Gartner Blog Network


Will the PCI Standard lose relevance in the Mobile World?

by Avivah Litan  |  February 13, 2012  |  Comments Off

Did I miss something? The PCI Council was supposed to finish guidelines for mobile payment card acceptance in 2011, but I can’t find any update on their website. Having just returned from “The Valley” where most security professionals are headed soon for the RSA Security Conference, I can reaffirm (as if anyone needs reminding) that mobile devices are the new desktops . Accordingly, there are lots of innovative developments around mobile payments – both on the payer and the payee side, even when it comes to credit and debit card payments.

So where is the PCI Security Council? And why aren’t they getting ahead of the rush to mobile payments and mobile payment acceptance?

I know where at least one of their founders, Visa is. Investing and backing Square, one of the more innovative payment card acceptor applications out there that is allegedly growing by leaps and bounds, even in the absence of a PCI standard for mobile payment acceptance.

Walk into any Apple store around the world and you will see the sales people there also ‘ignoring’ PCI standards by accepting payments on non-PCI certified mobile payment devices.

I realize it’s tough to develop standards for the non-standard mobile environment, but no one said the PCI Council should have it all easy. It just makes me wonder what the purpose of the council and the PCI standard itself is from the viewpoint of the card companies. If anyone has any ideas, please let me know.

Category: 

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.