PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices
Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”
“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”
Key security principles included in the standard’s security and test requirements are:
- Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
- Isolation of the PIN from other account data;
- Ensuring the software security and integrity of the PIN entry application on the COTS device;
- Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).
The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.
The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.
For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .
“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Tilaa tiedotteet sähköpostiisi
Haluatko tietää asioista jo ennen kuin ne uutisoidaan? Kun tilaat tiedotteemme, saat ne sähköpostiisi yhtä aikaa suomalaisen median kanssa. Tilauksen voit halutessasi perua milloin tahansa.
Lue lisää julkaisijalta Business Wire
Nearly 1 Billion People Worldwide Have Sleep Apnea, International Sleep Experts Estimate21.5.2018 21:15 | Tiedote
A new data analysis presented by ResMed (NYSE: RMD, ASX: RMD) this week at the ATS 2018 International Conference indicates that the prevalence of sleep apnea impacts more than 936 million people worldwide – nearly 10 times greater than previous estimates. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180521005096/en/ Woman wearing CPAP, the gold standard treatment for sleep apnea (Photo: Business Wire) The study “Global Prevalence of Obstructive Sleep Apnea (OSA)” was conducted by an international panel of leading researchers seeking to provide a clear scope of the impact of the chronic sleep-disordered breathing condition. The previous estimation of OSA prevalence (100 million) came from a 2007 World Health Organization study that used methods and data available at the time. By analyzing technology improvements in detecting OSA and underreported statistics from other areas of the world, this latest study depicts an impacte
Pietro Rosa TBM Signs Long-Term Agreement with Pratt & Whitney21.5.2018 18:13 | Tiedote
Pietro Rosa TBM (Turbine Blade Manufacturing) today announced that it has signed a 10-year, long-term agreement (LTA) with Pratt & Whitney, a division of United Technologies Corp., to supply airfoil products for both commercial and military engines. The LTA, which may extend to the entire Pietro Rosa TBM Group in Europe and the United States, will support Pratt & Whitney’s F135, PW2000 and the Geared Turbofan™ (GTF) family of engines. This agreement represents a significant step in the collaboration between the two companies, enabling the Pietro Rosa TBM Group to utilize its advanced engineering capabilities and the vertical integration of hot forming, machining and surface finishing technologies. “We’re pleased to sign this agreement with Pietro Rosa,” said Art Erikson, executive director of Strategic Sourcing, Pratt & Whitney. “We have tremendous growth ahead, and suppliers like Pietro Rosa that sign up to our contractual governance, commitment to cost competitiveness and continuous
NioCorp Awards Contract to Rockwell Automation on Groundbreaking Critical Minerals, Mining and Processing Facility in Nebraska21.5.2018 15:00 | Tiedote
NioCorp Developments Ltd. (TSX: NB, OTCQX: NIOBF), a developer of superalloy metals, has awarded a major contract to Rockwell Automation (NYSE: ROK) to engineer, design and procure process automation and instrumentation for NioCorp’s proposed critical minerals, mining and processing facility in Elk Creek, Nebraska. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180521005228/en/ Three superalloy metals – niobium, scandium and titanium – are expected to be produced by the facility as early as 2021. These critical materials are used in the aerospace, defense, automotive, clean energy, commercial aviation and mega-infrastructure sectors. Generally, these superalloys enable increased strength and lighter weight in transportation and other systems, leading to better fuel efficiency and lower greenhouse gas and other air emissions, according to NioCorp. “We selected Rockwell Automation and its partners to automate our process equip
Ultra-Low Power Lattice sensAI Leads Mass Market Enablement of Artificial Intelligence in Edge Devices21.5.2018 15:00 | Tiedote
Lattice Semiconductor Corporation (NASDAQ: LSCC) today unveiled Lattice sensAI™ – a complete technology stack combining modular hardware kits, neural network IP cores, software tools, reference designs and custom design services – to accelerate integration of machine learning inferencing into broad market IoT applications. With solutions optimized for ultra-low power consumption (under 1 mW–1 W), small package size (5.5 mm2 –100 mm2), interface flexibility (MIPI® CSI-2, LVDS, GigE, etc.), and high-volume pricing (~$1-$10 USD), Lattice sensAI stack fast-tracks implementation of edge computing close to the source of data. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180521005011/en/ (Graphic: Business Wire) “Lattice sensAI addresses the unmet need for flexible, low cost, ultra-low power AI silicon solutions suited for rapid deployment across a wide range of emerging, mass market IoT applications,” said Deepak Boppana, senior
Biosimilars could facilitate early access to life changing biological treatments for patients says Celltrion Healthcare21.5.2018 14:27 | Tiedote
At the International Society for Pharmacoeconomics and Outcomes Research (ISPOR) 23rd Annual International Meeting in Baltimore, Celltrion Healthcare today advocated for healthcare systems to introduce biologics earlier in a patient’s treatment regimen in order to improve clinical outcomes. Several studies show that the early introduction of biologics can bring greater clinical benefit to patients.1,2,3,4,5,6 However, only a limited number of patients have access to biological treatment due to the high-cost of biologics and current reimbursement policies determined by pharmacoeconomic evaluations. Since the introduction of biosimilars, the overall cost of biological treatments has reduced in Europe, allowing an increased number of patients to access this important treatment option earlier in their course of treatment.7 Professor Jørgen Jahnsen said, “For the treatment of inflammatory bowel disease, biological treatments are proven to be the most efficacious medical therapy and their ea
Dole’s Joint Venture Recycling Company Celebrates 25 Years21.5.2018 14:00 | Tiedote
Dole Food Company announced today that Recyplast S.A., an innovative plastic recycling company based in Costa Rica and with joint ownership including a subsidiary of Dole Fresh Fruit, recently surpassed 25 years in its mission to dramatically reduce and reuse agricultural waste. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180521005160/en/ Raul Martinez (right), General Manager of Dole Standard Fruit de Costa Rica, receives a plaque from Jose Miguel Ramirez, General Manager of Recyplast, in recognition of the contribution of Dole's banana plantations in the correct handling, storage, and provision of field plastic waste. The plastic recycling facility pioneered the collection of field plastics after use in banana growing operations in Costa Rica. This reuse and recycling process includes reclamation of plastic bags that protect bananas from weather and insects, as well as the collection of plastic twine used to prop the ba
Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.Tutustu uutishuoneeseemme