Comments on: Mobile Payments May Make PCI Obsolete http://storefrontbacktalk.com/securityfraud/mobile-payments-may-make-pci-obsolete/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Sun, 20 May 2012 01:49:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Nealle http://storefrontbacktalk.com/securityfraud/mobile-payments-may-make-pci-obsolete/comment-page-1/#comment-63019 Nealle Mon, 10 Aug 2009 15:19:29 +0000 http://www.storefrontbacktalk.com/?p=3474#comment-63019 I believe that the move to an infrastructure will make requirements like PCI more important. As we move further away from physical instruments like cards, which at least have physical security features (for what they are worth, I know most merchants don't give them a second look). But if data from one of my transactions was compromised and put onto someone else's mobile their is no real way for a merchant to identify one mobile from another as being the genuine payment token The fact that the device could support features like (more) advanced encryption of the transaction data is just a bonus. Nealle I believe that the move to an infrastructure will make requirements like PCI more important. As we move further away from physical instruments like cards, which at least have physical security features (for what they are worth, I know most merchants don’t give them a second look). But if data from one of my transactions was compromised and put onto someone else’s mobile their is no real way for a merchant to identify one mobile from another as being the genuine payment token

The fact that the device could support features like (more) advanced encryption of the transaction data is just a bonus.

Nealle

]]> By: Dave Taylor http://storefrontbacktalk.com/securityfraud/mobile-payments-may-make-pci-obsolete/comment-page-1/#comment-62972 Dave Taylor Fri, 07 Aug 2009 13:14:14 +0000 http://www.storefrontbacktalk.com/?p=3474#comment-62972 Eric, i agree about the value of OTU passwords, but i also believe tokens are another option. Either way, the centralization of card data is critical from an architecture perspective, as well as simplifying compliance and minimizing data breach risk. Good point! Eric, i agree about the value of OTU passwords, but i also believe tokens are another option. Either way, the centralization of card data is critical from an architecture perspective, as well as simplifying compliance and minimizing data breach risk. Good point!

]]> By: Eric Meniere http://storefrontbacktalk.com/securityfraud/mobile-payments-may-make-pci-obsolete/comment-page-1/#comment-62970 Eric Meniere Fri, 07 Aug 2009 10:52:25 +0000 http://www.storefrontbacktalk.com/?p=3474#comment-62970 Mobiles can leverage the global credit/debit cards infrastucture and solve many PCI DSS compliance issues; To start mobiles (or POS) should never have to store a credit/debit card number. Mobiles can be enabled to compute one-time-use credit/debit cards - a token for a single purchase. One-time-use is the best form of security (it cannot be re-used). No personal data or (plastic) credit/debit card details need to be stored in a phone, or at a TSM. Your sensitive data should remain with your Financial Institution at all times and not be shared with anyone. FI should worry about PCI DSS, no one else! Mobiles can leverage the global credit/debit cards infrastucture and solve many PCI DSS compliance issues; To start mobiles (or POS) should never have to store a credit/debit card number. Mobiles can be enabled to compute one-time-use credit/debit cards – a token for a single purchase. One-time-use is the best form of security (it cannot be re-used). No personal data or (plastic) credit/debit card details need to be stored in a phone, or at a TSM. Your sensitive data should remain with your Financial Institution at all times and not be shared with anyone. FI should worry about PCI DSS, no one else!

]]> By: Daniel Lambert http://storefrontbacktalk.com/securityfraud/mobile-payments-may-make-pci-obsolete/comment-page-1/#comment-62968 Daniel Lambert Thu, 06 Aug 2009 18:47:01 +0000 http://www.storefrontbacktalk.com/?p=3474#comment-62968 Mobile Payment to become universal must leverage from existing payment infrastructure as much as possible. Mobile Payment and NFC will therefore never be universal and as convenient as today's credit/debit cards until it becomes PCI DSS Compliant or FSTC compliant. Mobile Payment to become universal must leverage from existing payment infrastructure as much as possible. Mobile Payment and NFC will therefore never be universal and as convenient as today’s credit/debit cards until it becomes PCI DSS Compliant or FSTC compliant.

]]>