The evolution of mobile communication technology has fostered the development of new mobile multimedia applications in various domains. One of the most important applications is mobile commerce (m-commerce), which has an increasing impact in the life of the citizens, and could represent one of the many applications that contribute to the market success of the Internet of Things (IoT). Security and privacy concerns are quite relevant in m-commerce and IoT to protect financial and personal data of the citizens. One of the main issues in mobile commerce is how to ensure the security of the information needed to complete the m-commerce transaction in a distributed environment with different security frameworks. We have to consider that the protection of the m-commerce transactions must also be done to protect the privacy of the customer. In addition, the information of the m-commerce transaction can be fragmented in different files in a distributed m-commerce application, which can undermine the integrity (another security goal) of the transaction. In this article, we describe the design ofa m-commerce framework, where these issues are addressed through a policy based approach, where the access to the m-commerce transaction is regulated by policies. The fragmentation and integrity risks are addressed through the concept of Virtual Objects (VO), which have been defind in the FP7 iCore project. Policies are associated to VOs and distributed across the m-commerce applications. This paper describes the main concepts of VO and the policy based framework and shows how these concepts are applied to m-commerce in various scenarios to evaluate their feasibility. We apply and demonstrate the benefits of the proposed design to specific multimedia use cases of m-commerce where different domains are involved. Such as m-commerce system can be seen a basic underlying payment system for a wide variety of multimedia applications. ; JRC.G.6-Digital Citizen Security