Mobile PCI DSS compliance essential

New mobile phone products – particularly the latest Android offerings and the launch of Apple’s much-hyped iPhone 5 – will help to drive smartphone sales throughout the remainder of 2012, particularly in Europe and North America according to Gartner.

While the research body recorded a two per cent global decline in the total number of mobile units sold during the first three months of the year, sales for the rest of 2012 will be buoyed by the launch of new Windows and Android operating systems, in addition to the release of new handsets.

Smartphone sales in general continue to be the main driver behind growth in the mobile device market – with sales of this type of handset up 44.7 per cent compared with the same period last year.

In China, demand for third-generation (3G) smartphones is on the rise, thanks to the efforts of local manufacturers ZTE, Huawei, TCL and Lenovo, among others.

As smartphones continue to become more advanced, mobile payment technology is becoming increasingly popular – whether consumers are looking to take advantage of new ‘wave and pay’ checkouts or completing online transactions on their handsets.

This means that mobile payment security and compliance are important considerations for both online and bricks-and-mortar retailers, as efforts need to be taken to ensure customer data remains secure.

All merchants who accept payments – including mobile payments – must remain compliant with PCI DSS requirements. Earlier this year, the PCI Security Standards Council announced that mobile payments would be one of its key areas of focus in the months ahead due to the rapidly-growing popularity of this technology.

Merchant compliance requirements can vary depending on the size and scope of the business – and retailers will undoubtedly want to keep on top of the latest payment trends.

But in spite of the strong take-up of smartphone technology, overall global mobile phone sales are expected to be lower this year, according to Gartner principal research analyst Annette Zimmermann.

She said that the total forecasted smartphone sales figures for 2012 could be adjusted downward by up to 20 million units, due in part to an overall reduction in demand in the Asia-Pacific region and a lower number of new product launches taking place in the first quarter of the year.

This was keenly observed in the wake of Chinese New Year celebrations, which have previously corresponded with a spike in handset sales.

Security audits for mobility and business intelligence operations

Australian firms are focusing more on mobility and business intelligence than ever before, according to a recent report.

The Chief Information Officer Agenda survey performed by Gartner as part of its Executive Programs 2012 initiative covered over 2,000 CIOs around the world – 132 of which were in Australia.

Researchers found that the main drive for these professionals for projects in 2012 was related to extracting value from mobile technologies and business intelligence (BI) operations.

While areas such as cloud services and virtualisation were still ranking well in terms of future planning, the survey found that the increase in adoption rates for smartphones and personal tablets made them less of an immediate priority.

Vice-president of Gartner Andy Rowsell-Jones explained that the new ranking was something of an anomaly for researchers to find.

He asserted: "BI has had a chequered history in Gartner's annual CIO survey. Is it new ideas, new tools, or the triumph of hope over experience that has propelled BI back into the limelight? We will find out over the course of the year."

However, the added amount of information collected and stored by businesses involved in data mining and mobile access also necessitates an increase in security audits and compliance certification, as the value generated by the collection of client details is also widely recognised by malicious online parties.

Red cell testing takes on mobile security

When considering an organisation's digital security, it is commonplace for workers to take into account common features such as password strength and regular updates of antivirus software.

While these certainly help to form part of a strong security plan, these components do not constitute a complete suite of protection.

This is because malicious parties are constantly evolving the way they seek out information that can be used in a penetration attack.

As an example, the 2012 Threat Report by Websense Security Labs analysed over 200,000 smartphone apps and found what it calls "a noticeable percentage" of the mobile programs were containing elements of malware and non-essential permissions.

The report states: "The popularity of mobile devices is creating a large target installed base and cybercrime is actively innovating to harvest information for profit."

On top of this, researchers found that 51 per cent of mobile users turn off password permissions and security protections on their devices – making a lost or stolen phone a valuable commodity for malicious parties.

This is just one of the avenues that red cell testing teams could use when helping to examine possible exploitation routes – making use of the same methodologies and processes as real-world hackers and data thieves, but without the danger of losing control of proprietary information.

Vulnerability management for widespread smartphone take-up

Global smartphone use will continue to experience double-digit growth in the next five years, mobile analysts at IDC anticipate.

New market analysis from the research firm indicates that by the end of 2012, total smartphone shipments will be up 33.5 per cent compared with 2011 figures – with 659.8 million handsets shipped this year.

Greater smartphone take-up is likely to have implications for merchants who are considering mobile phone payment technology.

Payment Card Insustry Security Standards Council general manager Bob Russo remarked earlier this year that security professionals will need to place more emphasis on mobile payments this year.

Merchants accepting smartphone payments need to keep their focus on security and vulnerability management as the trend continues to grow, he told Information Security Media Group.

IDC anticipates that from 2012 to 2016, smartphone growth will remain in the double digits, with an estimated annual increase of 18.6 per cent for each year of the forecast period.

According to Ramon Llamas, a senior research analyst with the Mobile Phone Technology and Trends team at IDC, take-up of smartphones will primarily be driven by greater selection, lower price points and continued demand from users.

"IDC believes Android will maintain its overall leadership position throughout the forecast period, but competition among BlackBerry, iOS, and Windows Phone will shift position each year," he said.

US smartphone usage eclipses 100 million

It’s no secret that the growth of smartphone adoption has been progressively climbing ever higher over the last few years.

However, a recent study from digital business analytics firm comScore has shown that it has just passed another milestone.

Data gathered from the company’s MobiLens statistics service shows that the popularity of intelligent handheld devices has hit a new high, with over 100 million consumers owning a smartphone.

This growth in understandable – customers are able to use these handsets to browse business offerings and make purchases on the go.

To get around the hassle of needing to post a cheque or buy through a dedicated brick-and-mortar storefront, businesses can apply to receive a payment card industry (PCI) compliance certification.

These impulse purchases can be made even easier with dedicated applications from vendors that help facilitate the PCI transaction.

However, firms in Australia need to be aware of the need to operate within the payment card industry data security standard for mobile devices.

With three categories governing the acceptance of applications for mobile PCI standards, compliance is an ongoing process rather than a one-off inspection – meaning that continual analysis is often required to provide a secure channel for online transactions.

For more info on PCI, visit the SG Website: PCI DSS Compliance