Big news Friday as the PCI Security Standards Council released several documents reversing their temporary ban on SOME mobile payment applications for the PA-DSS list. Essentially, purpose built devices are allowed, others are not.
Remember, as long as the device complies with PCI DSS in production, you do not necessarily need a PA-DSS certification to deploy it. It certainly helps the discussions with your QSA or Acquirer, but it is not a requirement. In fact, not all devices CAN comply with PCI DSS, so that should be your first step. Go back to my guide on how to make a mobile device comply with PCI DSS for more information on key areas you need to investigate. If you can install Angry Birds on the device, it might be a bit more challenging than if you cannot.
Possibly Related Posts:
- PCI DSS 4.0 Released plus BOOK DETAILS!
- PCI Council Loses $600K in Revenue, PO Population on the Decline
- Why PCI DSS 4.0 Needs to be a Complete Rewrite
- Orfei Steps Down
- Should you be a PCI Participating Organization?