advertisement
advertisement

PCI Delist Move Threatens Mobile Payment Security

Written by Evan Schuman
March 16th, 2011

The PCI Council this week confirmed that it has quietly delisted “multiple” mobile payment applications, although the council didn’t specify a number. This comes as the PCI folk are trying to formulate a mobile strategy, which is likely to take quite a few more months to resolve. Given that retailers can’t put their mobile plans on hold, this puts merchants in a very awkward—and potentially very insecure—place.

The move, which hit at least one of the delisted vendors on January 31, is part of PCI’s effort to create a proverbial level playing field. There are good and bad sides to this effort.

The good is that it’s noble in intent. It acknowledges that mobile payments have so many crucial differences from earlier payment methods that merely tweaking today’s guidelines won’t work. And it also notes that it would be unfair to let vendors that happened to have already been approved be the only applications with the seal of approval, with the door slamming on everyone else.

The bad is that it’s seeking the perfect at the expense of the good. The council hinted Tuesday (March 15) that it would be a very long time before it would come out with its mobile approach, although no timeframe was offered. But retailers can’t wait on trialing and even deploying mobile initiatives. What are they supposed to do during this lawless Wild West mobile period, while Sheriff PCI locks himself in his office for months, contemplating the best long-term strategy while gunmen murder his neighbors?

Would not a piecemeal approach be a better tactic? There are some basics that almost all could quickly agree on—such as encryption rules—and getting some out quickly might help. To the council’s credit, though, until it works out all the mobile payment issues, it’s hard to know even how to tackle encryption. Then again, there’s always the ability to amend and update rules later on. Ahhhh, ’tis a frustrating standards world out there in Mobile Land.

There is a longstanding PCI mechanism to deal with this vacuum, though. Acquirers have always been empowered to approve anything as PCI friendly, as long as they are willing to take the heat later if things go poorly. Thus far, we’ve been unable to confirm that any acquirers have yet to do this. And if they did, it would generate its own kind of Wild West, with retailers with different acquirers operating on different standards, which is exactly what PCI was created to avoid.

Pages: 1 2

Posted in E-Commerce, In-Store, IT Strategy/Industry, Mobile/Wireless/Contactless, Payment Systems, Security/Fraud
advertisement

One Comment | Read PCI Delist Move Threatens Mobile Payment Security

  1. Dan Stiel Says:
    March 17th, 2011 at 9:32 am

    The biggest vendors and most nimble innovators in the mobile payments space need to take the bull by the horns and establish their own standards council and create its own “PCI-DSS, PA-DSS, PTS-equivalent” protocol as opposed to waiting for the old school to catch up.

    The mobile payments space is so disruptive and evolving so fast that the stakeholders and their customers cannot put their destiny into the hands of a self-governing body that has other priorities.

Leave a Reply

Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.

Weekly, Monthly Newsletters

Quickly catch-up on the latest in E-Commerce and Retail Tech with our free weekly report, with urgent bulletins as news merits.
advertisement

Most Recent Comments

"Starbucks isn't going to replace their existing enterprise POS system with apps that have 1 percent of the functionality, control and reporting that they need to run their business. Likewise, I'm not going to replace my BMW with a free skateboard, just because both technically enable me to get from A to B." -Gavin Phillips

PayPal Offers Free Card Processing, But For Who?

Gavin Phillips
Regardless of how appropriate Square and PayPal's 'register' apps are for a small business, Starbucks aren't going to replace their existing enterprise POS system with apps that have 1 percent of the functionality, control and reporting that they need to run their business. Likewise, I'm not going to replace my BMW with a free skateboard, just because both technically enable me to get from A to B. Read more...

Fighting Falling Same-Store Sales, Walmart Looks To Be Saved By IT

neverfear
Its been well over 2 months. Has Walmart decided not to develop personalized contextual search. Do we know we why? Read more...

Can Ebay Pull Off A Giant Touch Window For New York Shoppers?

Ed
While I do not know the eBay specific solution, you can create a large format touchscreen using a projector projecting a screen against rear projection film on the storefront window, hi-def cameras using object detection like the Kinnect or OpenCV. This is already done in Europe and Asia and probably the most likely implementation. Read more...

Domino's New Live Video Stream: It Could Have Been Quite Useful, But It Wasn't

Aran
You ask what's the value of watching someone else's pizza being made? I dare you to check out the SmokerCam online at the website for Toronto's super hot BBQ joint and NOT want to book a table.... even if it takes a month to get a table on a Friday night. My mouth waters instantly just watching someone elses brisket or ribs cycle around...http://www.barque.ca/ Read more...
Evan Schuman
Again, let's get back to Domino's. Their product mix isn't changing. Therefore, what is the value for THEM to do a live stream? Read more...
Aran
I totally disagree - i check back on the video stream frequently and keep up on their latest creations. It's really interesting to see what they smoke overnight, and to see them arranging the trays. To say "watching it live doesn't add anything" is like saying "watching a live baseball game doesn't add anything because you can just watch video from last year's game." Read more...

NCR's Anti-Skimming ATM Tech Could Also Help Store PINpads

A Reader
If they're going to all the expense to continue to strengthen the security of the open barn door, and invest money and reliability on a complex motorized system, they should mount the slot sideways, so the user dips the card edge-first into the reader. All external skimmers take advantage of the movement of the card into the slot being the same as the motion required to read the card. By inserting the card edge-on, the motorized mechanism could swipe the head sideways across the track, which would foil any skimmer mounted on the outside of the device. It won't stop skimmers on existing readers. It won't stop cloning. It won't reduce fraud by a measurable amount, because the technology has never had effective security. But we could at least claim to be "doing something" about it. Read more...

Amazon's Five-Mile Threat

Ann Grackin
Retailers can compete. They just need to know how. We recently did a research project on home delivery: Winning at Home Delivery. Great example is John Lewis in the UK, who really got serious about how to home delivery--from the mundane to full services. But retailers need not only the merged channel customer views, inventory visibility, and most importantly the customer experience--all the touch points from store, web to great delivery. In short, give the consumer a compelling reason to shop with you. Read more...

Tesco Really Doesn't Like NFC

David Curtis
Mobie Payment through NFC is another example of over-promise and under-deliver. Whatever mobile payment technology wins will be the one that not only makes it easy for the consumer and cost effective for the merchant, but is also compelling enough to change the consumer's behavior. Our current payment ecology in the United States is too ingrained culturally and any method that apsires to replace that ecology will need a significant disruptive advantage to move the consumer to change how they pay. At this moment, with over 3500 restaurant locations and untold millions of customers, none of them are breaking down our doors or lighting up my phone with demands for mobile payment options. To paraphrase "it is the consumer, stupid". Without them driving the adoption, the rest is all "sound and fury, signifying nothing". So far, all mobile payment solutions are tools looking for a problem to solve. Read more...

Gap's Take On Typical Buy-Online-Pickup-In-Store Programs: Too Efficient

Mike Jones
When have customer's ever been against more efficiency? Seems like a big gamble by the Gap. Read more...
Marty Ramos
Hmmm...they must really hate hointer.com then... Read more...

For The First Time, Amazon's March Traffic Is Higher Than December. Figuring Out What That Means, Though, Is A Lot Trickier

Donna
Driving traffic to your site should be your main goal in internet marketing. Targeted traffic is the key. I do believe the shift is being diverted to user content and on page seo. Great content will always improve traffic and ranking. Read more...
StorefrontBacktalk
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.