The card giant has set out best practices and minimum standards for encryption and made clear the solution provider's responsibilities to secure cardholder data when mobile devices are used to accept payment.
Visa has released a best practice guide for retailers, software developers and device manufacturers who are using smartphones and tablet computers to accept mobile card payments.
The payments giant has stepped in to spell out minimum standards and best practices as the use of mobile devices to accept payments continues to proliferate.Visa has released a best practice guide for retailers, software developers and device manufacturers who are using smartphones and tablet computers to accept mobile card payments.
"Because mobile devices and acceptance attachments today are not designed to the same security requirements as traditional payment terminals, and merchants do not control the security of the network environments to which their acceptance devices connect wirelessly, there are important security considerations above and beyond those for traditional acceptance solutions," says the firm.
Eduardo Perez, head of global payment system risk at Visa, adds: "Mobile devices that can facilitate acceptance of payments are an important advancement in payments that must balance the promise of an enhanced consumer and retailer shopping experience with enhanced security measures to protect sensitive cardholder information."
Among the best practice guidelines are demands for:
- Encrypting all account data at the card reader level and in transmission between the acceptance device and the processor — especially important given the use of wireless or public networks;
- Enabling truncation or tokenisation of card numbers, allowing the merchant to identify the cardholder without storing the full account data;
- Ensuring that payment data read from cards is protected against fraudulent use by malicious or unauthorised applications on the device.
No comments:
Post a Comment