10:39 AM
Connect Directly

New Security Guidelines Issued for Developing Mobile Payments Solutions

The PCI Security Standards Council released new best practices for developers in creating solutions that accept mobile payments.

A new list of best practices for securing mobile payments acceptance to aid software developers and mobile manufacturers in designing security solutions for merchants to accept mobile payments was released yesterday by the PCI Security Standards Council, an industry standards forum that develops and manages the PCI Data Security Standard.

The security guidelines illustrate the need for more secure development practices for solutions that will allow merchants to accept mobile payments, the council said in a statement. The council cited experts at Trustwave SpiderLabs, which investigates data breaches and malware attacks, that noted that mobile malware is still in its infancy, and existing platforms are limited in their ability to ensure security of mobile payments transactions. Some of the top security threats to mobile payments that the council mentioned included malware and rootlets, jailbreaking vulnerabilities and man-in-the-middle attacks.

"It is important that a best practice guide be developed, by the industry, to educate mobile app developers on methods of securing commerce transactions and risks of not doing so," said Nicholas J. Percoco, senior vice president of Trustwave Spiderlabs.

[See Related: Lack of Standards, Security Biggest Barriers to Mobile Payments]

The best practices document is the result of a task force made up of mobile payments industry participants that the Council formed back in 2010 to address mobile payments security. Some of the reports key recommendations include isolating sensitive functions and data in trusted environments, implementing secure coding practices, being able to remotely disable a payments application and reporting unauthorized access.

The council said that it will continue issuing further guidance to push for merchants and developers on mobile security payments in the next year.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.