Security Compass Provides Insight Into PCI Mobile Payments Security

January 22, 2019         By: Steven Anderson

The Payment Card Industry (PCI) is easily one of the leading regulatory operations out there. Its digital security standards (DSS) is one of the great playbooks by which payment card and mobile payments providers work to ensure the best user experience. Recently, PCI released new standards, and Security Compass–who had a hand in their development–dropped word our way not only about the new standards, but about its own role therein.

One of the big new changes in the PCI standards is exemplified by two new documents, the Secure Software Lifecycle Requirements and Assessment Procedures and the Secure Software Requirements and Assessment Procedures. These two documents–in cooperation with the Validation Program, the third new entry into the PCI standards–provide a complete framework for managing security in payment software.

Security Compass, meanwhile, contributed to the development effort by lending its COO, Rohit Sethi, to help build the new standards. Sethi served as an expert contributor and overall community member, offering insight into what best practices should be established that weren’t already, and in what compliance standards should be part of a software lifecycle.

Additionally, Security Compass’ SD Elements policy-to-procedure platform incorporates several of these new elements, offering a basic foundation for compliance with the new PCI standards. It includes just-in-time training, force multipliers for security developments, automated threat modeling systems and more.

We all know what a problem security is for mobile payments. It’s still keeping people out of the market, and the more we can do to narrow the gap between expectations and reality, the better the chance we can get mobile payments to finally go mainstream. Yet we also know that those who would beat security are constantly trying to find workarounds, thus we need to modify the standards appropriately to fend off those attacks. Plus, we need to make these standards sufficiently easy to execute that people actually put the tools to work, which is vital to ensure the overall security of our mobile payments tools.

It’s tools like the PCI security standards that will help get us there, and companies like Security Compass that will allow us to build these vital new standards.