PCI Compliance and Mobile Devices
The Payment Card Industry (PCI) Security Standards Council has released the Data Security Standards (DSS) version 3.0 outlining revised requirements for payment data security, effective January 1st, 2014. Merchants and Service Providers that store, process, or transmit customer payment card data must adhere to the revised outlined requirements. Additionally, the PCI Council released the PCI Mobile Payment Acceptance Security Guidelines 1.0, which focuses on Mobile POS (Point-of-Sale) devices.
Many companies are moving to mobile to increase employee productivity, improve customer experience, and increase sales. As a result, the revised requirements in PCI DSS 3.0 include new requirements for mobile devices used in the Cardholder Data Environment (CDE) as well as Mobile POS.
This whitepaper outlines best practices for achieving compliance with these mobile requirements and fortifying your mobile strategy. This is meant only as directional guidance, and each organization should seek the appropriate.