The Payment Card Industry Security Standards Council (PCI SSC) has recently published best practice Guidelines for mobile app developers and mobile device manufacturers. They are intended to boost standards in security as the market for payment via mobile devices grows dramatically.
Mobile devices, such as smartphones and tablets, include payment acceptance as one of their functions, but such devices currently have limited security safeguards. The security of the cardholder data may therefore be compromised. The guidance is designed to assist developers and manufacturers in designing security features to:
- Prevent account data from interception when entered into a mobile device
- Prevent account data from compromise while processed or stored within the mobile device
- Prevent account data from interception upon transmission out of the mobile device.
Key recommendations include:
- Implementing secure coding best practices
- Protecting the mobile device from malware
- Protecting the mobile device from unauthorised applications
- Creating tools for mobile apps to monitor and report suspicious activity
A link to the Guidelines can be accessed here.