PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices
Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”
“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”
Key security principles included in the standard’s security and test requirements are:
- Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
- Isolation of the PIN from other account data;
- Ensuring the software security and integrity of the PIN entry application on the COTS device;
- Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).
The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.
The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.
For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .
“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
BRIC HOLDING Offers Aimedis – ICO: Germany’s Leading eHealth Platform Goes Public25.5.2018 06:00 | Pressemelding
Since Wednesday, May 16, investors finally have a chance to claim their share of a unique success story, the international market roll-out of Aimedis, by purchasing AIM tokens: AIM tokens are now available with a 20% presale bonus PLUS a 5% early bird-premium only at the Czech investment house BRIC INVEST https://www.bric-holding.com/home_en.html! Aimedis aims to shape the future of healthcare by providing an advanced and fully operational platform, secured by blockchain and supported by AI, that enables patients to take control, secure the exchange of their medical data, access the best healthcare providers, get advice, prescriptions, personal health upgrades and to become part of the health revolution. And we are not talking about the future: The revolutionary Aimedis platform is already deployed as a live working system and is already in use in major hospital groups in Germany! By issuing 300 million AIM tokens at a nominal value of 0,12 USD each, the Aimedis consortium will raise c
Westinghouse Accident Tolerant Fuel Development Moves Forward with Cooperation Agreement with ENUSA25.5.2018 06:00 | Pressemelding
Westinghouse Electric Company today announced that it will collaborate in the development of its EnCore® Fuel, the revolutionary accident-tolerant fuel (ATF) design, with ENUSA Industrias Avanzadas (ENUSA) through a Frame Cooperation Agreement (FCA). “This agreement serves to strengthen the technical and commercial relations between ENUSA and Westinghouse as we work to develop leading nuclear fuel technology,” said Torbjörn Norén, European Fuel Group and EMEA Fuel Delivery Director at Westinghouse. “Westinghouse’s work with ENUSA in the Spanish and European Fuel Group markets will help to facilitate agreements with customers to launch EnCore Fuel demonstration programs in their plants.” Under the terms of the agreement, the newly signed FCA establishes the framework that will regulate the different Joint Development Programs (JDPs) to be launched between both companies. The first JDP will evaluate the application of the segmented rod concept and develop models of ATF / EnCore fuel beha
Alps Electric to Acquire Greina Technologies, Inc. as Part of Sensor Business Strengthening25.5.2018 02:33 | Pressemelding
Alps Electric Co., Ltd. (TOKYO: 6770; President: Toshihiro Kuriyama; Head Office: Tokyo) today announces that on May 14, 2018 the company signed a share purchase agreement with Greina Technologies, Inc. (Salt Lake City, Utah, U.S.A.; President/CTO: Daniel J. Lee) whereby Alps Electric will acquire Greina Technologies, making it a wholly owned subsidiary. Alps Electric signed a share purchase agreement with Greina Technologies on May 14, 2018. Through the agreement, Alps Electric aims to add even greater value to its sensing solutions for the automotive market, as well as the consumer electronics and mobile market, by combining high-accuracy positioning technology based on original algorithms developed by Greina Technologies with Alps Electric’s compact, high-performance wireless communication module technology. An engineering firm specializing in positioning systems, Greina Technologies was established in Salt Lake City, Utah, in September 2012. Engaging in such activities as design an
IFF Strengthens Innovation Platform as Partner in Amkiri’s Visual Fragrance™ Technology24.5.2018 20:15 | Pressemelding
Regulatory News: International Flavors & Fragrances Inc. (NYSE: IFF) (Euronext Paris: IFF), a leading innovator of sensory experiences that move the world, announced its partnership in Amkiri’s Visual Fragrance Technology -- a new ‘ink’ that can be drawn on the skin that also delivers a long-lasting fragrance, thus connecting the senses of sight and smell. The innovative product’s launch was announced on March 22, 2018 by Amkiri, an Israeli-based start-up that was founded in 2014. “This is a significant innovation in the fragrance category, merging strong and deeply personal visuals with the resonance and emotion of fragrance,” said IFF Chairman and CEO Andreas Fibig. “The Visual Fragrance technology creates a new platform from which IFF can showcase our capabilities, including naturals, molecules, and cosmetic actives. The potential for innovative applications are nearly endless and our teams are truly inspired by the possibilities.” Amkiri’s patented Visual Fragrance is applied to th
Hisense's Zhou Houjian and Huawei's Kevin Ho to Keynote CES Asia; Focus on Mobility, 5G and Connectivity24.5.2018 15:00 | Pressemelding
The Consumer Technology AssociationTM (CTA) today announced that Hisense Chairman Zhou Houjian and Huawei’s president of Handset Product Line Kevin Ho will deliver separate keynote addresses at the upcoming CES AsiaTM 2018. As CES Asia drives the expansion of technology into new areas like artificial intelligence, vehicle technology, AR, VR and more, Chairman Zhou and Mr. Ho will discuss the future of innovation at their respective companies through connectivity and mobility during Asia’s premier tech event. “Hisense and Huawei have become major global brands by challenging the status quo and creating innovative product solutions that engage, entertain and connect consumers around the world,” said Gary Shapiro, president and CEO, CTA. “We are thrilled to welcome Chairman Zhou and Mr. Ho to the CES Asia keynote stage and are eager to learn from these experts who are leading the charge to harness the potential of 5G through various implementation strategies and connection opportunities.”
Maximum Cryptocurrencies Available for EU Traders in Libertex24.5.2018 14:29 | Pressemelding
Libertex trading platform, operated by Indication Investments Ltd, announces that starting from May 23rd 2018, European traders can perform operations with 34 new cryptocurrency CFD instruments. This means that Libertex became one of the leading applications and trading platforms for EU traders in terms of amount of cryptocurrencies available. Andrew Nikolaev, Libertex Executive director highlighted: “Cryptocurrencies are one of the main trends in financial industry for the past couple of years. The demand for these assets grows significantly. We are happy to satisfy the demand of European traders for new innovative crypto-instruments launching them in our cutting edge Libertex platform”. Launch of cryptocurrency pairs in Libertex for EU traders follows Circular from Cyprus financial regulator - CySec issued on May 15th 2018, that introduces new rules for governing derivatives on virtual currencies. According to this Circular, CFDs on virtual currencies are considered as financial inst