“Gartner Listed - mobile application security guide 2017”

May 4, 2016

Mobile payments app security – PCI DSS 3.2

The 2016 update to the PCI’s DSS standard, 3.2, is going to create a need for more mobile app security testing among organisations with mobile payments apps as it adds a requirement for two penetration tests each year.

Also notable is the shift from two-factor authentication to multi-factor authentication, this aims to create more obstacles for attackers to use admin credentials to access systems . Now all personnel will be required to use multi-factor authentication.

3.2 also requires organisations focus on testing for compliance after changes are made, this suggests more vigilance on the part of PCI which is needed as we see more mobile and digital payment solutions emerge. However, it remains to be seen whether this will stop hacking given the high profile of companies such as Sony, Target, and Anthem, who were hacked in spite of being PCI compliant.

Other aspects of PCI seem quite relaxed, with the change from older SSL and TLS not required until July 2018.

Codified Security Instant will help you to meet PCI-DSS standards for secure mobile app development and mobile app security testing. To find out whether there are PCI issues in your app please sign up to Codified Security Instant.