PCI Council Officially Swears Off Mobile Apps
Written by Evan SchumanThe PCI Security Standards Council, as expected, has officially declared it will not sign off on any mobile application for quite some time. If it helps, the Council added that mobile “will be a key focus for the Council in 2011.” (Unfortunately, the PCI statement didn’t note how many key focuses the Council plans on having next year.)
“Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape,” the statement said, “the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated.” This statement comes on the heels of a column by StorefrontBacktalk’s PCI columnist Walter Conway in which he described this as the Council’s position and noted it is permitting—encouraging?—acquirers to fill the void and approve payment applications on their own and then offer them to their merchants.
Leave a Reply
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
I have strong reservations about the 'individual' certification and posting of that information for merchants. Can you imagine the potential employee poaching that might occur? The implications when competitors can look up how many are certified with each of their competitors? 
-Christine
