Today, Visa released our mobile acceptance best practices for merchants, software developers and device manufacturers who are using consumer mobile devices to facilitate the acceptance of card payments. Among other things, our best practices call for encryption of cardholder data at the read head. We believe the guidelines foster a better understanding of merchant and service provider responsibilities related to securing cardholder data when a mobile phone is used as an acceptance device.
We are pleased that Square, the Jack Dorsey start-up that enables small businesses to accept card payments through mobile devices, has expressed its support of Visa’s best practices and its intent to adopt them. Today, Square COO Keith Rabois posted a blog on our Security Summit site saying, “The adoption of best practices will help increase trust in innovative payment solutions. Of course, Square complies with all current industry standards, and we are committed to meeting or exceeding industry guidelines as they evolve.”
And, at the Visa Security Summit that we are hosting in Washington, DC today, Square executive Sam Quigley said in response to a question about their future plans that “Square will be releasing an encrypted reader, it will continue to be free, and it will be available this summer.”
Square’s support of our best practices is an important step toward ensuring greater security for mobile acceptance devices.
Posted by: Ellen Richey, Chief Enterprise Risk Officer on April 27, 2011 at 12:47 pm