PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices
Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”
“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”
Key security principles included in the standard’s security and test requirements are:
- Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
- Isolation of the PIN from other account data;
- Ensuring the software security and integrity of the PIN entry application on the COTS device;
- Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).
The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.
The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.
For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .
“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
Lumileds Wins Jury Verdict of Liability for Intellectual Property Theft Against Elec-Tech International Co., Ltd., Donglei Wang, and Gangyi Chen13.8.2018 22:45 | Pressemelding
On August 10, 2018, a jury of six men and six women rendered a verdict in favor of one the world’s leading LED companies, Lumileds LLC, based in San Jose, finding that a Chinese competitor stole trade secrets related to Lumileds core technology for making high power LEDs used in flash phones, automotive headlights, and general illumination. The case, Lumileds LLC v. Elec-Tech International Co., Ltd., Donglei “Tony” Wang, and Gangyi Chen, Superior Court of the State of California, County of Santa Clara, found the defendants liable for damages in intellectual property theft. The jury awarded Lumileds $66 million. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180813005694/en/ Mark Adams, Chief Executive Officer at Lumileds Inc. (Photo: Business Wire) The jury concluded that ETI, Wang and Chen misappropriated Lumileds trade secrets, took them to China, and used them to develop ETI’s LED technology. The award of $66 million is t
Growing Turkish Lira Crisis Drives Investors to Seek Safe Haven in Gold13.8.2018 13:34 | Pressemelding
The currency crisis engulfing the Turkish Lira is likely to intensify this week as the contagion becomes more widespread around the world. The volatility on the currency exchanges has led investors to pursue the stability offered by safe havens such as gold, which saw a hike in value by 0.4 per cent coinciding with the crash of the Lira. 1 Tom Coughlin, CEO of Kinesis, the bullion backed blockchain monetary system, comments: “The sharp rise in the price of gold seen in the past few days off the back of the Turkish Lira crisis, reflects a rising trend amongst investors wanting to protect their investments, from volatility caused by political instability. This is supplemented by the growing trend of decentralisation which has driven the underlying price of gold up 2% since the start of the year.” Investment in blockchain has doubled in the past year, with 82 per cent of ICO investors citing decentralisation as the main driver behind their investment. 2 Despite this trend, blockchain inve
Seoul Semiconductor’s Innovative SunLike LEDs Earn Industry Recognition in 2018 IES Progress Report13.8.2018 13:00 | Pressemelding
Seoul Semiconductor (KOSDAQ 046890), a leading global innovator of LED products and technology, has announced that its SunLike Series natural spectrum LEDs, powered by TRI-R, were recognized in the 2018 Illumination Engineering Society (IES) Progress Report, presented on August 10, 2018 at the IES Annual Conference in Boston, MA. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180813005229/en/ Seoul Semiconductor’s SunLike was recognized in the 2018 IES Progress Report (Graphic: Business Wire) As the recognized technical and educational authority on illumination, IES annually announces significant new advancements in lighting products, research, publications, and design tools in its IES Progress Report. Acceptance is based on an impartial judging process used by the committee to evaluate each submission on its uniqueness, innovation and significance to the lighting industry. SunLike Series natural spectrum LEDs are the world’
Skunkworks Surfing Co. Co-Founders Appointed to be Endowment for Clean Oceans Judges13.8.2018 11:07 | Pressemelding
The Endowment for Clean Oceans (ECO) announced that Skunkworks Surfing Co. Co-Founders CEO Chris and Ricky Martin have been selected and they have accepted to be ECO judges. Chris will serve on the Science and Tech Committee, and Ricky on the Entrepreneur Committee. An entrepreneur’s survival depends on their ability to execute their technical vision. “They have the sort of innovative entrepreneur and plastic materials technical expertise we are looking for to be ECO judges,” said Daniel Perrin, Founder and CEO of ECO. The role of the Entrepreneur Committee is to judge each entry to ECO’s two contests for scalability and executability. The Scientific and Technical Committee evaluate each entry from that perspective. “We are extremely excited to be part of this important and historic work,” said the Martin brothers. ECO’s contests are simply to provide a $1 million prize for an actionable and scalable plan to remove the micro and macro pieces of plastic from the ocean, and for the $5 mi
GN Hearing Announces Unprecedented Layers of Sound™ and the World’s Most Advanced Rechargeable Hearing Aid Solution13.8.2018 11:00 | Pressemelding
GN Hearing today unveils the world’s first Premium-Plus hearing aid: ReSound LiNX Quattro™, designed for people who want the very best that technology has to offer and desire a brilliant sound experience with great speech intelligibility even in noisy situations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180813005254/en/ Unprecedented Layers of Sound™ and the World’s Most Advanced Rechargeable Hearing Aid Solution (Photo: Business Wire) ReSound LiNX Quattro™ offers a new category of hearing solution and expands GN Hearing’s product portfolio, which already includes the premium ReSound LiNX 3D™ product family. Powered by new technology, including a new chip platform, ReSound LiNX Quattro™ offers a combination of unmatched sound quality and rechargeability, while further expanding GN Hearing’s leadership within 2.4 GHz connectivity and remote fine-tuning: Sound quality: A brilliant sound experience, with clearer, fuller a
Calvin Klein Fragrances Releases CALVIN KLEIN WOMEN Global Television Advertising Campaign Featuring Actors Lupita Nyong'o and Saoirse Ronan13.8.2018 11:00 | Pressemelding
Calvin Klein, Inc., a wholly owned subsidiary of PVH Corp. [NYSE: PVH], and Calvin Klein Fragrances, a division of Coty Inc. [NYSE: COTY], today revealed the worldwide television advertising campaign for CALVIN KLEIN WOMEN, the first CALVIN KLEIN fragrance to be developed under the vision of Chief Creative Officer Raf Simons. The campaign features Lupita Nyong'o and Saoirse Ronan. Directed by artist Anne Collier with creative direction from Lloyd & Co., the television campaign unfolds into a series of vignettes that provide a glimpse into Lupita Nyong'o’s and Saoirse Ronan’s creative inspirations. An extension of the print campaign, the commercial follows both women as they reflect on and embrace figures from the past that have inspired them and shaped their identities as women. Viewers see Saoirse playing a Nina Simone record and sharing admiration for Sissy Spacek, while referencing her on the cover of a vintage magazine, while Lupita draws inspiration from beautiful collaged photogr