When you decided to accept credit cards on an iPhone or other mobile device, you probably had no idea how complicated the PCI Data Security Standards can be. Of course, it still makes a lot of sense to hire a Qualified Security Assessor. But even if you don’t, there are some steps you can follow to make the process a lot easier.
- Be lean and mean. Don’t store your customers’ credit card information, either digitally or in writing. No matter what payment solution you choose, it should not record this data.
- Make sure your web host and ecommerce and shopping cart solutions are PCI compliant. If you don’t see this fact displayed on their websites, ask their support departments. PayPal Standard and Authorize are two popular solutions that are compliant. They are often a less expensive alternative to dedicated servers.
- Consider using a dial-up terminal that connects to your processor via your telephone line. Although dial-up is slower than an IP solution, your “data footprint” is greatly reduced, making it easier to comply with PCI regulations.
- If you choose to use virtual or IP card processing solutions, do so on a separate network. This streamlines and separates your transactions, minimizing security risks and breaches.
- Mobile solutions must also be DSI compliant. To accept credit cards on an iPhone or other mobile device and remain DSI compliant, do all you can to protect your iPhone or Android from hacking, malware, or unauthorized use. Therefore, jailbreaking your iPhone or USB debugging your Droid are not recommended. Use only programs from the authorized app store and conduct all payments on a PCI compliant network.
Following these steps may not remove all your worries about security and compliance. However, they will bring you well on your way to safe and secure mobile transactions. Considering that a BIA/Kelsey survey projects that 56 percent of U.S. small businesses will be using mobile processors by the end of 2013, you’ll be right on the cutting edge.