PCI compliance, IT risk management becoming more vital as mobile transforms


The payment card industry is undergoing dramatic changes as more consumers and businesses alike utilize mobile devices for making and managing purchases. PCI compliance is just as important as it used to be, though it is becoming more complex as mobile applications are being created, tested and, sometimes, discarded.

As a result, the PCI Security Standards Council will make mobility one of its priorities in the coming year, according to a BankInfoSecurity report.


"The adoption of mobile is running rampant, and when it comes to using personal mobile devices, people have not thought about all of the security," PCI SSC general manager Bob Russo said, according to the news source. "We have a task force looking at this, and in 2011 we issued guidance. This year we will be issuing some best practices."

In 2012, the PCI SSC will focus heavily on how organizations can keep data secure in mobile platforms. This can be done through end-to-end encryption technologies, PCI compliance training and a number of other techniques, BankInfoSecurity noted.

Mobile commerce has the ability to completely transform the payment card industry. However, chief information officers should ensure they have secure transaction management solutions in place in order to improve their data loss prevention capabilities, the news source continued.

IT risk management and security should be at the center of an organization's mobile commerce strategies in order to decrease vulnerabilities or the chances of unnecessary exposure, PCI SSC chairman Mike Mitchell said, according to BankInfoSecurity.

As the mobile landscape changes, data breaches are becoming more common, harder to avoid and more crippling to the affected organizations. In its 2012 Endpoint Security Best Practices Survey, Symantec found that more than half of survey respondents that encountered a breach in the last year experienced a significant decrease in productivity. Additionally, another 30 percent of global organizations lost revenue, while 24 percent of participants said their reputation was diminished.

Symantec went further to encourage businesses to take a better stand on security risks by educating employees on PCI compliance, ways to improve data protection and their responsibility and accountability if a breach occurs.

According to the report, more than 80 percent of top-tier companies provide IT risk management and security training to employees.

As the mobile commerce world continues to evolve, preparation and education can be powerful tools to assist the transformation.