Going Mobile? How to Comply with the PCI DSS

Adding a mobile component to your software suite is crucial to a software company’s growth and overall customer retention. If you are thinking of developing a mobile app to complement the desktop version of your software, you may be wondering about mobile PCI compliance requirements.  What do you as a developer need to consider?

• Consideration #1 – Protect sensitive data from being intercepted while being entered into the mobile device used for payment processing.  This can be accomplished by either (1) encrypting data before its entry into the device or (2) ensuring that a secure path exists between the data entry apparatus (i.e., the mobile card reader) and the mobile device that stores memory.
• Consideration #2 – Protect sensitive data while it is stored inside the mobile device.  Data should be shielded from third-party examination, both prior to transaction authorization and—if the data is permanently stored—afterward as well.
• Consideration #3 – Protect sensitive data as it is transmitted from the device to the payment processor.

Sounds complicated? Don’t worry! If you rely on a payments partner with a mobile payment SDK – mobile PCI compliance and cardholder data security can be drastically simplified as the SDK should handle all the complexities around securing cardholder data and PCI compliance mandates.

A mobile payment SDK simplifies the integration between the payment processing platform and the mobile device. To ease the complexity of mobile payments, a mobile payment SDK should include support for multiple card-reading devices that feature point to point encryption (P2PE) and tokenization for secure cardholder data storage.  P2PE effectively removes cardholder data from ever entering the mobile device as its encrypted immediately upon entry.  Tokenization replaces stored cardholder data with a non-sensitive token that is mathematically irreversible.  You can rest easy, these PCI scope-reducing technologies address considerations 1-3 above.

Not sure if offering mobile payments is worth the effort? All recent signs and stats point to yes.  Check out our infographic on why you need a mobile payment SDK.