SlideShare a Scribd company logo

Mobile Practices European Release Final 27 04 11

Neira Jones
Neira Jones

Visa Europe released mobile acceptance security best practices for software and hardware providers, retailers, and acquirers. The best practices establish guidelines for protecting cardholder data when using mobile devices for payments. They build on Visa's leadership in encryption and tokenization technologies. As mobile devices are less secure than payment terminals, the best practices provide important considerations for securing mobile payment acceptance solutions.

1 of 3
Download to read offline
NEWS RELEASE Visa Europe Releases Mobile Acceptance Security Best Practices Establishes security guidelines necessary for ensuring stakeholder trust in mobile acceptance solutions Visa Europe in cooperation with Visa Inc. today issued a set of mobile acceptance security best practices for software and hardware providers, retailers and their acquirers. These best practices form part of Visa Europe’s ongoing strategy to advance security measures to help protect cardholder and account data when using consumer mobile devices such as smart phones to facilitate the acceptance of card payments. These best practices build upon Visa Europe’s leadership in the areas of encryption and tokenisation technologies which can be used to both simplify and reduce the costs of implementing and maintaining a secure acceptance solution. Encryption and tokenisation technologies are designed to work hand-in- hand with EMV chip acceptance and have already proven to be suitable to different retail and payment processing environments. Mobile technology is enabling a growing number of small and medium-sized retailers to accept payments using mobile devices. As retailers harness the power of mobile technology to accept payments and grow their businesses, the industry must also build in adequate controls and security measures to maintain stakeholder trust in electronic payments. As mobile devices and acceptance attachments are not designed to the same security requirements as traditional payment terminals, and retailers do not currently control the security of the network environments to which their acceptance devices connect wirelessly, there are important security considerations above and beyond those for traditional payment acceptance solutions. These best practices are intended for two distinct audiences – mobile payment acceptance application and software/hardware solution providers as well as acquirers and retailers who use these solutions. “By engaging with industry in issuance of these best practices, and leveraging existing Visa guidance, we can ensure that any mobile acceptance solution deployed is both secure and suitable from the outset,” said Stanley Skoglund, Head of Payment Systems and Enterprise Risk, Visa Europe. “EMV chip, widely adopted across Europe, has proven itself as a powerful technology that underpins Visa Europe’s vision for securing all face-to-face transactions, and has directly contributed to our success in tackling fraud.
Visa Releases Global Best Practices for Mobile Payment Acceptance Security Solutions – Page 2 “Visa Europe will continue to deliver value to its more than 4,000 European member banks by moving to practical and cost-effective solutions that offer maximum protection both to retailers and cardholders.” To promote the security and integrity of the payment system, Visa is committed to helping mobile payment acceptance providers, vendors, retailers and acquirers better understand their responsibility to keep account data secure when using mobile payment acceptance solutions with consumer devices such as smart phones. For mobile payments to reach a critical mass, they must work everywhere, every time, with the same reliability of Visa payments today. For more than 50 years, Visa has set a high bar for robust security, privacy protections, and guaranteed payment to retailers and global acceptance ubiquity. Retailers, consumers and financial institutions should expect the same standards for mobile acceptance solutions. A complete version of Visa’s Best Practices for Mobile Payment Acceptance Practices may be found online at www.visaeurope.com/ais. An abbreviated version is provided below. Best Practices for Vendors: Goal Best Practice Design and 1. Provide payment acceptance applications and any associated updates in a implement secure secure manner with a known chain of trust. mobile payment 2. Develop mobile payment acceptance applications based on secure coding acceptance solutions. guidelines. 3. Protect encryption keys that secure account data against disclosure and misuse in accordance with industry-accepted standards. Ensure the secure 4. Provide the ability to disable the mobile payment acceptance solution. use of mobile 5. Provide functionality to track use and key activities within the mobile payment acceptance payment acceptance solution. solutions. Limit exposure of 6. Provide the ability to encrypt all public transmission of account data. account data that 7. Ensure that account data electronically read from a payment card is could be used to protected against fraudulent use by unauthorized applications in a commit fraud. consumer mobile device. 8. Provide the ability to truncate or tokenize the Primary Account Number (PAN) after authorization to facilitate cardholder identification by the merchant. 9. Protect stored PAN data and/or sensitive authentication data.
Visa Releases Global Best Practices for Mobile Payment Acceptance Security Solutions – Page 3 Best Practices for Merchants: Goal Best Practice Ensure the secure 1. Only use mobile payment acceptance solutions as originally intended by an use of mobile acquiring bank and solution provider. payment acceptance solutions. Limit the exposure of 2. Limit access to the mobile payment acceptance solution. account data that 3. Immediately report the loss or theft of a consumer mobile device and/or may be used to hardware accessory. commit fraud. Prevent software 4. Install software only from trusted sources. attacks on consumer 5. Protect the consumer mobile device from malware. mobile devices. This is the first version of these best practices to support the growth of the emerging mobile acceptance channel. Visa Europe will continue to refine and update the best practices based on industry feedback. Beyond the best practices, vendors, merchants and acquirers are expected to follow all Visa requirements for magnetic stripe, chip and contactless acceptance. They should also adhere to the principles set forth in the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standards (PA-DSS). Additionally, on top of following Visa Europe Operating Regulations, acquirers must also be in compliance with all local laws and regulations regarding sponsored merchants, including adequate Know Your Customer (KYC) and Anti-Money Laundering (AML) due diligence. ###

Recommended

Mobile wallet security
Mobile wallet securityMobile wallet security
Mobile wallet securityMahindra Comviva
 
Mobile Wallet security
Mobile Wallet securityMobile Wallet security
Mobile Wallet securitySuraj Pratap
 
Cardless and contactless transactions
Cardless and contactless transactionsCardless and contactless transactions
Cardless and contactless transactionsMichal Voldrich, MBA
 
Cardless at ms_webinar
Cardless at ms_webinarCardless at ms_webinar
Cardless at ms_webinarkahunaworld
 
Empowering smes with mobile payment
Empowering smes with mobile paymentEmpowering smes with mobile payment
Empowering smes with mobile paymentChunJia Sio
 
We Authenticate the World
We Authenticate the WorldWe Authenticate the World
We Authenticate the WorldVASCO Data Security
 
10 massive biometric technology examples that revamped the world
10 massive biometric technology examples that revamped the world10 massive biometric technology examples that revamped the world
10 massive biometric technology examples that revamped the worldSheakh Mahbubur Rahman
 
btl mastercard
btl mastercardbtl mastercard
btl mastercardbtlcoin token
 

Recommended

Mobile wallet security
Mobile wallet securityMobile wallet security
Mobile wallet securityMahindra Comviva
 
Mobile Wallet security
Mobile Wallet securityMobile Wallet security
Mobile Wallet securitySuraj Pratap
 
Cardless and contactless transactions
Cardless and contactless transactionsCardless and contactless transactions
Cardless and contactless transactionsMichal Voldrich, MBA
 
Cardless at ms_webinar
Cardless at ms_webinarCardless at ms_webinar
Cardless at ms_webinarkahunaworld
 
Empowering smes with mobile payment
Empowering smes with mobile paymentEmpowering smes with mobile payment
Empowering smes with mobile paymentChunJia Sio
 
We Authenticate the World
We Authenticate the WorldWe Authenticate the World
We Authenticate the WorldVASCO Data Security
 
10 massive biometric technology examples that revamped the world
10 massive biometric technology examples that revamped the world10 massive biometric technology examples that revamped the world
10 massive biometric technology examples that revamped the worldSheakh Mahbubur Rahman
 
btl mastercard
btl mastercardbtl mastercard
btl mastercardbtlcoin token
 
MONEY PAD
MONEY PADMONEY PAD
MONEY PADjeevagan nagarajan
 
Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Samuel Olaegbe
 
How to use digital wallet effectively
How to use digital wallet effectivelyHow to use digital wallet effectively
How to use digital wallet effectively1payjsc
 
FinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsFinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Mobile wallet presentation
Mobile wallet presentationMobile wallet presentation
Mobile wallet presentationJoseph Frisz
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Petr Dvorak
 
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet TrendsSpire Research and Consulting
 
Fingerpay
FingerpayFingerpay
FingerpayAnand B
 
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Investorideas.com
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBSP Media Group
 
Enrolment tech webinar consolidated published
Enrolment tech webinar consolidated publishedEnrolment tech webinar consolidated published
Enrolment tech webinar consolidated publishedImpact Insurance Facility
 
Digital wallet
Digital walletDigital wallet
Digital walletSohil Gupta
 
Mobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseMobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseDESMOND YUEN
 
Digital wallet awareness
Digital wallet awarenessDigital wallet awareness
Digital wallet awarenessAnkit Agarwal
 
Digital harbour
Digital harbourDigital harbour
Digital harbourneha singh
 
Mobile Banking – A Transformation of Traditional Banking
Mobile Banking – A Transformation of Traditional BankingMobile Banking – A Transformation of Traditional Banking
Mobile Banking – A Transformation of Traditional BankingInfosys Finacle
 
Pay4 Any
Pay4 AnyPay4 Any
Pay4 Anypmadella
 
How Internet Of Things is changing Financial Sector
How Internet Of Things is changing Financial SectorHow Internet Of Things is changing Financial Sector
How Internet Of Things is changing Financial SectorSandeep Mishra
 
Handset Theft - A Case Study
Handset Theft - A Case StudyHandset Theft - A Case Study
Handset Theft - A Case StudyMinisterio TIC Colombia
 
Digital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by NetceteraDigital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by NetceteraNetcetera
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 

More Related Content

What's hot

Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Samuel Olaegbe
 
How to use digital wallet effectively
How to use digital wallet effectivelyHow to use digital wallet effectively
How to use digital wallet effectively1payjsc
 
Mobile wallet presentation
Mobile wallet presentationMobile wallet presentation
Mobile wallet presentationJoseph Frisz
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Petr Dvorak
 
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet TrendsSpire Research and Consulting
 
Fingerpay
FingerpayFingerpay
FingerpayAnand B
 
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Investorideas.com
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBSP Media Group
 
Enrolment tech webinar consolidated published
Enrolment tech webinar consolidated publishedEnrolment tech webinar consolidated published
Enrolment tech webinar consolidated publishedImpact Insurance Facility
 
Mobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseMobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseDESMOND YUEN
 
Digital wallet awareness
Digital wallet awarenessDigital wallet awareness
Digital wallet awarenessAnkit Agarwal
 
Digital harbour
Digital harbourDigital harbour
Digital harbourneha singh
 
Mobile Banking – A Transformation of Traditional Banking
Mobile Banking – A Transformation of Traditional BankingMobile Banking – A Transformation of Traditional Banking
Mobile Banking – A Transformation of Traditional BankingInfosys Finacle
 
How Internet Of Things is changing Financial Sector
How Internet Of Things is changing Financial SectorHow Internet Of Things is changing Financial Sector
How Internet Of Things is changing Financial SectorSandeep Mishra
 
Digital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by NetceteraDigital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by NetceteraNetcetera
 

What's hot (20)

MONEY PAD
MONEY PADMONEY PAD
MONEY PAD
 
Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0
 
How to use digital wallet effectively
How to use digital wallet effectivelyHow to use digital wallet effectively
How to use digital wallet effectively
 
FinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsFinTech, Internet of Things & Patents
FinTech, Internet of Things & Patents
 
Mobile wallet presentation
Mobile wallet presentationMobile wallet presentation
Mobile wallet presentation
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.
 
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
 
Fingerpay
FingerpayFingerpay
Fingerpay
 
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
Keynote Speaker Janice Kephart - Founder and CEO of The Secure Identity and B...
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a reality
 
Enrolment tech webinar consolidated published
Enrolment tech webinar consolidated publishedEnrolment tech webinar consolidated published
Enrolment tech webinar consolidated published
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 
Mobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseMobile payment-security-risk-and-response
Mobile payment-security-risk-and-response
 
Digital wallet awareness
Digital wallet awarenessDigital wallet awareness
Digital wallet awareness
 
Digital harbour
Digital harbourDigital harbour
Digital harbour
 
Mobile Banking – A Transformation of Traditional Banking
Mobile Banking – A Transformation of Traditional BankingMobile Banking – A Transformation of Traditional Banking
Mobile Banking – A Transformation of Traditional Banking
 
Pay4 Any
Pay4 AnyPay4 Any
Pay4 Any
 
How Internet Of Things is changing Financial Sector
How Internet Of Things is changing Financial SectorHow Internet Of Things is changing Financial Sector
How Internet Of Things is changing Financial Sector
 
Handset Theft - A Case Study
Handset Theft - A Case StudyHandset Theft - A Case Study
Handset Theft - A Case Study
 
Digital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by NetceteraDigital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by Netcetera
 

Similar to Mobile Practices European Release Final 27 04 11

ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
IRJET - Anti-Fraud ATM Security System
IRJET - Anti-Fraud ATM Security SystemIRJET - Anti-Fraud ATM Security System
IRJET - Anti-Fraud ATM Security SystemIRJET Journal
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)Krishna Kumar
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group
 
Security Protocols for Mobile Banking Application
Security Protocols for Mobile Banking Application Security Protocols for Mobile Banking Application
Security Protocols for Mobile Banking Application IJCSIS Research Publications
 
Mobile banking issues in banking and insurance
Mobile banking issues in banking and insuranceMobile banking issues in banking and insurance
Mobile banking issues in banking and insuranceKumarrebal
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process- Mark - Fullbright
 
E-Wallet Firms Insures Users Against Fraudulency, Theft And Loss
E-Wallet Firms Insures Users Against Fraudulency, Theft And LossE-Wallet Firms Insures Users Against Fraudulency, Theft And Loss
E-Wallet Firms Insures Users Against Fraudulency, Theft And LosseTailing India
 
A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...
A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...
A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...IJNSA Journal
 
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersSecure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersCognizant
 
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...Smart Payment Association
 
A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...
A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...
A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...IJNSA Journal
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Anil Jain
 

Similar to Mobile Practices European Release Final 27 04 11 (20)

ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
IRJET - Anti-Fraud ATM Security System
IRJET - Anti-Fraud ATM Security SystemIRJET - Anti-Fraud ATM Security System
IRJET - Anti-Fraud ATM Security System
 
E walllet / Digital Wallet
E walllet / Digital WalletE walllet / Digital Wallet
E walllet / Digital Wallet
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)
 
mwallet
mwalletmwallet
mwallet
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee Seng
 
Security Protocols for Mobile Banking Application
Security Protocols for Mobile Banking Application Security Protocols for Mobile Banking Application
Security Protocols for Mobile Banking Application
 
Mobile banking issues in banking and insurance
Mobile banking issues in banking and insuranceMobile banking issues in banking and insurance
Mobile banking issues in banking and insurance
 
Rbi circular
Rbi circularRbi circular
Rbi circular
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
 
13_2
13_213_2
13_2
 
E-Wallet Firms Insures Users Against Fraudulency, Theft And Loss
E-Wallet Firms Insures Users Against Fraudulency, Theft And LossE-Wallet Firms Insures Users Against Fraudulency, Theft And Loss
E-Wallet Firms Insures Users Against Fraudulency, Theft And Loss
 
A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...
A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...
A need for peer to-peer strong local authentication protocol (p2 pslap) in mo...
 
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersSecure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
 
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
 
A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...
A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...
A NEED FOR PEER-TO-PEER STRONG LOCAL AUTHENTICATION PROTOCOL (P2PSLAP) IN MOB...
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 

More from Neira Jones

EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0Neira Jones
 
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Neira Jones
 
Accourt press release neira jones joins accourt
Accourt press release neira jones joins accourtAccourt press release neira jones joins accourt
Accourt press release neira jones joins accourtNeira Jones
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Neira Jones
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementNeira Jones
 
EMV US whitepaper Bell ID
EMV US whitepaper Bell IDEMV US whitepaper Bell ID
EMV US whitepaper Bell IDNeira Jones
 
Sc World Congress Econference March 2011
Sc World Congress Econference March 2011Sc World Congress Econference March 2011
Sc World Congress Econference March 2011Neira Jones
 
Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Neira Jones
 

More from Neira Jones (9)

EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0
 
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
 
Accourt press release neira jones joins accourt
Accourt press release neira jones joins accourtAccourt press release neira jones joins accourt
Accourt press release neira jones joins accourt
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk Management
 
EMV US whitepaper Bell ID
EMV US whitepaper Bell IDEMV US whitepaper Bell ID
EMV US whitepaper Bell ID
 
Sc World Congress Econference March 2011
Sc World Congress Econference March 2011Sc World Congress Econference March 2011
Sc World Congress Econference March 2011
 
Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11
 

Mobile Practices European Release Final 27 04 11

  • 1. NEWS RELEASE Visa Europe Releases Mobile Acceptance Security Best Practices Establishes security guidelines necessary for ensuring stakeholder trust in mobile acceptance solutions Visa Europe in cooperation with Visa Inc. today issued a set of mobile acceptance security best practices for software and hardware providers, retailers and their acquirers. These best practices form part of Visa Europe’s ongoing strategy to advance security measures to help protect cardholder and account data when using consumer mobile devices such as smart phones to facilitate the acceptance of card payments. These best practices build upon Visa Europe’s leadership in the areas of encryption and tokenisation technologies which can be used to both simplify and reduce the costs of implementing and maintaining a secure acceptance solution. Encryption and tokenisation technologies are designed to work hand-in- hand with EMV chip acceptance and have already proven to be suitable to different retail and payment processing environments. Mobile technology is enabling a growing number of small and medium-sized retailers to accept payments using mobile devices. As retailers harness the power of mobile technology to accept payments and grow their businesses, the industry must also build in adequate controls and security measures to maintain stakeholder trust in electronic payments. As mobile devices and acceptance attachments are not designed to the same security requirements as traditional payment terminals, and retailers do not currently control the security of the network environments to which their acceptance devices connect wirelessly, there are important security considerations above and beyond those for traditional payment acceptance solutions. These best practices are intended for two distinct audiences – mobile payment acceptance application and software/hardware solution providers as well as acquirers and retailers who use these solutions. “By engaging with industry in issuance of these best practices, and leveraging existing Visa guidance, we can ensure that any mobile acceptance solution deployed is both secure and suitable from the outset,” said Stanley Skoglund, Head of Payment Systems and Enterprise Risk, Visa Europe. “EMV chip, widely adopted across Europe, has proven itself as a powerful technology that underpins Visa Europe’s vision for securing all face-to-face transactions, and has directly contributed to our success in tackling fraud.
  • 2. Visa Releases Global Best Practices for Mobile Payment Acceptance Security Solutions – Page 2 “Visa Europe will continue to deliver value to its more than 4,000 European member banks by moving to practical and cost-effective solutions that offer maximum protection both to retailers and cardholders.” To promote the security and integrity of the payment system, Visa is committed to helping mobile payment acceptance providers, vendors, retailers and acquirers better understand their responsibility to keep account data secure when using mobile payment acceptance solutions with consumer devices such as smart phones. For mobile payments to reach a critical mass, they must work everywhere, every time, with the same reliability of Visa payments today. For more than 50 years, Visa has set a high bar for robust security, privacy protections, and guaranteed payment to retailers and global acceptance ubiquity. Retailers, consumers and financial institutions should expect the same standards for mobile acceptance solutions. A complete version of Visa’s Best Practices for Mobile Payment Acceptance Practices may be found online at www.visaeurope.com/ais. An abbreviated version is provided below. Best Practices for Vendors: Goal Best Practice Design and 1. Provide payment acceptance applications and any associated updates in a implement secure secure manner with a known chain of trust. mobile payment 2. Develop mobile payment acceptance applications based on secure coding acceptance solutions. guidelines. 3. Protect encryption keys that secure account data against disclosure and misuse in accordance with industry-accepted standards. Ensure the secure 4. Provide the ability to disable the mobile payment acceptance solution. use of mobile 5. Provide functionality to track use and key activities within the mobile payment acceptance payment acceptance solution. solutions. Limit exposure of 6. Provide the ability to encrypt all public transmission of account data. account data that 7. Ensure that account data electronically read from a payment card is could be used to protected against fraudulent use by unauthorized applications in a commit fraud. consumer mobile device. 8. Provide the ability to truncate or tokenize the Primary Account Number (PAN) after authorization to facilitate cardholder identification by the merchant. 9. Protect stored PAN data and/or sensitive authentication data.
  • 3. Visa Releases Global Best Practices for Mobile Payment Acceptance Security Solutions – Page 3 Best Practices for Merchants: Goal Best Practice Ensure the secure 1. Only use mobile payment acceptance solutions as originally intended by an use of mobile acquiring bank and solution provider. payment acceptance solutions. Limit the exposure of 2. Limit access to the mobile payment acceptance solution. account data that 3. Immediately report the loss or theft of a consumer mobile device and/or may be used to hardware accessory. commit fraud. Prevent software 4. Install software only from trusted sources. attacks on consumer 5. Protect the consumer mobile device from malware. mobile devices. This is the first version of these best practices to support the growth of the emerging mobile acceptance channel. Visa Europe will continue to refine and update the best practices based on industry feedback. Beyond the best practices, vendors, merchants and acquirers are expected to follow all Visa requirements for magnetic stripe, chip and contactless acceptance. They should also adhere to the principles set forth in the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standards (PA-DSS). Additionally, on top of following Visa Europe Operating Regulations, acquirers must also be in compliance with all local laws and regulations regarding sponsored merchants, including adequate Know Your Customer (KYC) and Anti-Money Laundering (AML) due diligence. ###