The card giant has set out best practices and minimum standards for encryption and made clear the solution provider’s responsibilities to secure cardholder data when mobile devices are used to accept payment.
Visa has released a best practice guide for retailers, software developers and device manufacturers who are using smartphones and tablet computers to accept mobile card payments.
The payments giant has stepped in to spell out minimum standards and best practices as the use of mobile devices to accept payments continues to proliferate.
“Because mobile devices and acceptance attachments today are not designed to the same security requirements as traditional payment terminals, and merchants do not control the security of the network environments to which their acceptance devices connect wirelessly, there are important security considerations above and beyond those for traditional acceptance solutions,” says the firm.
Eduardo Perez, head of global payment system risk at Visa, adds: “Mobile devices that can facilitate acceptance of payments are an important advancement in payments that must balance the promise of an enhanced consumer and retailer shopping experience with enhanced security measures to protect sensitive cardholder information.”
Among the best practice guidelines are demands for:
- Encrypting all account data at the card reader level and in transmission between the acceptance device and the processor — especially important given the use of wireless or public networks;
- Enabling truncation or tokenisation of card numbers, allowing the merchant to identify the cardholder without storing the full account data;
- Ensuring that payment data read from cards is protected against fraudulent use by malicious or unauthorised applications on the device.
The document, Visa Best Practices for Mobile Payment Acceptance Solutions Version 1.0 (PDF), can be found on Visa’s website.
The news comes after it emerged Visa has invested in Square, the mobile payments start-up — set up by Twitter co-founder Jack Dorsey — that turns phones and iPads into credit card readers.
A member of the Visa executive will join Square’s advisory board to help create a partnership that will allow Square to convert some 27m businesses in the US that don’t accept credit cards into Visa customers.
Square has now announced it will begin distributing a new version of its card reader featuring data encryption this summer.