Visa recently published a how-to guide for merchants who use mobile payment technology for processing credit card payments on their cell phones and tablet computers. The guide is intended to simplify the mobile credit card payment process for these users.
The guide in its entirety can be found at visa.com. Below are the main 3 suggestions we would like to share with you from the guide.
#1. Mobile applications are not on the list of PA-DSS validated applications.
Ensuring that your POS terminal or software program conforms to PCI DSS compliance standards is a must. However, this does not apply to mobile devices yet. New mobile apps are being developed almost hourly. As a result the PCI Security Standards Council has not yet defined what makes a mobile app compliant. For more information on this gray area visit the PCI security standards website.
The security of mobile devices and the applications that are on them should be your main focus, as well as your merchant’s. This will be true until there is an official PA-DSS mobile app standard.
#2. Choose a vendor with a solid track record with respect to PCI DSS compliance.
It is important that you choose a company that provides the highest security for their mobile applications and processing credit card payments. Although there are no ways to have 100% assurance on this, a good sign for spotting a secure company can be seen in their footprints. A company’s history in maintaining PA-DSS validation for its products is always a good signal and usually results in a safe choice.
#3. Does the application meet the best practices recommended by Visa?
Can you disable the device or payment application if it is lost or stolen? Similar to canceling a physical credit card, this ability would help prevent unauthorized credit card transaction processing.
Is regular activity being monitored? The ability to track suspicious activity is directly related to the ability to track normal activity. A geo-tagging system is an example of this; an abrupt change in the area of transactions is a red flag for detecting theft.
Can the card’s data be taken between the device and phone? The device which swipes the card should encrypt the data it receives to prevent unwanted third party interception. VeriFone’s criticism of Square’s card reader is a good example of the importance of this.
Is personal data held securely? After the cardholder’s data is processed it should be encrypted.
This is an ever-changing market where practices are continually being revised. Staying on top of the most current news is the best way to make sure your mobile credit card transaction processing process is secure.
Clearent is a leader in credit card transaction processing. If you are a ISO or Financial institution exploring your opportunities for processing credit card payments please take a second a look at what Clearent has to offer. We built Clearent from the ground up to be a different kind of payment processor, the kind that brings a whole new dynamic to the industry, going beyond transactions to build long term relationships and provide our clients with the tools and insights that make a difference. Simple is good. Partner with us and see for yourself!