Spears Legal Technology


This blog is a resource guide for informational purposes only, and not the delivery of legal, technical or other professional advice. Using the information provided on this blog does not constitute an attorney-client relationship. If you need legal advice, please consult your lawyer.

PCI Mobile Payment Guidelines At Least 10 Months Away

First, a bit of background for those that might be new to PCI:

The PCI Security Standards Council (PCI SSC) was formed in 2006 by five global payment companies: American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. These five companies agreed to incorporate the PCI Data Security Standards (PCI DSS), to provide technical and operational requirements for protecting cardholder data. Generally these requirements are not laws, but are enforceable under private contract and stipulated by each card brand. A few states however, including Minnesota, have passed laws that force components of the PCI DSS into law.

But as technology evolves, so must the standards. One major development has been the emergence of mobile payment options. As retailers like Starbucks busily develop their own mobile payment applications, the PCI SSC must now formulate a strategy to deal with the changing environment. According to the website Storefront Backtalk, that evaluation may take a while:

Even if the 10 months estimate is correct—and it certainly sounds reasonable—that’s the earliest point for the guidelines to be released. It will still be many months after that before it would be the law of payment and potentially more months after that before compliant applications are available, not to mention compliance with carriers, handsets, chips, readers and all the other elements of the just-barely-already-defined mobile-payment infrastructure.

In the meantime, retailers are sure to continue developing their mobile payment systems in spite of this uncertainty. Evan Schuman from Storefront Backtalk provides an excellent analysis of the pros and cons related to moving forward without PCI standards in place. It's worth reading the entire article.

UPDATE (6/24): Schuman now reports that there may be an interim fix before the end of summer.
blog comments powered by Disqus