PCI releases help for retailers using mobile to take sales

The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.

The brief fact sheet (PDF) lists guidance both for merchants wanting to utilize third-party software to accept mobile payments and for those that want to build their own handheld point-of-sale devices.

Issued by the PCI Security Standards Council, which oversees three frameworks, chief among them the PCI Data Security Standard (PCI DSS), the fact sheet provides retailers with an understanding of their responsibilities.

If they are using an off-the-shelf payment acceptance product, the guidance recommends that they seek a valid card reader that uses point-to-point encryption.

For companies designing a home-grown solution, they must ensure similarly that they are using an approved PIN entry device or card reader to capture and encrypt card details. In addition, the solution must comply with PCI DSS.

"We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards," said Bob Russo, the council's general manager.

Daniel Butler, vice president of retail operations at the National Retail Foundation, the industry's largest trade association, said retailers recognize the benefits of mobile payment acceptance devices -- to alleviate the burden on checkout lines during busy days and to accommodate off-site events -- but so far few have deployed them.

Instead, merchants currently are testing solutions while they gauge the cost of entry, which includes security dollars.

"Where most retailers are at right now is, 'What is the investment to get into this, and when is it going to be worthwhile to make that investment?'" Butler told SCMagazine.com on Wednesday.