The Payment Card Industry Security Standards Council has published its latest data security guidance for merchants accepting payments with smartphones or tablets.
The "PCI Mobile Payment Acceptance Security Guidelines for Merchant as End-Users" describes the factors and risks merchants need to address to protect data coming into mobile devices, the council states.
The guidance should be "the merchants' first stop if they're shopping for a solution to accept payments on a mobile device, or if they are building their own solution in-house," says Laura Johnson, PCI communications manager.
The security guidelines focus on the payments software that operates on mobile devices, emphasizing how merchants can isolate card data and prevent it from being exposed, the council says.
"Even with rapid adoption of mobile technology in payments, security still tops concerns for merchants," Troy Leach, the council's chief technology officer, states in a press release. "It comes down to the basic element of trust. Consumers want to have confidence that their information is protected."
The council encourages merchants to encrypt cardholder data securely prior to using mobile devices to process transactions, Leach says.
The new guidance goes "hand-in-hand" with recommendations the council published in September 2012 for mobile app developers and device vendors on designing appropriate security controls for payment acceptance, Leach adds.
Security guidance for the hardware and software used for mobile payment acceptance devices is also provided, the council says.