One of the components of governance, risk management and compliance, or GRC, is compliance. Because compliance regulations change so frequently, it is recommended that it is a shared responsibility as TechTarget explained: The responsibility for compliance is shared by many executives, usually at the vice president level. Human resources, audit, corporate counsel and the CIO […]
One of the components of governance, risk management and compliance, or GRC, is compliance. Because compliance regulations change so frequently, it is recommended that it is a shared responsibility as TechTarget explained:
The responsibility for compliance is shared by many executives, usually at the vice president level. Human resources, audit, corporate counsel and the CIO are all involved in understanding the compliance requirements. The aim in GRC is, first, to coordinate those compliance efforts and processes, and second, to move to a more risk-based approach to compliance.
For instance, the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. Aite Group Senior Analyst Ron van Wezel explained the reason for the new standard in a formal statement:
Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive.
The primary security principles in the standard’s security and test requirements are:
Mobile payments are becoming ubiquitous as a payment option. It makes sense, then, as organizations put a focus on other areas of mobile security, that they are ensuring mobile payment options are equally secure. As PCI SSC CTO Troy Leach stated on a PCI blog post:
This standard will give mobile payment solution providers and application developers a baseline of security requirements for how to enter a PIN into a COTS device, as well as methods to test that security is working, even as updates to the mobile devices and applications occur frequently. This will result in secure solutions that are independently tested to demonstrate PIN is isolated from the EMV data and will provide continuous protection, through ongoing monitoring and other controls.
Is your GRC team prepared for this new PCI compliance?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
