A new best practices document is available from Visa. It is meant to address questions related to mobile phones accepting card payments.

…a set of mobile acceptance best practices for merchants, software developers and device manufacturers who are using consumer mobile devices, such as smartphones and tablet computing platforms to facilitate the acceptance of card payments. Visa best practices call for important security considerations such as encryption and tokenization of cardholder data and are designed to foster a better understanding of the merchant and service provider responsibilities related to securing cardholder data when a mobile phone is used as an acceptance device instead of a traditional terminal.

The emphasis on encryption and tokenization is a long time coming. Will this be extended soon into every POS? With the infrastructure in place for mobile, the addition of POS seems very likely in the near term.

It also begs the question of whether strong authentication measures, the entire emphasis of chip-based payment cards, will garner less attention now from Visa (non-chip transactions under 30% used to mean they did not force the PCI requirements).

Perhaps most interesting is Visa’s re-emphasis of a standards role for the industry that clearly is independent of the PCI SSC.

…Eduardo Perez, head of global payment system risk, Visa Inc. “As a payment technology leader, Visa is well positioned to provide the industry security guidance for emerging acceptance solutions.”