MokiMobility has come to a simple conclusion when it comes to PCI-SSC compliance for mPOS devices: a holistic approach is key. PYMNTS.com spoke with Tom Karren, CEO of MokiMobility, to learn how MokiMobility manages the entire “device environment,” why app developers aren’t always the answers and why securing the device itself is not enough to ensure safety and compliance.
When it comes to PCI-SSC compliance, securing mobile point-of-sale devices is just the tip of the iceberg.
That wisdom comes to us courtesy of MokiMobility, a startup that plays in the device management space and helps merchants and solution providers alike maintain up-to-date PCI compliance.
PYMNTS.com spoke with Tom Karren, CEO of MokiMobility, to discuss his the factors involved in ensuring mPayments security, his company’s “holistic approach” to device management and more.
According to Karren, the recent PCI-SSC guidelines feature requirements that make device management solutions key to successful compliance. He lists Item 5.11 in the guidelines – or the “tip of the iceberg guideline,” as he calls it – as one example, as the guideline calls for a device in a secure state, but doesn’t specify exactly what reaching that secure state entails.
“Mobile devices can move around, mobile devices can run other applications, so one of the things to really keep in mind with these guidelines is that they require you to look at the while environment, not just the mobile point of sale app itself,” Karren said. “While its certainly possible for a developer to secure the mobile application and to follow good guidelines and security elements in his app, the challenge is we’ve got to take a look at the network, the device, the operating system and what other applications may be running in general.
So even if an app is handling data correctly, perhaps that app isn’t running on a device that’s in a secure state.”
Karren notes that this is where MokiMobility’s “holistic approach” to mPOS security comes in, allowing his company to evaluate not only the device itself, but the entire environment in which that device exists.
“The device needs to be under a management solution so that you can take a look at network connectivity, what’s going on with peripherals, geolocation, OS version … those are all elements that go beyond the scope of just an application developer,” Karren said.
“When we talk about a holistic approach, it’s taking a look in real time at all these different elements and having something other than the application itself watching the device.”
To hear to more Karren on PCI-SSC compliance and MokiMobility’s approach, listen to the full podcast below.
*If you have trouble with the audio player above, click here.
CEO of MokiMobility
Tom Karren is the CEO and Co Founder of MokiMobility, a provider of cloud management and security for mobile devices. He is a technology innovator and serial entrepreneur. Past experience includes founding, developing and successfully selling WingateWeb to the Active Network (ACTV) in 2008.