Mobile POS & PCI Compliance

This holiday season as you head out to try and find that perfect gift for a loved one or friend, you may be able to circumvent the dreaded line at the register. NPR had an article on the 10th that highlighted the positive points of businesses using mobile POS instead of or in conjunction with the traditional cash register.

Within the article, NPR highlights Nordstrom, a women’s shoe department. Armed with a modified iPod Touch, associates can assist shoppers in trying on or comparing items. Once they’re ready to buy, they can scan the tag, then the credit card right in the aisles. Colin Johnson, the public relations director at Nordstrom explains, “We are always going to have a place for the cash and we’ll certainly take care of however the customer wants to pay, but we do see the future as essentially completely mobile.”

Keeping busy shoppers out of long lines will undoubtedly make customers happy, but the business itself can find new opportunities in a mobile POS (Point-of-Sale) system as well. Slimming the time between the decision and the purchase means lessening the time that customers have to change their mind about what they’re about to buy. The technologies can be cheaper too, alleviating some costs for the owners.

Also mentioned was the ability to tether the entire inventory onto that mobile device, so shoppers can decide what they’d like by browsing online, and then it can be ordered through the store if not in stock. This can help decrease the instance of markdowns by moving inventory to where it’s needed, instead of having it sold at a reduced price in a store that isn’t seeing the sales, or worse, not sold at all. Mobile POS, coupled with SaaS applications can allow a flexibility that many brick-and-mortar stores can leverage in order to stay competitive in an increasingly hi-tech environment.

While mobile POS can prove to be a cost-effective tool for the retail industry, the PCI SSC (Payment Card Industry Security Standards Council) acknowledges three major risks associated with mobile payment transactions: data entering, residing and leaving the mobile device are at risk of interception or unauthorized access. Creating server-side controls is one method of preventing unauthorized access to credit cardholder data. For a full list of controls and mobile payment security recommendations, read PCI Mobile Payment Security Recommendations Released by PCI SSC.

The PCI SSC recommends that credit cardholder data should be temporarily stored in a secured storage environment before processing and authorization. A PCI compliant data center with the proper physical, technical and administrative security in place can provide a protected environment for account data. Ensure your data center operator can provide PCI compliant hosting and an attestation of compliance with the latest PCI DSS standards, version 2.0.

PCI Compliant Hosting White PaperFor a detailed list of hosting requirements and the complete anatomy of a PCI compliant hosting stack, read our PCI Compliant Hosting white paper.

Related Links:
Franchise Point-of-Sale (POS) Systems Targeted in Nationwide PCI Data Breach
Initially brought to the company’s attention on Sept. 14, the large bookstore chain Barnes & Noble suffered a data breach at the hands of hackers that stole credit cardholder data from 63 stores nationwide. Hackers accessed the customer keypads located … Continue reading →

8 Questions to Ask Your PCI Hosting Provider
If you’ve decided to outsource PCI compliant hosting to a third party, you’ll need to look for certain indicators of compliance to ensure you’re doing your due diligence. Investing time before signing a contract can potentially prevent a data breach … Continue reading →

Disaster Recovery & Backup with PCI Hosting Providers
I wrote about PCI compliant hosting data storage guidelines last week, and transparency with PCI cloud hosting providers in July, but not much focus has been placed on the PCI DSS standard 12.9.1 that requires organizations to create an incident … Continue reading →

facebooktwittergoogle_pluspinterestlinkedinmail
This entry was posted in PCI Compliance and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>