PCI Expands Encryption Standards to Mobile Payment Card Readers

The PCI Security Standards Council has expanded its PIN Transaction Security (PTS) program guidelines to include all payment card acceptance devices, including those optimized for mobile devices.

Prior to the October 14 release of the new PTS 3.1 guidelines, the program could only be applied to devices that accepted a PIN (Personal Identification Number). Now, any card acceptance device can be PTS tested, approved and eligible to deploy point-to-point encryption technology. The requirements have also been updated to address secure (encrypting) card readers, further facilitating the use of open platforms, such as mobile phones, to accept payments.

Merchants looking to use magnetic stripe readers (MSRs) or MSR plug-ins can now ensure the devices have been tested and approved to encrypt data on the reader before it reaches the device. The new guidelines also provide device manufacturers with a consistent set of data security and encryption standards.

"There are already hundreds of devices, such as the Square that clips on to a mobile phone, to enable remote mobile acceptance of credit cards," says Bob Russo, general manager, PCI Security Standards Council. "Now that these requirements are defined, vendors can design and build their devices based on security criteria, and then submit the devices to the PCI Council to have them certified as PTS compliant. Merchants looking to buy these devices will be able to look up the vendors with compliant devices on the PCI website."

The updated PTS Security program requirements and listing of approved devices are available on the PCI Council website.

This ad will auto-close in 10 seconds