[Owasp-appsensor-project] PCISSC and Mobile Payments on Non-Dedicated Devices
colin.watson at owasp.org
Sun Sep 16 20:42:05 UTC 2012
The PCISSC published new guidance for "developers" (device, OS,
application and merchants) on Friday:
Interesting phrases in "Guidelines for the risk and controls in the
"ability to monitor events and to distinguish normal from abnormal events"
"ability to report events (e.g. via a log, message, or signal)
including cryptographic key
changes, escalation of privileges, invalid login attempts
exceeding a threshold,
updates to application software or firmware, and similar actions"
"providing the capability for the device to produce an alarm or
warning if there is an attempt
to root or jail-break the device
"create the ability to remotely disable the payment application"
More information about the Owasp-appsensor-project