PCI issues guidance for payment on mobile
This educational resource is the product of the PCI Mobile Working Group and is the result of valuable input from leading merchants, vendors and organizations actively involved in the mobile payment acceptance industry. The document helps clarify and distill some of the more complex technology and security terminology into straightforward, practical guidance that can help merchants to better understand their responsibilities, use Point-to-Point Encryption (P2PE) standard, and choose a mobile payment acceptance solution that fits with the merchant’s PCI DSS responsibilities.
In other terms, PCI SSC reaffirms the need for a PCI PTS (PIN Transaction Security) complaint Pinpad, and a secure reader to perform payment transactions on a mobile device. Both the PCI PTS compliant PINpad and the secure reader must encrypt cardholder data before transmitting it to the Smartphone or tablet. In turn, the mobile device will transmit this encrypted cardholder data to the P2PE (Point-to-Point Encryption) solution provider.