Standards — We all need them. And Visa Inc. today announced best security practices guidelines for dealing with the pending mobile payments acceptance boom. The guidance is geared toward software developers, device manufacturers as well as merchants who use the products. Encryption and tokenization of cardholder data is key in Visa’s security tips. Here are two concrete examples of best practices detailed in today’s release:
Vendor Goal: Design and implement secure mobile payment acceptance solutions.
Best Practices:
1. Provide payment acceptance applications and any associated updates in a secure manner with a known chain of trust.
2. Develop mobile payment acceptance applications based on secure coding guidelines.
3. Protect encryption keys that secure account data against disclosure and misuse in accordance with industry-accepted standards.
Merchant Goal:
Ensure the secure use of mobile payment acceptance solutions.
Best Practice:
Only use mobile payment solutions as originally intended by an acquiring bank and solution provider.
Equally interesting, TechCrunch reports today that Visa has made an investment in Square.