- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Stop the Madness! Payment Apps Are On The iPad Too Soon
Even though the iPad is barely birthed, there is already a push to provide payment applications for the device. It's time to pull the emergency brake on this trend. Are these applications PA-DSS certified? Do they have swipe devices with crypto hardware built-in? Has the Pin Entry Device been rigorously tested and meet all the PIN Transaction Security Guidelines? There are so many things consumers should know about the security of these new methods of payments *before* they allow their credit card to be captured by an iPad or iPhone. Is the card's Personal Account Number (PAN) encrypted at the moment it is swiped by the device? Does the device establish an encrypted tunnel to transport the transaction to the payment gateway? Doe the iPad store the PAN? Is that storage encrypted or unencrypted? Does the processor support a tokenization scheme to keep the iPad out of PCI scope? Is the payment app the only thing running on the iPad? To use an iPad as a POS device, the only application allowed is the payment app. No iTunes or Facebook or Games. Read the regulations. How will iPad payment vendors try and get around PCI Requirement 2.2.1: "Implement only one primary function per server?" This requirement was designed precisely to keep merchants from using the same system for payment applications and any other purpose. A POS device must be a single purpose device. Limit the iPad to having only the payment application installed and nothing else and then we will talk.
Too many questions and no answers. Taking credit cards for use by your business is not a right. It is an obligation. An obligation to your customers to protect their data. An obligation to your acquiring bank to play by their rules.
Until these new types of payment companies can demonstrate that they are compliant with industry standards and their names show up on the PCI SSC website, consumers would be foolish to allow their card information to be captured by one of these applications.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- Global IT Trends: IT Outsourcing Fuels Business Growth
- Review: Box beats Dropbox - and all the rest - for business
- 3 Steps to Content Sharing and Collaboration ft. Forrester Research
- The Total Economic Impact Of NetApp's And Cisco's FlexPod Data Center Platform
- Top Seven Reasons to Implement Cloud Communications and Collaboration