Traders and users who want to use cloud, smartphones and tablets as mobile payment devices card processing should be cautious and wait for the availability of greater protection techniques. It is a recommendation of the PCI Security Standards Council, which considers that, in its current stage, these systems introduce new security challenges.
The PCI Security Standards Council in its publication, “Cloud Computing PCI DSS Guidelines Information Supplement”, includes safety tips for those traders who want to use remote card payments via mobile instead of the traditional POS. Council reminds companies wishing to offer this new payment method they are responsible for the mobile application as well as back office processes and terminal security.
In this context, PCI Security Standards Council advises merchants not to implement payment by smartphone or tablet after they have determined the deployment of controls, data encryption and other appropriate security safeguards.
Increasingly, organizations have taken the PCI standard as a guide to implementing security, even if they have no responsibility for the data card paying customers. But the question of whether the Payment Card Industry Data Security Standard (PCI DSS) covers cloud deployments-and how-does remain in the air.
The organization notes that traders who use or are considering using cloud technologies in their cardholder data environment will benefit from this guide. The PCI notes that also provides valuable guidance to external service providers that provide cloud services or products, and reviewers who review cloud environments as part of the PCI DSS assessment.
However, this sharing model can magnify the difficulties of making the architecture of a secure computing environment. One of the greatest achievements of this supplement is to clearly define the responsibilities of the security provider cloud and the cloud client. With the PCI DSS as a basis, this guide provides an excellent road map to outline a safe position in both private and private cloud.
According to the PCI Security Control Standards Council, the mobile devices used in the processing of payments must have controls as antivirus, authentication and security scanning. Likewise, their manufacturers must notify of vulnerabilities and proceed with security updates. The guidance would help merchants understand the risks so that together with developers and device vendors they can safely implement a solution that will enable mobile commerce to flourish.
Despite security concerns, payment options are increasingly heading to the cloud and the health care sector’s use of cloud computing of payment is set to reach $5.4 billion by 2017.