The use of mobile payment platforms has skyrocketed in recent years and will surely continue to climb. Using your phone as a credit card can be very convenient for both the consumer and the merchant alike, as it speeds up the transaction and allows for another method of payment to the merchant. Devices such as Square’s credit card reader for mobile phones have also exploded in popularity within the past few years. The rise in popularity of these payment options has also drawn some serious security concerns from the payment card industry.
According to Mike Mitchell, PCI SSC chairman, mobile payment security will be among the top priorities of the Payment Card Industry Security Standards Council in 2012. The council anticipates further growth in mobile payments and has assigned special groups to address the security concerns for merchants. Guidelines were released in 2011 and best practices are scheduled to be issued later this year. Additionally, last year the council updated the PIN Transaction Security standard for point of sale equipment with card readers that are used with smart phones.
Interestingly enough, although there are (or will soon be) guidelines and best practices for securely processing transactions, nothing similarly exist for the consumer’s device. The security of payments made by the consumer using their phone as payment falls outside the PCI standard and instead is governed by other entities such as Eurpopay, MasterCard, and Visa.