[stock-market-ticker symbols="FB;BABA;AMZN;AXP;AAPL;DBD;EEFT;GTO.AS;ING.PA;MA;MGI;NPSNY;NCR;PYPL;005930.KS;SQ;HO.PA;V;WDI.DE;WU;WP" width="100%" palette="financial-light"]

Visa Europe Releases Mobile Acceptance Security Best Practices

27 aprilie 2011

April 27, 2011 – Visa Europe today issued a set of mobile acceptance security best practices for software and hardware providers, retailers and their acquirers. These best practices form part of Visa Europe’s ongoing strategy to advance security measures to help protect cardholder and account data when using consumer mobile devices such as smart phones to facilitate the acceptance of card payments.

These best practices build upon Visa Europe’s leadership in the areas of encryption and tokenisation technologies which can be used to both simplify and reduce the costs of implementing and maintaining a secure acceptance solution. Encryption and tokenisation technologies are designed to work hand-in-hand with EMV chip acceptance and have already proven to be suitable to different retail and payment processing environments.

Mobile technology is enabling a growing number of small and medium-sized retailers to accept payments using mobile devices. As retailers harness the power of mobile technology to accept payments and grow their businesses, the industry must also build in adequate controls and security measures to maintain stakeholder trust in electronic payments.

As mobile devices and acceptance attachments are not designed to the same security requirements as traditional payment terminals, and retailers do not currently control the security of the network environments to which their acceptance devices connect wirelessly, there are important security considerations above and beyond those for traditional payment acceptance solutions. These best practices are intended for two distinct audiences – mobile payment acceptance application and software/hardware solution providers as well as acquirers and retailers who use these solutions.

“By engaging with industry in issuance of these best practices, and leveraging existing Visa guidance, we can ensure that any mobile acceptance solution deployed is both secure and suitable from the outset,” said Stanley Skoglund, Head of Payment Systems and Enterprise Risk, Visa Europe. “EMV chip, widely adopted across Europe, has proven itself as a powerful technology that underpins Visa Europe’s vision for securing all face-to-face transactions, and has directly contributed to our success in tackling fraud.”

A complete version of Visa’s Best Practices for Mobile Payment Acceptance Practices may be found online at www.visaeurope.com/ais. An abbreviated version is provided below.

Best Practices for Vendors:

Goal Best Practice
Design and implement secure mobile payment acceptance solutions.
  1. Provide payment acceptance applications and any associated updates in a secure manner with a known chain of trust.
  2. Develop mobile payment acceptance applications based on secure coding guidelines.
  3. Protect encryption keys that secure account data against disclosure and misuse in accordance with industry-accepted standards.
Ensure the secure use of mobile payment acceptance solutions.
  1. Provide the ability to disable the mobile payment acceptance solution.
  2. Provide functionality to track use and key activities within the mobile payment acceptance solution.
Limit exposure of account data that could be used to commit fraud.
  1. Provide the ability to encrypt all public transmission of account data.
  2. Ensure that account data electronically read from a payment card is protected against fraudulent use by unauthorized applications in a consumer mobile device.
  3. Provide the ability to truncate or tokenize the Primary Account Number (PAN) after authorization to facilitate cardholder identification by the merchant.
  4. Protect stored PAN data and/or sensitive authentication data.

Best Practices for Merchants:

Goal Best Practice
Ensure the secure use of mobile payment acceptance solutions.
  1. Only use mobile payment acceptance solutions as originally intended by an acquiring bank and solution provider.
Limit the exposure of account data that may be used to commit fraud.
  1. Limit access to the mobile payment acceptance solution.
  2. Immediately report the loss or theft of a consumer mobile device and/or hardware accessory.
Prevent software attacks on consumer mobile devices.
  1. Install software only from trusted sources.
  2. Protect the consumer mobile device from malware.

This is the first version of these best practices to support the growth of the emerging mobile acceptance channel. Visa Europe will continue to refine and update the best practices based on industry feedback.

Beyond the best practices, vendors, merchants and acquirers are expected to follow all Visa requirements for magnetic stripe, chip and contactless acceptance. They should also adhere to the principles set forth in the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standards (PA-DSS). Additionally, on top of following Visa Europe Operating Regulations, acquirers must also be in compliance with all local laws and regulations regarding sponsored merchants, including adequate Know Your Customer (KYC) and Anti-Money Laundering (AML) due diligence.

In Europe, there are 427 million Visa debit, credit and commercial cards. In the 12 months ending December 2010 those cards were used to make purchases and cash withdrawals to the value of €1.6 trillion. 12.5% of consumer spending at point of sale in Europe is with a Visa card, and more than 70% of that is on Visa debit cards.

Visa Europe is owned and operated by more than 4,000 European member banks and was incorporated in July 2004. In October 2007, Visa Europe became independent of the new global Visa Inc., with an exclusive, irrevocable and perpetual licence in Europe.

Adauga comentariu

Noutăți
Cifra/Declaratia zilei

Anders Olofsson – former Head of Payments Finastra

Banking 4.0 – „how was the experience for you”

So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”

Many more interesting quotes in the video below:

Sondaj

In 23 septembrie 2019, BNR a anuntat infiintarea unui Fintech Innovation Hub pentru a sustine inovatia in domeniul serviciilor financiare si de plata. In acest sens, care credeti ca ar trebui sa fie urmatorul pas al bancii centrale?