As exciting new ways of paying via mobile phones are introduced, is there a risk that information security measures won’t keep pace?
The emergence of payments via near field communications – a set of standards to establish communication between devices, enabling contactless payments – and mobile commerce technologies has become the top security issue for the payments industry. It presents great opportunities for growth, but because of an inconsistent approach to security on the software currently being developed for mobile devices, there is a real concern that the industry is trying to run before it can walk.
Unlike payments processed via a chip and PIN entry device, there are no common standards for mobile applications. This means that some companies developing these applications are doing so without incorporating adequate measures to protect sensitive cardholder information. Over twoand- a-half years ago, Commidea introduced the first Payment Application Data Security Standard (PA-DSS) certified solution offering Point-to-Point Encryption (P2PE) technology for the benefits of UK retailers. Yet it has taken until now for the regulatory body, the PCI Security Standards Council (PCI SSC), to publish its first guidelines on P2PE applications.
There is a danger that the security guidelines and the resulting security software developments will not keep pace with retailer and consumer demands for payment services from a mobile phone.
New payment methods will continue to be exposed to security threats, as mobile handset manufacturers and software application developers continue to trial the latest innovations more quickly than the industry standards bodies can introduce new standards to secure them.
Retailers therefore must ensure that they work with a payment service provider, such as Commidea, which has exhibited a track record in payment security to protect both their customers’ sensitive card data and, ultimately, their own reputation.
Marc White is head of security at Commidea.
Call: 08444 828200