{"id":3789,"date":"2017-10-18T16:11:12","date_gmt":"2017-10-18T16:11:12","guid":{"rendered":"https:\/\/www.paymentfacilitator.com\/?p=3789"},"modified":"2022-02-24T22:13:59","modified_gmt":"2022-02-24T22:13:59","slug":"payment-security-the-developers-duty","status":"publish","type":"post","link":"http:\/\/infinicept.com\/payment-facilitator\/expert-perspectives\/underwriting-risk\/payment-security-the-developers-duty\/","title":{"rendered":"Payment Security: The Developer\u2019s Duty"},"content":{"rendered":"<p><strong>This content is sponsored by Vantiv.<\/strong><\/p>\n<p><em>Liz Crider, Vantiv<\/em><\/p>\n<p><strong>Merchants want ease of use. Customers want mobile. Everyone wants security. <\/strong><\/p>\n<p>It\u2019s clear that hackers are taking advantage of unsecured mobile apps and public Wi-Fi networks\u2014both of which are experiencing explosive growth right now\u2014to break into not just the valuable data on retail mobile devices, but within the broader retail network. In a collective haste to rush mobile applications into the hands of consumers, the door is left wide open to cybercriminals.<\/p>\n<p><strong>Payment-enabled mobile applications are running rampant in retail, and their security is of profound importance to developers and ISVs<\/strong><\/p>\n<p>As merchants and consumers alike become more aware of the growing risks associated with mobile applications\u2014specifically those that are payment and customer data-enabled\u2014developers and ISVs are being pressured to ensure that security is \u201cbaked into\u201d their applications.<\/p>\n<p>For a payment application to be deemed PA-DSS (Payment Application Data Security Standards) compliant, the PCI SSC (Payment Card Industry Security Standards Council) mandates developers to ensure that their applications contain 12 protections, including:<\/p>\n<ul>\n<li>Protect stored cardholder data<\/li>\n<li>Provide secure authentication features<\/li>\n<li>Protect wireless transmissions<\/li>\n<li>Cardholder data must never be stored on a server connected to the internet<\/li>\n<li>Encrypt sensitive traffic over public networks<\/li>\n<\/ul>\n<p><strong>The majority of PCI SSC requirements can be met quite simply by enlisting the five \u201cfingers\u201d of payment security:<\/strong><\/p>\n<ol>\n<li><strong>EMV <\/strong>to authenticate the card is not counterfeit<\/li>\n<li><strong>END-TO-END ENCRYPTION (E2EE) <\/strong>to protect the transmission of data<\/li>\n<li><strong>TOKENIZATION <\/strong>to protect stored data<\/li>\n<li><strong>PCI <\/strong>to protect consumer data<\/li>\n<li><strong>ANTI-FRAUD SERVICES <\/strong>to proactively address payment anomalies<\/li>\n<\/ol>\n<p>Of course, these five elements aren\u2019t all the sole responsibility of the developer. A secure payments environment is the product of a collaborative e\ufb00ort among developers, software vendors, dealers\/integrators, acquirers, and merchants. For their part, developers can ensure EMV readiness, E2EE, and tokenization are \u201cbaked into\u201d their applications by working with a merchant acquirer that o\ufb00ers integrated payment solutions.<\/p>\n<p><strong>Developers who employ standard security protocols will di<\/strong><strong>\ufb00<\/strong><strong>erentiate their o<\/strong><strong>\ufb00<\/strong><strong>erings and end up the winners in the long run.<\/strong><\/p>\n<p>Retailers and consumers alike are increasingly demanding highly-secure applications, which make security a cornerstone of the developer\u2019s value proposition.<\/p>\n<p>To get there, many ISVs and developers are finding it attractive to work with a merchant acquirer that can save them from the overhead and expertise associated with aggregating secure technology protocols on their own, and that embrace support of mobile payment applications on the back end. Those developers are realizing the value of partnering with an acquirer that o\ufb00ers an appropriate level of security for the application\u2019s use case based on the five fingers of security, one set of services through unobtrusive integration, and managed security support and services throughout the application\u2019s lifecycle.<\/p>\n<p><em>For more information, read the full Vantiv paper\u00a0here.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Merchants want ease of use. Customers want mobile. Everyone wants security.<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","_FSMCFIC_featured_image_caption":"","_FSMCFIC_featured_image_nocaption":"","_FSMCFIC_featured_image_hide":"","footnotes":""},"categories":[1022],"tags":[261,263,322,671,893,937],"class_list":["post-3789","post","type-post","status-publish","format-standard","hentry","category-underwriting-risk","tag-emv","tag-encryption","tag-fraud","tag-pci","tag-tokenization","tag-vantiv"],"acf":[],"_links":{"self":[{"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts\/3789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/comments?post=3789"}],"version-history":[{"count":2,"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts\/3789\/revisions"}],"predecessor-version":[{"id":8061,"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts\/3789\/revisions\/8061"}],"wp:attachment":[{"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/media?parent=3789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/categories?post=3789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/tags?post=3789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}