Merchants' council: BYOD is not a best practice

PCI Security Standards Council urges retailers to be wary of consumer-grade devices
Tools

Retailers should be wary of allowing employees to use consumer-grade devices for processing credit card transactions, unless the appropriate security measures, including encryption, have been deployed, advises the PCI Security Standards Council. The standards body's latest guidelines do not recommend BYOD as a best practice, reports Ellen Messmer at Network World.

Because employee-owned smartphones and tablets are likely to be used for non-work purposes and taken outside the workplace, the odds that they will be lost or stolen are significant. Any BYOD device used to process payments should have an encrypting PIN pad and an approved secure card reader, the council advises.

The council is calling for the adoption of other security controls--for example, anti-virus and authentication programs--as well as better information from vendors about vulnerabilities and security updates.  For now, merchants are best off using PCI-validated encryption for smartphones and tablets.

For more:
- see Ellen Messmer's article at Network World

Related Articles:
Automation helps fashion retailer meet consumer demand
Some merchants rely on whitelisting instead of antivirus software
Retailers adjust to customers' evolving shopping strategies

Filed Under