PCI SSC Nixes PA-DSS Certification For Mobile Payments Applications – For Now

In a not so widely disseminated and tough to find statement, the PCI SSC has basically put the kibosh on the certification of any mobile payment applications for the time being.  The second paragraph of the statement says it all.

“Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape, the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated.”

The statement indicates that the Council will be taking up the topic of how to certify these applications and addressing any changes to the PA-DSS program that may be required.

As I stated in a previous post, mobile payment processing, no matter how you define it, is not the easiest environment to secure.  It is interesting that the Council has seen the light and is also taking a careful approach to this environment.

Hopefully, we shall see next year if the Council comes up with a workable solution.


1 Response to “PCI SSC Nixes PA-DSS Certification For Mobile Payments Applications – For Now”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

December 2010

%d bloggers like this: