Sarbanes Oxley Compliance Journal on Ulitzer

Sarbanes Oxley on Ulitzer

Subscribe to Sarbanes Oxley on Ulitzer: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Sarbanes Oxley on Ulitzer: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Secure Mobile Apps PCI Security Compliance PCI Compliance Cloud Security for Mobile  PCI Compliance for Mobile Apps PCI Compliance for Mobile AppsMobile apps are clearly the way of the future. From taxi drivers to retail salespeople, everyone is using a mobile app for quick and easy payments. Mobile payment apps are convenient for both buyer and seller and, just like websites which accept credit cards, must be PCI compliant. Although the PCI Council hasn’t yet published formal PCI compliance regulations for mobile apps, they have published some preliminary guidelines.

The PCI Council recommends using a Point-to-Point Encryption (P2PE) solution. With this type of PCI security compliance solution, data is encrypted before it is transferred to the app and stays encrypted until it reaches the payment processor. There are a few companies which have been qualified to assess PCI P2PE Solutions. If you are already using a payment processor, check out their recommendations for mobile apps.

PCI Security Compliance on Your Phone or Tablet

To ensure full PCI security compliance, the device you use to accept payments should be secure. A security risk exists in any device which has been tampered with (in order to install apps not authorized by Android/iOS). Most mobile security breaches happen on “jailbroken” phones or tablets. To alleviate the risk:

  • Always use the latest version of the phone’s operating system
  • If your phone can no longer upgrade, purchase a newer device.
  • Uninstall all apps not in use
  • Keep all apps updated.
  • Install an anti-virus/anti-malware app to protect your device.

Some mobile payment apps store card data on the device when a network connection is unavailable. If the app you are using has this “store and forward” feature, turn it off. The longer the data sits on your device, even if it is encrypted, the greater the risk of it being stolen.

Use a PIN on your device and keep it locked at all times. Though it is inconvenient to enter a code with every use, it can save greater headaches later on. The pattern codes on Android devices are not as secure as PIN codes. For maximum security, be sure to choose a PIN which is not easily guessed. More than 10% of PIN codes are 1111, 1234, 0000, 2580 and 0852, so don’t use any of those.

Once you take all of these precautions, you are ready to use credit cards on your mobile device.

The post PCI Compliance for Mobile Apps appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.