Logo

Site non disponible sur ce navigateur

Afin de bénéficier d'une expérience optimale nous vous invitons à consulter le site sur Chrome, Edge, Safari ou Mozilla Firefox.

adnews

PCI Recommendations for Mobile Acceptance

  • The PCI-SSC has just released m-payment apps-dedicated recommendations. These Best Practices are meant to help developers and manufacturers securing their retail-oriented apps (mobile card acceptance). Today’s pressuring context, highly favourable to the emergence of mobile threats, stands at the heart of these guidelines.
  • The Council formed an industry taskforce in 2010 as part of a dedicated effort to address mobile payment acceptance security and set up specially crafted standards. Their new release covers two “areas”: Best Practices for payments transactions themselves (entry, storage and transportation of sensitive data) and, guidelines for securing the supporting environment. Among relevant issues, isolating sensitive functions and data in trusted environments, the ability to remotely disable payment applications and even detection/prevention of unauthorised accesses are considered. The Council also explains that other guidelines are to be released next year.
Source: PCI-SSC press release
  • These guidelines are all the more relevant and necessary that new threats have again been highlighted by recently published studies. LexisNexis® 4th Annual True Cost of Fraud, for instance shows that fraud-related losses at accepting merchants are higher than at non-accepting ones. Only 6% of those interrogated were equipped with appropriate equipment (compared to 4% last year) and the study shows that fraud rates actually increase even with low mobile transactions volumes.
  • Among critical factors, the study pinpoints the development of multi-channel solutions and the variety of mobile media likely to make security procedures more complicated, and merchants’ lack of clear-sightedness regarding fraud risks: 37% of those interrogated do expect an impact on their business strategy, but only 2% seem to feel concerned about mobile security. Finally, 61% deemed that apps-based mobile payments were the least risky, followed by the mobile Web browser (52%), Carrier billing (37%), mobile contactless payments (28%), and SMSs (22%).