PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices
Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”
“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”
Key security principles included in the standard’s security and test requirements are:
- Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
- Isolation of the PIN from other account data;
- Ensuring the software security and integrity of the PIN entry application on the COTS device;
- Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).
The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.
The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.
For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .
“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Tilaa tiedotteet sähköpostiisi
Haluatko tietää asioista jo ennen kuin ne uutisoidaan? Kun tilaat tiedotteemme tältä julkaisijalta, saat ne sähköpostiisi yhtä aikaa suomalaisen median kanssa. Tilauksen voit halutessasi perua milloin tahansa.
Lue lisää julkaisijalta Business Wire
Huawei Brings the All-Connected World to Mobile World Congress25.2.2018 16:30 | Tiedote
Building on its success in delivering beautifully-designed and powerful high-end mobile devices, Huawei Consumer Business Group (CBG) today unveiled the HUAWEI MateBook X Pro, the HUAWEI MediaPad M5 Series and the HUAWEI 5G customer-premises equipment (CPE), the world’s first commercial terminal device supporting the globally recognized 3GPP telecommunications standard for 5G. With stunning new design updates and outstanding performance advances, Huawei’s new devices showcase the power of technology to deliver innovative computing experiences ready for the mobile world. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20180225005135/en/ MateBook X Pro (Photo: Business Wire) “At Huawei, we’re guided by a vision of an all-connected world, and to achieve that goal, we invest significantly in research and development to understand the ways in which people interact and connect with technology,” said Richard Yu, CEO of Huawei CBG. “We’
The 6th Annual World Patient Safety, Science & Technology Summit Kicked off with an Important Announcement about the Progress Being Made to Save Lives in Hospital Settings24.2.2018 13:00 | Tiedote
The 6th Annual World Patient Safety, Science & Technology Summit kicked off with an important announcement about the progress being made to save lives in hospital settings. Nearly 4,600 hospitals in 44 countries have committed to adopting patient safety processes that are proven to eliminate preventable deaths in hospitals. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20180224005027/en/ England’s Health and Social Care Secretary, Rt. Hon. Jeremy Hunt, launches groundbreaking new measures on Day One of the 6th Annual World Patient Safety, Science & Technology held in London (Photo: Business Wire) The Patient Safety Movement Foundation has taken on an inspiring and ambitious goal of reducing preventable patient deaths in hospitals to ZERO by 2020. The annual Summit in central London plays a major role in taking on that challenge with the participation of 300 global leaders, medical experts, medical technology CEOs, and patient
WuQi Technologies is Latest Licensee of CCww’s NB-IoT UE Protocol-Stack Software24.2.2018 12:06 | Tiedote
Communications Consultants Worldwide Ltd. (CCww), global innovator of 3GPP® technologies, has licensed its NB-IoT protocol-stack software to WuQi Technologies Inc., a leading global developer of highly integrated mixed-signal SoC solutions, and the latest licensee of CCww’s NB-IoT Release 13 UE protocol-stack software. Communications Consultants Worldwide (CCww) is working with WuQi Technologies for the integration of its NB-IoT protocol-stack software onto WuQi Technologies’ highly innovative SoC. This relationship, catalyzed by T2M, is enabling the production of a highly integrated, very low power, NB-IoT SoC chipset targeting IoT Smart City, Smart Home, and wearable applications. CCww’s CEO, Richard Carter, said, “NB-IoT is CCww’s latest cellular Protocol-stack SW. We are excited to be working with WuQi to enable a sector-leading NB-IoT SoC, pushing back boundaries of performance and battery life for the next generation of IoT. See our demonstration at the Mobile World Congress (Hal
IDEMIA and Octo Telematics Reinvent Car Sharing Experience by Adding Facial Recognition to EasyOpen Solution23.2.2018 18:57 | Tiedote
IDEMIA, the global leader in Augmented Identity for an increasingly digital world, announces today that it has implemented facial recognition technology on EasyOpen, a solution previously developed with its partner Omoove, a wholly-owned Octo Telematics company, Europe’s leading Shared Mobility technology provider. The digital enrolment process combined with facial recognition technology will securely enroll and authenticate the driver before EasyOpen automatically opens the car. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20180223005506/en/ (Photo: Idemia) You will never rent a car the same way thanks to EasyOpen solution that combines IDEMIA’s expertise in secure service enablement and Omoove’s experience in Shared Mobility platforms and on-board technology. The first version of the solution was launched last year and allows drivers, who have already registered on the application, to use their smartphones as a key to open
SM-Optics Unveils First FLEXSET Chip, Paving the Way to Optical Micro Nodes23.2.2018 17:00 | Tiedote
SM-Optics launches FLEXSET, a single chip embedding multiple processing functionalities raising the bar for performances, density and architectural flexibility. The FLEXSET is the heart of the Lightmode product family. FLEXSET OTN switching matrix scales from 300Gbps to 1Tbps and can be addressed by ports spanning from traditional low-speed services like 2Mbps over micro-OTN, to layer2 and layer3 over ODUFlex, 100G over ODU4 and 200G over FlexO. Thanks to its embedded capabilities including multi-technology OAM, packet processing, synchronization and fast protection functions, FLEXSET operates by design at the lowest latency performances and features an Intel Stratix 10 FPGA. Following the launch of micro-OTN, a revolutionary approach to efficiently extend OTN protocol to low speed services, the launch of FLEXSET advances the vision of a highly interconnected metro network and of micro nodes. Revolving around functional block elements, micro nodes collapse in few rack units OTN and pho
Bitcoin Miner HashGains’ Crowdsale to Build Green Cloud Mining Data Centers Receives Excellent Response23.2.2018 16:56 | Tiedote
HashGains.com, a leading cryptocurrency mining platform, has launched its crowdsale program to build mega cryptocurrency cloud mining data centers in India and Canada which uses renewable energy like wind and solar as source of energy. “With the growing worries around bitcoin mining causing environmental damage, difficulty levels of mining increasing and returns heading southwards, there was no better opportunity but to build green energy data centers which run on free sources of energy like wind and solar, ensuring handsome mining rewards while taking care of environment,” said Mr Anuj Bairathi, CEO & Founder, HashGains, who is crypto enthusiast himself. HashGains is a growing cloud mining platform with more than 10,000 active customers enjoying mining returns and is expected to reach the mark of 1 million customers by 2020. To handle such a massive growth and ever growing demand of customers, it becomes even more important that mega mining centers are planned which can serve needs of
Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.Tutustu uutishuoneeseemme