PCI Security Standards Council Issues Best Practices Guidelines for Mobile Software Developers | Practical Law

PCI Security Standards Council Issues Best Practices Guidelines for Mobile Software Developers | Practical Law

The Payment Card Industry (PCI) Security Standards Council, a global, open-industry organization focusing on payment security standards, released a best practices guide for mobile software developers that addresses mobile payment acceptance security.

PCI Security Standards Council Issues Best Practices Guidelines for Mobile Software Developers

by PLC Intellectual Property & Technology
Published on 19 Sep 2012USA (National/Federal)
The Payment Card Industry (PCI) Security Standards Council, a global, open-industry organization focusing on payment security standards, released a best practices guide for mobile software developers that addresses mobile payment acceptance security.
On September 13, 2012, the Payment Card Industry Security Standards Council, a standards organization founded by leading credit card companies, released a best practices guide for mobile payment acceptance security. The main focus of the guidelines, entitled PCI Mobile Payment Acceptance Security Guidelines, is to educate developers in the emerging mobile app market so that mobile device payment processes, as well as the payment environment in general, can be more secure. Recommendations include:
  • Isolating sensitive functions and data in trusted environments.
  • Implementing secure coding, engineering and testing best practices.
  • Eliminating unnecessary third-party access and privilege escalation.
  • Developing ways to remotely disable payment applications.
  • Creating server-side controls for preventing and reporting unauthorized access attempts, identifying and reporting abnormal activity, and discontinuing access.