PCI: New Focus on Mobile

New PCI Council Chair Sets 2012 Agenda

By , February 10, 2012.
PCI: New Focus on Mobile
Read Transcript

Mike Mitchell, new chair of the Payment Card Industry Security Standards Council, says mobility is among his top priorities for action in 2012. How will emerging technologies influence the standard?

Beyond mobile payments, point-to-point encryption, tokenization and more compliance training are also PCI priorities for 2012.

"We have special interest groups that will be looking at how to take a risk-based approach to the next level," Mitchell says. To get there, those groups are addressing payments security concerns for merchants, financial institutions and any other entity that has to comply with the PCI Data Security Standard.

Because of its increasing adoption and anticipated growth, mobile poses increasing concern. Inevitably, the council will have to address security risks for payments, adds PCI SCC General Manager Bob Russo.

"The adoption of mobile is running rampant, and when it comes to using personal mobile devices, people have not thought about all of the security," Russo says. "We have a task force looking at this, and in 2011 we issued some guidance. This year we will be issuing some best practices."

Mobile payments have the potential to transform the industry. "But with that potential are increased risks and increased vulnerabilities," Mitchell says. "We want security to remain at the center of the payments evolution," which means organizations have to address mobile risks proactively.

Addressing security concerns surrounding mobile, and other emerging payments options, with risk in mind is a given. For the council, mobile security is requiring a deeper review of the security advantages provided by the Europay, MasterCard, Visa standard. How can EMV improve the security of mobile payments? The PCI SCC aims to find out.

During this interview, Mitchell and Russo discuss:

  • How the PCI SCC is working to evolve its outreach and educational strategies to improve and enhance understanding about the PCI-DSS;
  • How end-to-end or point-to-point encryption and tokenization will complement payments security and encourage ongoing PCI compliance;
  • Why EMV cannot replace the need for PCI compliance.

Mitchell is the vice president of global network operations for merchant data security at American Express. With 15 years at AmEx, Mitchell has extensive experience managing global processes and programs designed to improve payment security. In his current role, he oversees information security policies, risk management functions and global compliance operations.

Russo brings more than 25 years of high-tech business management, operations and security experience to his role as the general manager of the PCI Security Standards Council. Russo guides the organization through its crucial charter, which is focused on improving data security standards for merchants, banks and other key stakeholders involved in the global payment card transaction process. To fulfill this role, Russo works with representatives from American Express, Discover Financial, JCB, MasterCard Worldwide and Visa International to drive awareness and adoption of the PCI Data Security Standard.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Web Attacks: How to Improve Defense

Nobody wants to be a cyber-attacker's first victim. But there are benefits to being second or...

Latest Tweets and Mentions

ARTICLE Web Attacks: How to Improve Defense

Nobody wants to be a cyber-attacker's first victim. But there are benefits to being second or...

The ISMG Network