or stored on a mobile device,and protecting the device from unauthorized access. Also important is the secure storage of and access to account data when the mobile device is used as a point of sale. It is a must for merchants using mobile devices for payment card acceptance to use PCI compliant web hosting to protect that information.
The new guidelines are aimed at providing guidance and raising awareness of merchants to ensure protection of the trust needed for a payments on mobile devices, reduce security risks, and encourage monitoring for advancements that improve integrity and preparing for newly discovered threats.