“Gartner Listed - mobile application security guide”

June 28, 2016

Get ready for PCI-DSS 3.2

PCI app security is a concern that is growing with the rise of mCommerce, mobile payments, and the application of fintech to mobile. Mobile app security risks compete with PCI app security compliance for attention, posing a greater risk to the businesses and consumers who use these apps. There is so much focus on design and User Experience that PCI compliance for mobile apps is often overlooked making it problematic for businesses to to adhere to the PCI Security Standards Council’s rules and regulations.

PCI-DSS 3.2 is coming in October of this year, beginning the process of moving the new standards from best practices to requirements by January 2018 and bringing a number of changes to PCI app security.

PCI-DSS 3.2 is focusing on mobile app security testing, multi-factor authentication, and enforcing a switch from SSL/TLS encryption. Aside from this there are a number of changes organisations need to make to ensure PCI app security

– No local storage of credit card data, this data is at risk even with encryption

– Avoid payment solutions that get users to enter their PIN into the mobile device

– Use Point-to-Point Encryption to secure data before and after transit through the device

– Encourage users to keep up to date with operating systems

– Encourage users to download apps only from trusted app stores

– Update all apps as soon as there are new releases

Codified Security will help you to meet PCIDSS standards for secure mobile app development and mobile app security testing. For automated mobile app security testing of PCI app compliance try out Codified Security.