So I’m not doing booth duty at RSA this year. Instead I’m sitting in my cube reading RSA blogs, looking through RSA press releases, and listening to RSA podcasts, including the PCI Security as a Lifecycle podcast by Bob Russo, General Manager, PCI Security Standards Council. Like other PCI watchers, I was surprised that the standards organization wasn’t using RSA to make a splash with updated guidelines for mobile payment card acceptance.
After all everyone else is racing to deliver mobile payment apps. PayPal reached $4 billion worth of mobile payments last year, up from $750 million in 2010. The nationwide rollout of Starbucks’s mobile payment system in
Jan of 2011 resulted in three million payments from iPhones and Blackberries. Even regular banks are getting in on the act. I still chuckle at Drew Brees’ son wrecking havoc on the neighborhood with his kicking skills and dad sending mobile payments via Chase Person-to-Person QuickPay. Earlier this month Fast Company ran a story about Barclays with the title “Mobile Payments For Everyone.”
With all that hype, it may seem odd that Russo is stressing the importance of building in security. On the other hand, it occurred to me while watching the Barclays video about their mobile apps, that they have taken the lessons of PCI to heart, i.e. it’s not really about checking off a compliance box once a year. It’s about building security into how you do business. So maybe Russo does have his eye on the right ball after all.
Anyway, I think it’s time for me to sneak in another round of CA Veracode Defender...