The PCI Security Standards Council (PCI SSC) announced that it has published the PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users.

"When considering mobile payment acceptance, merchants need to go in with their eyes open. And that’s what the intent of this guidance is, to help merchants understand the risks so that together with developers and device vendors they can safely implement a solution that will enable mobile commerce to flourish."

The guidance goes hand-in-hand with recommendations the Council published in September 2012 for mobile app developers and device vendors on designing appropriate security controls that provide secure mobile payment acceptance solutions for merchants.

On the web:

• PCI Council Issues PCI Security Guidance for Cloud Computing - BankInfoSecurity
• WorldPay To Support Mobile Game Developer Playtox - MobilePaymentsToday.com

On the wires:

• Unbanked Turn to RushCard for Faster, More Convenient Paperless Tax Refunds
• Fifth Third Bank Introduces Mobile Check Deposit Service
• GXS Selects MetraTech Monetization Platform

On the web:

• iZettle, Europe’s rival to Square, hits the UK - GigaOM
• PayPal Teams With Coinstar To Move Cash and Coins Online - PayPal Blog
• Sprint Expands Carrier Billing Options for Google Play Store - GottaBe Mobile
• Credit Card Dispute Goes Before Competition Tribunal in Canada - CBCnews.ca
• PCI Council Urges P2P Encryption For Mobile Payments - TechTarget

On the wires:

• Mercury Payment Systems Acquires Sundrop Mobile
• MasterCard inControl Family Solutions to Launch in Philippines
• 24/7 Card Introduces Powerful Prepaid Visa Debit + Remit Card to the Hispanic Community
• uShip Selects Payoneer’s Innovative, Flexible Payment Solution
• Buck Reports Q1 2012 Mobile Payments Metrics

On the web:

• Cashless Future: Vocalink Demos Mobile Payment Gateway in UK - Computer Weekly
• Dwolla Adds Support For LinkedIn, Allowing You To Send Money To Your Professional Contacts - TechCrunch
• Ryanair Introduces 'free' Cash Passport - This is Money (UK)

On the wires:

• PCI Security Standards Council Publishes Point-to-Point Encryption Validation Requirements
• New Aite Group Report on Impact of 1099-K Regulation on U.S. Merchant Acquiring
• Marquette Bank Selects FIS’ ePayment and eBanking Solutions to Lead eBusiness Channel
• New Mercator Report on Micropayments and Small Ticket Transactions
• Shift4 Integrates with Zen Cart for Online Payments

The PCI Security Standards Council has announced an update to the PCI DSS Wireless Guidelines Information Supplement, providing organizations with the current PCI DSS considerations for implementing wireless technology securely in payments environments. The supplement adds guidance specific to Bluetooth technologies and rogue wireless access points.

The PCI Security Standards Council (PCI SSC)has announced availability of their PCI DSS Tokenization Guidelines Information Supplement, "the latest in a series of SSC guidance documents aimed at providing the market with greater clarity on how specific technologies relate to the PCI Security Standards and impact PCI DSS compliance."

The PCI Security Standards Council (PCI SSC) has announced (PDF) clarity around what type of payment applications are eligible for PA-DSS validation and listing.

The PA-DSS program provides standards for developing software applications that store, process or transmit cardholder data. Not all applications involved in payments transactions are eligible for PA-DSS validation, however. To streamline the understanding and process of identifying payment applications that fall under the PA- DSS program, the Council has released the Which Applications are Eligible for PA-DSS Validation? A Guiding Checklist. (PDF)

The PCI Security Standards Council (PCI SSC) has announced (PDF) the findings of the Council's Virtualization Special Interest Group. "The PCI DSS Virtualization Guidelines Information Supplement provides guidance to those in the payment chain on the use of virtualization technology in cardholder data environments in accordance with PCI DSS."

On the web:

• Justice Department Seeks OK for Pact With Visa, MasterCard - Wall Street Journal
• What is NFC, and why do we care? - Engadget
• SK C&C USA, InComm Will Let Merchants Offer Mobile Payments - Bloomberg
• Citi Says Many More Customers Were Affected by Data Theft - New York Times

On the wires:

• Fifth Third Processing Solutions Changes Name to Vantiv
• First Data Rebrands UK Acquiring Business to First Data Merchant Services
• Report Says Cash is King When it Comes to Credit Card Incentives
• VoiceTrust Expands With Mobile Payments in the Middle East
• Study Finds Mobile Check Deposit Top Reason to Switch Primary Banks
• ThreatMetrix Launches New “ThreatMetrix Fraud Facts”

Headline News is compiled by Glenbrook Partners:

• BOKU Announces Partnership with Gumtree – the United Kingdom’s Largest Online Classifieds
• Nexon Selects PlaySpan’s Monetization Platform For Nexon Cash (NX)
• Avidia Bank Joins the Secure Vault Payments Network
• Kantar Video Taps Zuora to Launch New Global On-Demand Video Analytics Platform
• Global Bay Joins Demandware LINK To Offer Retailers Integrated Apple Mobile POS Solution

• AOL Small Business: Startup mPayy Takes on PayPal with Mobile Payments
• This is Money: Sneaky Fees in Your Credit Card Small Print (UK)
• Bank Info Security: Interview with GM of PCI Security Standards Council
• Digital Transactions: A Closer Look at Fed Payments Study Unveils Some Surprises
• MyBankTracker: Mobile, Social Networks & eCommerce – The Future of the Payment Landscape

The PCI Security Standards Council (PCI SSC) has announced version 2.0 of the PCI-DSS and PA-DSS standards. Reflecting input from the Council’s global stakeholders, this latest version does not introduce any new major requirements, but does modify language of the standard in order to clarify the meaning of the requirements and make understanding and adoption easier for merchants.

The PCI Security Standards Council (PCI SSC) has announced the availability of separate guidance papers on the use of end-to-end (E2E) encryption and EMV technologies in a payment card data environment. The documents are intended to provide the market with greater clarity on how these two specific technologies relate to the PCI Security Standards and impact PCI DSS compliance.

Visa recently announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS).

Ingenico has announced a "comprehensive strategy to provide secure end-to-end solutions to assist merchants in complying with the PCI Data Security Standards." Ingenico says its strategy addresses the entire payment transaction process including: data in flight, data at rest, and architecture. READ MORE »

Heartland Payment Systems and Visa have announced "a settlement agreement under which issuers of Visa-branded credit and debit cards will have an opportunity to obtain a recovery from Heartland with respect to losses they may have incurred from the 2008 criminal breach of Heartland's payment system environment. Heartland will pay up to $60 million to fund the settlement program, which is subject to certain conditions, including a specified level of participation by U.S. Visa issuers. Visa will present details of the settlement to eligible issuers in the coming days." READ MORE »

The Payment Card Industry (PCI) Security Standards Council must take the lead in developing a collaborative approach with merchants in defining more open standards for future PCI Data Security Standard (DSS) requirements, stressed NACS (the National Association of Convenience Stores) and several other trade associations in a June 8 letter to the Council. READ MORE »

Hypercom, Ingenico, and VeriFone have announced the formation of the Secure POS Vendor Alliance - SPVA, a non-profit business organization chartered with implementing common payment security standards among vendors of secure point-of-sale (POS) devices used by retailers, acquirers and cardholders alike. READ MORE »

The US House of Representatives Subcommittee on Emerging Threats, Cybersecurity and Science and Technology is holding a hearing today on the subject: "Do the Payment Card Industry Data Standards Reduce Cybercrime?". Witnesses include representatives from the US Department of Justice, the Payment Card Industry Data Security Standards Council, Visa Inc., Michaels Stores, and the National Retail Federation. A webcast is available.

Heartland Payment Systems has announced that "it has formed an internal department dedicated exclusively to the development of end-to-end encryption to protect merchant and consumer data used in financial transactions. For the past year, Robert O. Carr, Heartland's chairman and chief executive officer, has been advocating for payments industry adoption of this technology - which will protect data at rest as well as data in motion - as an improvement for payment transaction security." READ MORE »

With all of the news this week surrounding the payment card data breach at Heartland Payments Systems, we've added a new section to the Payments News Bookstore with several new books covering the topic of PCI-DSS (Payment Card Industry-Data Security Standard) compliance. If you're aware of any we've missed, please send us Feedback and we'll add them to the bookstore.

In addition to these books about the subject, the PCI Security Standards Council website is a great starting point for learning more about PCI-DSS.

The PCI Security Standards Council (PCI SSC) has announced that it has launched a quality assurance program for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). According to the PCI SSC, "the new program was designed to provide QSAs and ASVs with a set of requirements that helps ensure they provide consistent, quality validation and assessment services to merchants and service providers." READ MORE »

The PCI Security Standards Council, the standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), has announced it will be offering a complimentary webinar, "Understanding PCI DSS Version 1.2,” to be held on Tuesday Nov. 25, 2008 at 11:30 a.m. EST and at 7:30 p.m. EST. The session will be repeated on Wednesday Dec. 17, 2008 at 10:30 a.m. EST and 8:30 p.m. EST. READ MORE »

The PCI Security Standards Council (PCI SSC) has announced the general availability of version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS). According to the Council, "this latest version is the culmination of two years of feedback and suggestions from its industry stakeholders and is designed to clarify and ease implementation of the foremost standard for cardholder account security. Version 1.2 is effective immediately and version 1.1 of the standard will sunset on Dec. 31, 2008. The updated standard and supporting documentation is available on the Council’s Web site at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml." READ MORE »

The PCI Security Standards Council (PCI SSC) has announced the availability of a summary of forthcoming changes to PCI DSS as it moves from version 1.1 to the previously announced version 1.2 in October. READ MORE »

The PCI Security Standards Council has announced the timeline for the release of PCI DSS version 1.2, scheduled for availability in October 2008. According to the Council, the new version of PCI DSS will 'enhance the clarity of its technical requirements, offer improved flexibility and address new and evolving risks and threats.' READ MORE »

The PCI Security Standards Council has announced a complimentary educational webinar, “Understanding the Payment Application Data Security Standard” on Thursday May 22, 2008 at 11:30 a.m. EDT with a second session scheduled the same day at 7:30 p.m. EDT. READ MORE »

The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), has announced the release of version 1.1 of the Payment Application Data Security Standard (PA-DSS). READ MORE »

Taking on an expanded role, the PCI Security Standards Council has announced that it has also assumed responsibility for the PIN Entry Device (PED) Security Requirements that were previously administered under the auspices of JCB, MasterCard International and Visa International.

Avivah Litan from Gartner is out with a new note titled "New PCI Security Standards Council Needs More Power". From the abstract: "The Payment Card Industry Security Standards Council's newly elected Board of Advisors will help to improve stakeholder communication. But the advisors need voting power and expanded authority to resolve problems."

The PCI Security Standards Council (PCI SSC), an independent industry standards body providing management of the Payment Card Industry Data Security Standard (DSS) on a global basis, has announced the results of elections for the PCI SSC Board of Advisors. The Board of Advisors will represent the current roster of nearly 200 PCI SSC Participating Organizations and provide feedback to the ongoing enhancement of security standards managed by the Council.