Skip to content
Payment Card YearbooksPayment Card Yearbooks
0
PCI council publishes security requirements for software-based PIN entry on devices

PCI council publishes security requirements for software-based PIN entry on devices

The PCI Security Standards Council (PCI SSC) has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets.

4 out of 5 merchants fail PCI DDS compliance test

PCI council publishes security requirements for software-based PIN entry on devices

The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).

“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere.

However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” observes Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen.

This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”

Key security principles included in the standard’s security and test requirements are:

  • Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet
  • Isolation of the PIN from other account data
  • Ensuring the software security and integrity of the PIN entry application on the COTS device
  • Protection of the PIN and account data using a PCI approved Secure Card Reader-PIN (SCRP).

 

“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” says PCI SSC Chief Technology Officer Troy Leach.

“More and more businesses are now accepting payments with smartphones, tablets and other COTS devicesespecially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”

The post PCI council publishes security requirements for software-based PIN entry on devices appeared first on Payments Cards & Mobile.

Since their origin in 1996 as the Payment Cards Statistical Yearbooks have
expanded each year and now comprise of two separate publications.

The European Payment Cards Yearbook covers the EU27 countries plus Iceland, Norway, Serbia, Switzerland, Turkey and UK.

The Eurasian Payment Card Yearbook covers Russia and the countries of the former Soviet Union – Armenia, Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Ukraine and Uzbekistan.
American Express
Apple Pay
Diners Club
Discover
Maestro
Mastercard
Shop Pay
Union Pay
Visa

© 2024 Payment Card Yearbooks, All rights reserved. Powered by Shopify

Cart 0

Your cart is currently empty.

Start Shopping
Trending Now