This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

PCI council issues best practice guidance for mobile apps

Share this article:
Consumerisation worries public sector IT managers
Consumerisation worries public sector IT managers

The Payment Card Industry Security Standards Council (PCI SSC) has released best practice guidance for mobile app developers and device manufacturers.

It said that the main focus of the guidelines is to provide direction on securing mobile device payment processes and the payment environment itself by educating developers in the emerging mobile app market.

Bob Russo, the general manager of the PCI SSC, told SC Magazine US that the new guidelines are particularly relevant today.

“I tell people that convenience trumps security all the time, and people are running quickly to use these new devices and technology, without even thinking about security,” Russo said.

“This guidance is actually for the developers of those devices. We are purposely being cautious. It's such a changing market – you'll put something out today and tomorrow people are using it.”

Key recommendations of the report include isolating sensitive functions and data in trusted environments, implementing secure coding best practices and eliminating unnecessary third-party access and privilege escalation. Developing ways to remotely disable payment functions, in addition to creating tools for mobile apps to monitor and report suspicious activity were also among the recommendations.

The guidelines focus on ways to prevent account data from being intercepted while sent or received on mobile devices or from being compromised while being processed or stored on them.

Troy Leach, the chief technology officer of the council, said that the most recent guidelines reinforce the council's standard payment security goals, while applying them to a mobile space.

“We have a brand new group of developers that aren't of aware of their responsibility,” Leach said.

“They are designing good code, but don't know all it's being used for.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...