Mobile point of sale gets a PCI security standard [source: theregister]
by CIRT Team
The advent of mobile point-of-sale (MPOS) systems has been a boon for consumers and retailers of modest means, but the Payment Card Industry Security Standards Council’s security wonks worried that they can’t adhere to the strict hardware standards that merchants’ credit card merchant terminals.
Hence the announcement [PDF] of a new standard that aims to advise merchants on how they can let you pay with a PIN on a mobile device without letting crims steal creds.
The standard’s four key principles are that a service has to be actively monitored, in case a device like a phone or tablet is compromised; the PIN has to be isolated from other account data; ensuring the “software and integrity of the PIN entry application” on common off-the-shelf (COTS) devices; and protecting both PIN and account data “using a PCI approved Secure Card Reader-PIN (SCRP).”
For more, click here.