Information Security Leader, Author, Instructor and Speaker

PCI Council issues mobile payment guidance: Now what?

Posted on March 26, 2013 in Articles | by

Small businesses around the world are jumping on the credit card bandwagon due to new technologies that allow the acceptance of credit cards through smartphones and tablets.  Solutions like Square and SailPay provide small hardware dongles that attach directly to mobile devices and provide inexpensive, seamless credit card processing.  If you haven’t already seen one of these devices in a taxicab, small shop or from a sidewalk merchant, it won’t be long until you notice the technology in use.  What does the use of this technology mean for regulatory compliance?

PCI Still Applies…But P2PE Makes Compliance Simpler

First and foremost, the Payment Card Industry Data Security Standard (PCI DSS) still applies in these situations.  Anyone accepting a credit card, regardless of the technology used, must comply with PCI DSS.  While the likelihood that the sidewalk hot dog stand will be subject to a PCI DSS audit is fairly low, merchant banks will still request annual validation of PCI DSS compliance.

Originally published on,March 2013
TAGS: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography