The Merchant Maven posted a release about Merchant Warehouse’s new Blackberry version of MerchantWARE, following in the footsteps of the apparently successful iPhone application.  This new trend is yet another example of a need for good moble payment security.

My Old Cell Phone, by Oracio Alvarado

My Old Cell Phone, by Oracio Alvarado

While the software company states that the application complies with both PCI DSS and PABP, it is not listed on the official Validated Payment Application list as either validated under PABP or PA-DSS.  That only means that they have not had an assessment performed and paid the required fees to get it listed on the site.

Acquirers are wary of Point of Sale (POS) vendors and POS implementers, all because of a few bad apples.  The restaurateur is at a particular disadvantage.  A high failure rate and a desire to carry a small amount of debt when opening a restaurant (see high failure rate) causes some of the same equipment to be used in multiple locations throughout its usable lifespan.  Not just tables, chairs, and griddles, but POS terminals as well.  This means that some of the same vulnerable equipment keeps surfacing because proprietors simply don’t know they need to upgrade.

The card brands, specifically Visa, have invested heavily to fix this.  First, by starting the Payment Applicaiton Best Practices program (now the Payment Application Data Security Standard), and later by imposing certain payment application mandates on new (and soon to be existing) merchants.

Merchant education is getting better, but you will do yourself a favor by ensuring that any third party POS applications you rely on for your business are listed on the Validated PA-DSS applications, and be sure that you keep up with the patches associated with that version.

This post originally appeared on

Possibly Related Posts: