PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices
Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”
“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”
Key security principles included in the standard’s security and test requirements are:
- Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
- Isolation of the PIN from other account data;
- Ensuring the software security and integrity of the PIN entry application on the COTS device;
- Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).
The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.
The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.
For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .
“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
SM-Optics Unveils First FLEXSET Chip, Paving the Way to Optical Micro Nodes23.2.2018 14:00 | Pressemelding
SM-Optics launches FLEXSET, a single chip embedding multiple processing functionalities raising the bar for performances, density and architectural flexibility. The FLEXSET is the heart of the Lightmode product family. FLEXSET OTN switching matrix scales from 300Gbps to 1Tbps and can be addressed by ports spanning from traditional low-speed services like 2Mbps over micro-OTN, to layer2 and layer3 over ODUFlex, 100G over ODU4 and 200G over FlexO. Thanks to its embedded capabilities including multi-technology OAM, packet processing, synchronization and fast protection functions, FLEXSET operates by design at the lowest latency performances and features an Intel Stratix 10 FPGA. Following the launch of micro-OTN, a revolutionary approach to efficiently extend OTN protocol to low speed services, the launch of FLEXSET advances the vision of a highly interconnected metro network and of micro nodes. Revolving around functional block elements, micro nodes collapse in few rack units OTN and pho
Bitcoin Miner HashGains’ Crowdsale to Build Green Cloud Mining Data Centers Receives Excellent Response23.2.2018 13:56 | Pressemelding
HashGains.com, a leading cryptocurrency mining platform, has launched its crowdsale program to build mega cryptocurrency cloud mining data centers in India and Canada which uses renewable energy like wind and solar as source of energy. “With the growing worries around bitcoin mining causing environmental damage, difficulty levels of mining increasing and returns heading southwards, there was no better opportunity but to build green energy data centers which run on free sources of energy like wind and solar, ensuring handsome mining rewards while taking care of environment,” said Mr Anuj Bairathi, CEO & Founder, HashGains, who is crypto enthusiast himself. HashGains is a growing cloud mining platform with more than 10,000 active customers enjoying mining returns and is expected to reach the mark of 1 million customers by 2020. To handle such a massive growth and ever growing demand of customers, it becomes even more important that mega mining centers are planned which can serve needs of
Stratecast Recognizes CARDINALITY as a “10 to Watch in 2018”23.2.2018 13:07 | Pressemelding
In their new report, “Digital Transformation Means New Tools for New Business” —part of the Global Operations, Orchestration, Data Analytics, and Monetisation (ODAM) stream—Stratecast recognises CARDINALITY for their new approach towards processing big data to deliver applications such as Customer Experience, Operational Intelligence, Network Analytics, Churn Management and Marketing Intelligence. Stratecast identified that the CARDINALITY Perception Platform brings large amounts of data from multiple CSP sources together in order to address a growing group of data analysis needs from different operational work teams and the wider business. It also does this at ingestion rates and storage levels previously thought not practical. "Using design principals tied to microservices and containerized solution components, the platform is a major advancement in meeting CSP data analysis needs at a price untouchable by previously-defined platforms," said Karl Whitelock, Stratecast director of glo
IBC2018 Welcomes Channel 4’s Keith Underwood as Guest Chair of Content Steering Group23.2.2018 11:03 | Pressemelding
IBC is thrilled to announce that Keith Underwood, Director of Strategy and Technology at Channel 4, has accepted the role of Guest Chair of the Conference for IBC2018. The position involves acting as the figurehead and brand ambassador for IBC, setting the vision for the programme and increasing awareness and engagement with IBC across both traditional and converging media markets. Keith is the Channel 4 Executive Committee member responsible for strategy and corporate development, broadcast operations, content management, corporate systems and the development of Channel 4’s digital products. His achievements at the public broadcaster include the launch of All 4, Channel 4’s award-winning video on demand service that replaced 4oD in 2015. “The media industry is experiencing profound shifts in consumer behaviour, competitive dynamics, and technological innovation.” Keith Underwood said. “Relentless disruption of established business models presents new opportunities and challenges for p
SES S.A.: Full Year and Fourth Quarter 2017 Results23.2.2018 07:00 | Pressemelding
SES S.A. announced financial results for the year and three months ended 31 December 2017. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20180222006522/en/ Full Year and Fourth Quarter 2017 Results (Photo: Business Wire) Key financial highlights Reported revenue EUR 2,035.0 million, down 1.6% (-5.2% like-for-like(1)); SES Video -3.6%(1) and SES Networks -1.9%(1) EBITDA margin 65.1% (2016: 70.2% as reported and 66.7% like-for-like(1)) Net profit of EUR 596.1 million (2016: EUR 962.7 million including EUR 495.2 million gain related to O3b consolidation) Board is proposing 2017 dividend per A share of EUR 0.80 (2016: EUR 1.34) Change (%) Change (%) EUR million FY 2017 FY 2016 Reported Like-for-like (1) Q4 2017 Q4 2016 Reported Like-for-like (1) Revenue 2,035.0 2,068.8 -1.6% -5.2% 507.8 578.7 -12.2% -8.7% EBITDA 1,324.2 1,451.5 -8.8% -7.6% 329.6 390.6 -15.6% -12.2% EBITDA margin 65.1% 66.7%(1) 64.9% 67.6%(1) Operating profit (2) 6
Lion/Gem Luxembourg 3 S.a.r.l. Announce First Quarter Results for FY 201823.2.2018 07:00 | Pressemelding
The First Quarter results for FY18 for Lion/Gem Luxembourg 3 S.a.r.l. (associated with Young’s Seafood Limited) will be made available on our Investor Relations website on February 23, 2018. The First Quarter results call for investors that accompanies this information is scheduled to take place at 13:00 GMT on February 23, 2018. The First Quarter covers the quarter to 30 December 2017; the financial year end for Lion/Gem Luxembourg 3 S.a.r.l. is September 30, 2018. For further information: If you are an investor or a potential investor in the 8¼%/ 9% Senior PIK Notes due 2019, of Lion/Gem Luxembourg 3 S.a.r.l., and would like access to this information, please register your interest on our Investor Relations website: https://youngsseafood.co.uk/investors/. If you have any questions about the registration process or need further information, please do not hesitate to contact Nicholas Donnelly, Communications Manager at Young’s Seafood: firstname.lastname@example.org This announc