Trends In Mobile Payments Are Frightening
Question: Do I really want someone with an iPhone taking my credit card info?
Enormous buzz lately about all of the new players trying to turn iPhones and other mobile devices into credit card swipe terminals. Very scary. Just because someone can create a website does not mean they understand payments.
So many questions:
1. Does the solution use a cryptographically enable swipe reader?
2. Does the solution encrypt credit card information at the moment it is swiped?
3. Does the solution store any track data?
4. Does the solution encrypt all sessions back to the payment gateway?
5. Will it support tokenization?
6. Is the solution PCI PTS certified?
7. Is the solution PCI PA-DSS certified?
That's just for starters. Now add in questions about the security of the 3G network and proper WiFi configuration and security, and you could be creating the perfect recipe for massive credit card breaches. These things are designed to "democratize" the taking of credit cards by the little guys, but should payments really be democratized?
There's no constitutional right to take credit cards. Taking credit cards to fuel your business is a responsibility. It's our data you're playing with!
Very few merchants — especially the smaller ones — understand, or even care about, security.
Print
Enormous buzz lately about all of the new players trying to turn iPhones and other mobile devices into credit card swipe terminals. Very scary. Just because someone can create a website does not mean they understand payments.
So many questions:
1. Does the solution use a cryptographically enable swipe reader?
2. Does the solution encrypt credit card information at the moment it is swiped?
3. Does the solution store any track data?
4. Does the solution encrypt all sessions back to the payment gateway?
5. Will it support tokenization?
6. Is the solution PCI PTS certified?
7. Is the solution PCI PA-DSS certified?
That's just for starters. Now add in questions about the security of the 3G network and proper WiFi configuration and security, and you could be creating the perfect recipe for massive credit card breaches. These things are designed to "democratize" the taking of credit cards by the little guys, but should payments really be democratized?
There's no constitutional right to take credit cards. Taking credit cards to fuel your business is a responsibility. It's our data you're playing with!
Very few merchants — especially the smaller ones — understand, or even care about, security.
Previous Post: The Changing Nature Of Governance, RIsk And Compliance Next Post: Don't Sign Here Please
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
