One of the many benefits of having an eCommerce site is that your customer can reach you wherever they are through their mobile device. However, the ease of the shopping experience for your customer leads to bigger concerns for the store owner, namely maintaining PCI Compliance on a mobile platform.
One of your customers’ biggest worries is the security of their information when they are purchasing from your online store, and adding the unpredictability of the mobile world complicates the issue even more. The following points are aspects of the PCI Mobile Guidelines to keep in mind to ensure the security of your customers’ sensitive information.
Secure the data stored within the mobile device
A major mistake made by eCommerce store owners is the unsafe storage of sensitive data. This includes anything from banking and payment information (PINs, credit card numbers) to passwords and location information. An article from March stated that malware attacks targeting Android platforms increased 600% in the previous 12 months. Secure data storage is a crucial line of defense against such attacks.
Store any sensitive data encrypted
Encrypting personal and sensitive information helps to prevent the unauthorized retrieval of your customers’ information. Additionally, encrypting sensitive data prevents an intentional or accidental data leak.
Store only the data that is absolutely necessary
The less personal information being transmitted, the less personal information susceptible to theft.
Secure the data when it is entered into or transmitted out of the mobile device
Preventing the interception of a customer’s information is another way to ensure the safety of your customer’s data.
Use a secure payment acceptance method
The first step here is to make sure that your payment method meets any and all policies set to ensure the safety of transmitted payment information. It is also important to make sure that the data is being transmitted via a secure communication channel.
Make sure sensitive data is encrypted
Again, encryption is key to maintaining the safety of sensitive data. Mobile eCommerce shoppers are most likely using a wireless connection or, even less secure, public Wifi. Storing data encrypted lessens the chance of it being retrieved by a malicious third party. A recent report states that there were 24.7 million samples of new mobile malware last year, making the storage of encrypted data all the more important.
Be aware of unauthorized network connectivity
This includes remote communications and API calls.