Review of PCI mobile payments guidance for merchants:
http://bit.ly/JCOB4q
Article in SearchSecurity:
http://bit.ly/KRCjnU
Interesting article in SearchSecurity: "P2P encryption for mobile is not an technology endorsement, says PCI Council". So on the one hand, in their recent mobile payments guide for merchants, they present the P2PE as the only way to secure mobile payments. On the other hand, they say " We’re not endorsing specific technology here". I am not sure I understand the point they are trying to make.
Review of PCI mobile payments guidance for merchants: http://bit.ly/JCOB4q Article in SearchSecurity: http://bit.ly/KRCjnU
0 Comments
PCI Security Standards Council just released "customized fact sheet" - guidance for merchants on how to securely implement mobile payments. According to this document called "Accepting Mobile Payments with a Smartphone or Tablet" (but for some reason referenced in press-release as "At a Glance: Mobile Payment Acceptance Security"), Point-to-Point Encryption solution -- validated and certified by P2PE QSA using recently launched PCI P2PE assessment program, and listed on PCI SSC website -- "may help you in your responsibilities under PCI DSS" and "leverages a mobile device’s display and communication functions to secure mobile payments". The only diagram in this document, which illustrates the architecture of mobile payment solution, shows P2PE solution provider accepting and processing merchant's mobile payment transactions.
PCI SSC just released updated and finalized requirements for hardware/hardware Point-To-Point Encryption solutions. It is still unclear when software requirements will be available. The PCI P2PE validation program is supposed to be launched officially after the first P2PE QSA training on May 11-13. Click to set custom HTML I doubt. What about end-to-end hardware encryption? Tokenization is necessary add on to E2E encryption but not replacement… Need to research in-memory tokenization more in depth though... Here is an article discussing in-memory tokenization vs. encryption: http://www.protegrity.com/2011/06/memory-tokenization-replace-encryption/ Here is some info about the solution:http://www.protegrity.com/wp-content/uploads/2011/04/Protegrity-Tokenization-Whitepaper-3_2011.pdf So far it looks like single company innovative solution but not a trend. Click to set custom HTML |
Books
Recent Posts
Categories
All
Archives
March 2023
|