PCI Council Adds Mobile Card Readers to Encryption Standard

by Mercator Advisory Group 0

The Payment Card Information Security Standards Council (PCI SSC) has announced the inclusion of all payment acceptance devices (including all payment card readers that attach to mobile devices) in the latest version of the PIN Transaction Security program, released October 14. Now, every mobile dongle, fob, sleeve, and sled – from VeriFone’s PayWare Mobile card reader to Square’s square – can be tested against PCI’s PTS guidelines and approved for point-to-point encryption deployment, according to the following article in Retail Info Systems News.

The requirements have also been updated to address secure (encrypting) card readers, further facilitating the use of open platforms, such as mobile phones, to accept payments.

Merchants looking to use magnetic stripe readers (MSRs) or MSR plug-ins can now ensure the devices have been tested and approved to encrypt data on the reader before it reaches the device. The new guidelines also provide device manufacturers with a consistent set of data security and encryption standards.

“There are already hundreds of devices, such as the Square that clips on to a mobile phone, to enable remote mobile acceptance of credit cards,” says Bob Russo, general manager, PCI Security Standards Council. “Now that these requirements are defined, vendors can design and build their devices based on security criteria, and then submit the devices to the PCI Council to have them certified as PTS compliant. Merchants looking to buy these devices will be able to look up the vendors with compliant devices on the PCI website.”

The updated PTS Security program requirements and listing of approved devices are available on the PCI Council website.

Click here for more