Yesterday, the Payment Card Industry Council issued guidance for merchants using smartphones or tablets to accept payments from customers. The guidance follows up on the PCI Council Chairman’s pledge in February, as reported in this blog, to make mobile payments a top priority. Payment card readers that can be attached to a smartphone or tablet have become popular in recent years due to portability and cost efficiencies.
The guidance urges merchants to secure account data at the point of capture using validated point-to-point (P2PE) solutions in order to maintain data security throughout the payment lifecycle. A validated P2PE solution ensures that cardholder data is encrypted before it enters the mobile payment acceptance device. These solutions also reduce the scope of merchants’ PCI compliance obligations.