What is the PCI DSS?

The PCI Security Standards Council is a global organization that maintains, evolves, and promotes an information security standard for organizations that handle credit card data across the globe. It specifically requires all merchants that use mobile payments to protect cardholder data by maintaining a secure environment. In its requirements for compliance, the standard states that mobile devices are not designed to be secure, and that they require additional security measures.

PCI DSS requirements applying to mobile devices and apps handling credit card data

Requirement 5

Protecting all systems against malware and performing regular updates of anti-virus software (malware can enter a network through numerous ways, including Internet use, employee email, mobile devices or storage devices).

Requirement 6

Developing and maintaining secure systems and applications. Vulnerabilities in systems and applications allow unscrupulous individuals to gain privileged access. Security patches should be immediately installed to fix vulnerability and prevent exploitation and compromise of cardholder data.

Become compliant with PCI DSS

A RASP solution can be used to enhance the security of applications that handle payment card data and therefore make them compliant with PCI DSS. RASP complements other security measures by providing an additional layer of defense at runtime. Another way to make company apps compliant is SAST, it involves analyzing application source code to identify and fix security vulnerabilities that could lead to breaches of cardholder data.