Best practices for mobile software developers
Posted on 14 September 2012.
The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PINTransaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), released best practices for mobile payment acceptance security.


The PCI Mobile Payment Acceptance Security Guidelines offer software developers and mobile device manufacturers guidance on designing appropriate security controls to provide solutions for merchants to accept mobile payments securely.

The guidance supports the need for more secure development practices for mobile payment acceptance solutions. According to security experts Trustwave SpiderLabs, that specialize in data breach investigations and malware analysis, mobile computing, commerce, and malware are still in their infancy. Existing platforms limit users’ ability to ensure the security of transactions conducted on mobile technology.

The document organizes the mobile payment-acceptance security guidance into two categories: best practices to secure the payment transaction itself, which addresses cardholder data as it is entered, stored and processed using mobile devices; and guidelines for securing the supporting environment, which addresses security measures essential to the integrity of the broader mobile application platform environment.

Key recommendations include:
  • solate sensitive functions and data in trusted environments
  • Implement secure coding best practices
  • Eliminate unnecessary third-party access and privilege escalation
  • Create the ability to remotely disable payment applications
  • Create server-side controls and report unauthorized access.
  • PCI SSC Chief Technology Officer Troy Leach said: “Applications are going to market so quickly – anyone can design their own app today that can be used to accept payments tomorrow. It’s our hope that in educating this new group of developers, as well as device vendors on what they can do to build security into their design process, that we’ll start to see the market drive more secure options for merchants to protect their customers’ data.”





    Spotlight

    The synergy of hackers and tools at the Black Hat Arsenal

    Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


    Weekly newsletter

    Reading our newsletter every Monday will keep you up-to-date with security news.
      



    Daily digest

    Receive a daily digest of the latest security news.
      

    DON'T
    MISS

    Fri, Aug 29th
        COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //