The document notes that until mobile hardware and software implementations meet the guidelines, merchants should stick to the use of PCI-validated point-to-point encryption as outlined in another document, "Accepting Mobile Payments with a Smartphone or Tablet."
The rapid changes taking place to utilize consumer-grade mobile devices for card processing are also posing security challenges, Russo says. "It's an evolutionary period," he adds, noting that the council will have more to say on this topic in the future. The council anticipates aligning its technical recommendations with certain mobile guidelines now in draft stage at the National Institute of Standards and Technology (NIST). That draft document is NIST 800-164, "Guidelines for Hardware-Rooted Security in Mobile Devices".
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.