small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

Payment Card Industry Security Standards Council Releases New Guidance on Protecting Mobile Payment Data

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

Payment Card Industry Security Standards Council Releases New Guidance on Protecting Mobile Payment Data

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Topics

Financial Privacy
Data Breach

Related Capabilities

Privacy & Data Security

February 27, 2013

The Payment Card Industry Data Security Standards (PCI DSS) Council, a global forum for the development of card security standards, recently released a set of best practices for merchants who process transactions involving card data from consumers using mobile devices. The Council's guidelines apply to "payment-acceptance applications that operate on any consumer electronic handheld device (e.g., smartphone, tablet, or PDA) that is not "solely dedicated" to processing such payment transactions and also has access to "clear-text data." In particular, the Council highlighted three primary security risks associated with such mobile payments: (1) "account data entering the device," (2) "account data residing in the device," and (3) "account data leaving the device." The guidelines recommend both traditional and less conventional mechanisms to isolate account data and protect it from exposure, including protection against theft – an inherent risk with a mobile device – as well as the use of approved PIN Entry devices and restricted access. These guidelines are intended to operate "hand-in-hand" with the Council's September 2012 mobile payment acceptance security guidelines, directed at mobile app developers and device vendors.

Tip: This additional guidance expands the PCI DSS Council's prior guidance in this area, and applies directly to merchants as end-users of mobile devices capable of accepting payment information. Compliance with these guidelines may help retailers maintain proper data security measures, thus avoiding fines or restrictions on their ability to process card payments.

This tip has been created for information and planning purposes. They are not intended to be, nor should they be substituted for, legal advice, which turns on specific facts.

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising