Mobile Payment Processing Security Best Practices For PCI Compliance


Mobile credit card processing solutions are one of the fastest growing trends among merchants in all industries. Everyone from taxi drivers to restaurants to home party sales representatives are using mobile card readers to accept payments for products and services, without the need for complex cash register systems, dedicated card terminals, or collecting credit card data to enter into the ordering system later. That is why you need to accept credit cards at your business, too.

Mobile payment processing is ideal for those businesses that may not always be in the same location, such as food trucks or vendors at festivals and fairs, and offers a number of appealing features like an automatic receipt delivery service and easy reporting tools, but they also come with some significant security risks.

The fact is our increasing reliance on mobile for everything, not just payment processing, has made smartphones and tablets an attractive target for cybercriminals. The typical mobile device is a veritable gold mine of useful data for the typical hacker; from email login information to financial data, there is more than enough data on most phones for even an inexperienced hacker to steal and sel. Now imagine that your device contains payment data for your business, and your phone becomes even more attractive.

That’s why, if you accept payments using a mobile credit card reader, you have an even greater responsibility to secure your device than the typical consumer does. To do so, you need to follow a few basic security best practices.

Start With the Right Device

No, this isn’t another Android vs. Apple debate. Either operating system can be safe for mobile payments when properly secured. However, a device that is rooted or jailbroken — that is, the operating system has been altered in some way using hardware exploits — is never a good choice for a device that will be used to accept payments. Jailbroken devices might offer some advantages in terms of flexibility in applications, carrier choice, and customization, but they also come with major security risks. Such devices are more vulnerable to malware since the built-in protections from harmful code have been compromised.

It’s also risky to use secondhand devices for accepting mobile payments, which is something that not many people consider when they start a clothing company. Even devices that have been restored to their original settings may contain malware or vulnerabilities that you can’t see, leaving your payment processing open to theft. Your best bet? Purchase new devices from authorized dealers or the manufacturer to ensure that all of the latest security updates are installed.

Ensure Compliance

PCI compliance is a a necessary element of mobile payment processing security. Maintaining PCI compliance is one of the most important responsibilities for merchants and business owners like yourself to take care of. Making sure to uphold those standards helps reduce the risk of mobile payment security threats. There are 12 PCI data security standards. Be certain to follow each and every one of them year round at your retail shop.

Get The Right Solution

In addition to having a secure device, in order to ensure the security of your mobile payment processing, you have to pick the best mobile payment processing software. Preferably one with the secure AVS processing for credit cards. Your solution? That is up to you. However, it must be mentioned that many, many businesses choose Square for their mobile payment processing solution. Square offers straightforward pricing with fast deposits and simple setup and processing. In addition if something does unfortunately go wrong, the company has a set of professionals dedicated to finding the solution to your problem. That is absolutely imperative to mobile payment security for your business.

Physically Secure the Device


Another major risk to mobile devices used for payments is loss or theft. Studies show that at least 25 percent of all smartphone owners have either lost their phones or had them stolen, and the numbers are only rising. Not only should you physically secure mobile devices when they aren’t in use, but employ all of the security protocols at your disposal to prevent unauthorized access to the device should it fall into the wrong hands. This includes password protecting the device, using biometric or two-factor authentication when available, installing device-locator applications, and using tools to remotely lock or wipe the device of all data if it is lost or stolen.

Protect Against Malware

Aside from physical theft, malware presents the greatest risk to the security of your mobile payment device. Mobile malware is a growing problem, with criminals spreading the harmful software via phishing emails and texts about financial consulting, embedding the malware into applications, and even infecting websites with mobile-specific malware.

So far, the most common malware has been focused on spreading spam and subscribing users to premium text services, but malware has the potential to give hackers access to all of the data on your phone, including contact lists, text and email messages, and application data, as well as gain access to the phone’s microphone and camera to effectively spy on you.

To avoid malware infection, install antivirus and antimalware protection on phones or tablets from all telecom carriers, and follow the best practices when it comes to selecting other applications for your device. Be selective in the apps you add to the phone; if you’re using it to collect payments for your business, is it necessary to add multiple games or other questionable apps as well?

Regularly updating your device’s operating system every time new versions are released can also protect against malware, since most malware is developed to exploit the vulnerabilities in outdated operating systems.

Choosing a mobile credit card reader that prioritizes security and provides guidance and tools to protect your transactions and your customers’ data is also an important part of mobile payment security. By following these best practices along with your processor’s recommendations, you shouldn’t have any trouble keeping your data safe from the prying eyes and sticky fingers of cybercriminals.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll To Top