Shortly after releasing one guidance document for merchants looking to implement cloud-based payment processing systems, the Payment Card Industry (PCI) Security Standards Council (SSC) has published a second information supplement aimed at offering best practices for the mitigation of mobile payment security risks.
Titled “PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users“, the guidance notes that while the initial purpose of many mobile devices available to consumers today was not to serve as a point of sale system, this function is increasingly sought by merchants hoping to offer convenience. Customer service is, after all, the name of the game, and offering shoppers the ability to pay for products with a mobile device can help some retailers stand out.
At the same time, security remains a chief concern, and any resistance to wider adoption of mobile payments likely stems from customers’ worries about the integrity of the system. In a press release, PCI officials cited Juniper Research data that predicted mobile transactions to quadruple by 2015, to a value of $1.3 trillion worldwide.
“Even with rapid adoption of mobile technology in payments, security still tops concerns for merchants. It comes down to the basic element of trust,” said Troy Leach, chief technology officer at the council “Currently, it is challenging to demonstrate a high level of confidence in the security of sensitive financial data in devices that were designed for other consumer purposes.”
Leach suggested merchants deploy sophisticated encryption to safeguard cardholder data processed via mobile devices. A trusted provider of credit card payment processing services can advise on the best ways to integrate alternative forms of payments within an existing transaction framework, and a partnership with this type of consultant offers businesses critical support as the payments industry continues to adapt to new technology.