Alaap Shah, an Associate in the Health Care and Life Sciences practice, in the Washington, DC, office, was quoted in an article titled "Credit Card Group Issues Guidance for Mobile Payment Apps."
Following is an excerpt:
The Payment Card Industry Security Standards Council's guidelines focus on methods of preventing the compromise of personal information when it is entered into, stored on and transmitted from mobile devices, in an attempt to increase the security of mobile transaction methods that are becoming increasingly prevalent in the marketplace, according to an announcement released at a Sept. 13 council meeting. …
In the rapid-growth industry of mobile technology, such guidelines are long overdue, according to Alaap B. Shah.
"Like most regulation of mobile applications, the PCI guidance lags behind the rapid rate of adoption," Shah told Law360Wednesday.
Shah says that while the convenience and efficiency of mobile payment over wired-terminal transactions appears likely to make mobile payment the preferred payment method for many businesses, it is unclear if those who employ mobile payment technologies are prepared to properly safeguard the transactions.
Mobile applications are particularly vulnerable to security breaches from a number of avenues, including downloading viruses posing as applications, downloading files infected with malware, or the loading of malicious software through remote hacking, according to Shah.
"As the regulatory authorities scramble to catch up with mobile application development, it is likely just a matter of time until a breach of payment card information results from a lack of security safeguards on mobile devices," Shah said.