Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

PCI Council Issues Guidance for Mobile Payment Acceptance

Posted in Data Security, Financial Institutions, Mobile, United States

Yesterday, the Payment Card Industry Council issued guidance for merchants using smartphones or tablets to accept payments from customers.  The guidance follows up on the PCI Council Chairman’s pledge in February, as reported in this blog, to make mobile payments a top priority.  Payment card readers that can be attached to a smartphone or tablet have become popular in recent years due to portability and cost efficiencies. 

The guidance urges merchants to secure account data at the point of capture using validated point-to-point (P2PE) solutions in order to maintain data security throughout the payment lifecycle.  A validated P2PE solution ensures that cardholder data is encrypted before it enters the mobile payment acceptance device.  These solutions also reduce the scope of merchants’ PCI compliance obligations.