It should be still possible to avoid an issue with the validation of mobile payment application if software installed on mobile device does not store or process sensitive card data because in this case the application would not fall into the definition of payment application as described in PA-DSS, and therefore is not required not pass the validation at all.
PCI Security Standards Council recently issued press release clarifying position of the Council on mobile payment applications. According to the special “update on PA-DSS and mobile payment acceptance applications”, PCI SSC won’t allow payment applications developed for mobile devices such as iPhone, BlackBerry, Android etc. to be accepted for PA-DSS validation which means that such products won't be able to achieve PCI PA-DSS compliance and therefore used as part of merchant’s PCI DSS compliant environment. This limitation won’t affect applications developed for special devices intended especially for payment processing. PCI SSC does not specify such devices so it is unclear who and how is supposed to classify the hardware and determine whether it is eligible for validation. The Council also promised to further clarify the situation with mobile payments and “produce additional guidance by the end of the year”. It should be still possible to avoid an issue with the validation of mobile payment application if software installed on mobile device does not store or process sensitive card data because in this case the application would not fall into the definition of payment application as described in PA-DSS, and therefore is not required not pass the validation at all. Click to set custom HTML
0 Comments
Leave a Reply. |
Books
![]() ![]() ![]() Recent Posts
Categories
All
Archives
January 2025
|