PCI Council Officially Swears Off Mobile Apps

The PCI Security Standards Council, as expected, has officially declared it will not sign off on any mobile application for quite some time. If it helps, the Council added that mobile "will be a key focus for the Council in 2011." (Unfortunately, the PCI statement didn't note how many key focuses the Council plans on having next year.)

"Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape," the statement said, "the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated." This statement comes on the heels of a column by StorefrontBacktalk's PCI columnist Walter Conway in which he described this as the Council's position and noted it is permitting—encouraging?—acquirers to fill the void and approve payment applications on their own and then offer them to their merchants.