Thanks to a reader who gave me an idea for a blog post! You can suggest your own topics here.

Mobile payments means a lot of things to a lot of people. Is it paying for things with that fancy iPhone app? Is it a Wi-Fi or cellular linked payment terminal? Is it paying for things with your cell phone using either an SMS-based payment or a Near-Field Communication (NFC) transaction? For the purposes of this post, I want to focus solely on SMS-Based or NFC transactions that would originate from the buyer’s cell phone.

Please Pay Here 3-14-09 19, by stevendepolo

AT&T, T-Mobile, and Verizon announced last week the formation of ISIS, a mobile payment network that looks to capitalize on the per-transaction revenue that can be earned by facilitating cashless payments. In the press release they discuss enabling this with “smartphone and near-field communication (NFC) technology” using “Discover’s national payment infrastructure as well as Barclaycard’s expertise in contactless and mobile payments.” How would this impact PCI DSS?

The way that I interpret this type of structure, the payment will be transacted one of two ways. Either the user will see the payment show up on their cell phone bill (which may be paid for by a credit card), or the smartphone itself will have a Discover NFC chip put in it like Visa’s payWave or MasterCard’s PayPass™. In both cases, PCI DSS is already addressed by either the cell phone company using your payment card to collect cash, or by the merchant’s compliance.

SMS-based payments are conceptually simpler because it would be handled entirely inside the scope of the cellular network’s connections, and would not need to jump into a traditional payment processing network ((With the exception that some SMS-based payment recipients store your credit card and charge it with the payment amount, like RideCharge.)). That may create a need for standards to be created for companies that process and accept SMS-based payments, but that is outside the scope of PCI DSS. Both of these types of payments (SMS and NFC) exist today.

This post originally appeared on

Possibly Related Posts: