GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Join the race to prepaid


Industry Update

PayPal aims for ubiquity with new partnerships

MasterCard's EMV push, introduction of mobile POS

Hactivists nab and leak 1.7 gigabytes of sensitive data

PCI SSC issues mobile help, calls for SIG topics


Payments industry infographic

Research Rundown

Prepaid in ascendance

Selling Prepaid

Prepaid in brief

Repeal of N.J. gift card law advances

CFPB takes first steps to regulate prepaid


Street SmartsSM:
Do your best and move on - no matter what

Jeff Fortney
Clearent LLC

A sense of urgency

Steve Norell
US Merchant Services Inc.

The shifting ground of pricing

Adam Atlas
Attorney at Law

What is the most productive thing you've done today?

Tom Waters
Bank Associates Merchant Services

Marketing your business with YouTube

Peggy Bekavac Olson
Strategic Marketing

Company Profile

Veritrans Merchant Services LLC

New Products

A new 'Jack' in town

PaySaber Jack
USA ePay

Hand-held printer hits stateside

SPP-R300 mobile printer
Bixolon America Inc.


Each sale is a new tent to pitch


10 Years ago in The Green Sheet


Resource Guide



2012 events Calendar

A Bigger Thing

The Green Sheet Online Edition

June 11, 2012  •  Issue 12:06:01

previous next

PCI SSC issues mobile help, calls for SIG topics

The PCI Security Standards Council (PCI SSC) recently issued mobile payment security guidance and called for topic suggestions for its special interest groups (SIGs). Its two-page fact sheet, At a Glance: Mobile Payment Acceptance Security, was created by the council's Mobile Working Group with input from merchants, vendors and mobile payment organizations.

The document was released to help merchants understand their Payment Card Industry (PCI) Data Security Standard (DSS) responsibilities, benefit from the council's point-to-point encryption (P2PE) standard and choose a mobile payment solution that meets their needs. The fact sheet also has information on updates made to the council's PIN Transaction Security (PTS) Requirements.

Giving merchants a hand

Tony Leach, PCI SSC Chief Technology Officer, said, "With this fact sheet we hope to help merchants understand how these standards work and the options that are available to them for accepting mobile payments in a secure and PCI DSS compliant manner." The recommendations for merchants include partnering with a validated P2PE solution provider, using an approved PIN entry device or approved secure card reader, and complying with the PCI DSS.

David Abouchar, Senior Director of Product Management and Development for PCI compliance and security solutions provider ControlScan, said the fact sheet arrived at a "great time" when merchants are feeling the need to meet consumer mobile payment demands. "Until the industry finds a way to harden the security of mobile devices themselves, point-to-point encryption provides a viable way for merchants to accept mobile payments without fear of card data being compromised at the mobile device level," he said.

Greg Anderson, Senior Vice President, Product Development, at POS security provider Phoenix Managed Networks, added, "I think it is great that the PCI Security Standards Council continues to provide guidance to merchants regarding new acceptance technologies. It is incumbent upon the SSC to inform, educate and communicate the security risks of mobile payments and recommended technology options such as P2PE that can be implemented to minimize merchants' risk."

Topics for special interest groups needed

Bob Russo, PCI SSC General Manager, is asking for new topics for its Special Interest Group (SIG) projects. He also said the council created an enhanced web form this year to allow topic submissions online. As of June 1, 2012, submissions are being accepted at The submission period will close July 31.

Russo stated council SIGs are wrapping up work on e-commerce and risk management, two topics suggested in 2011. The final discussion papers will be ready in August. A third SIG report on cloud computing is expected in October.

The PCI SSC also is granting an additional 30 days for proposals this year to allow more time for SIG proposers to be notified and prepare for the council's upcoming Community Meetings where a short list of proposed SIG topics will be discussed and voted on. Topics under consideration will be listed on the PCI SSC website.

"This year was the year of technology," Russo said when asked what topics he expects to see on the 2012 to 2013 list. "Actually it was the year of mobile. We saw the introduction of EMV, and we may see a desire for additional information on EMV even though we did have an EMV SIG a couple of years ago. I also think point-to-point encryption is a possible topic."

For additional news stories, please visit and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios