Merchants' council: BYOD is not a best practice
Retailers should be wary of allowing employees to use consumer-grade devices for processing credit card transactions, unless the appropriate security measures, including encryption, have been deployed, advises the PCI Security Standards Council. The standards body's latest guidelines do not recommend BYOD as a best practice, reports Ellen Messmer at Network World.
Because employee-owned smartphones and tablets are likely to be used for non-work purposes and taken outside the workplace, the odds that they will be lost or stolen are significant. Any BYOD device used to process payments should have an encrypting PIN pad and an approved secure card reader, the council advises.
The council is calling for the adoption of other security controls--for example, anti-virus and authentication programs--as well as better information from vendors about vulnerabilities and security updates. For now, merchants are best off using PCI-validated encryption for smartphones and tablets.
- see Ellen Messmer's article at Network World