PCI: New Focus on Mobile

PCI: New Focus on Mobile
New PCI Council Chair Sets 2012 Agenda

Mike Mitchell, new chair of the Payment Card Industry Security Standards Council, says mobility is among his top priorities for action in 2012. How will emerging technologies influence the standard?

Beyond mobile payments, point-to-point encryption, tokenization and more compliance training are also PCI priorities for 2012.

"We have special interest groups that will be looking at how to take a risk-based approach to the next level," Mitchell says. To get there, those groups are addressing payments security concerns for merchants, financial institutions and any other entity that has to comply with the PCI Data Security Standard.

Because of its increasing adoption and anticipated growth, mobile poses increasing concern. Inevitably, the council will have to address security risks for payments, adds PCI SCC General Manager Bob Russo.

"The adoption of mobile is running rampant, and when it comes to using personal mobile devices, people have not thought about all of the security," Russo says. "We have a task force looking at this, and in 2011 we issued some guidance. This year we will be issuing some best practices."

Mobile payments have the potential to transform the industry. "But with that potential are increased risks and increased vulnerabilities," Mitchell says. "We want security to remain at the center of the payments evolution," which means organizations have to address mobile risks proactively.

Addressing security concerns surrounding mobile, and other emerging payments options, with risk in mind is a given. For the council, mobile security is requiring a deeper review of the security advantages provided by the Europay, MasterCard, Visa standard. How can EMV improve the security of mobile payments? The PCI SCC aims to find out. Read more.