PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices
Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”
“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”
Key security principles included in the standard’s security and test requirements are:
- Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
- Isolation of the PIN from other account data;
- Ensuring the software security and integrity of the PIN entry application on the COTS device;
- Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).
The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.
The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.
For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .
“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Tilaa tiedotteet sähköpostiisi
Haluatko tietää asioista ensimmäisten joukossa? Kun tilaat mediatiedotteemme, saat ne sähköpostiisi välittömästi julkaisuhetkellä. Tilauksen voit halutessasi perua milloin tahansa.
Lue lisää julkaisijalta Business Wire
Axilum Robotics Announces U.S. FDA 510(k) Clearance for TMS-Cobot21.2.2019 20:00:00 | Tiedote
Axilum Robotics, specializing in the development of medical robots, announces that, 2 weeks after the CE mark, the Company has received 510(k) clearance from the U.S. Food and Drug Administration to market the TMS-Cobot TS MV, indicated for the spatial positioning and orientation of the treatment coil of the MagVenture TMS Therapy system. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190221005667/en/ Axilum Robotics TMS-Cobot (Photo: Business Wire) After having successfully developed and launched outside of the United States (OUS) the TMS-Robot, the first robot designed to assist health care professionals in delivering Transcranial Magnetic Stimulation (TMS), based on an invention of ICube laboratory in Strasbourg, Axilum Robotics has reinforced its expertise in medical robotics with the development of a new platform based on collaborative robot technology. TMS-Cobot, the first medical device built on this platform, allows
myPOS Presented with Best POS Innovation Award by the Merchant Payment Ecosystem21.2.2019 17:57:00 | Tiedote
myPOS, one of the fastest growing European payment providers was handed the Best POS Innovation/POS Software Payment Applications award for 2019 by the Merchant Payment Ecosystem (MPE) at a Gala Dinner ceremony in Berlin last night. Being known for offering instant settlement and no-monthly-fees model to SMEs across Europe, myPOS provides a range of innovative features on its payment devices, some of which include Tipping, Payment Request, Top-up and GiftCards. In addition, myPOS merchants are entitled to a whole range of subscription-free, value-added services such as Virtual MO/TO, PayLinks and PayButtons, Checkout module with the most popular shopping carts and more. myPOS clients are also given the opportunity to manage their funds with a free online account and a unique banking platform. The company got nominated in two categories: Best POS Innovation and Best Acquirer of the year, but ultimately won the Best POS Innovation award. "We accept this award with gratitude and appreciat
New Release Crea Records: "ABBA We Love You Forever"21.2.2019 17:44:00 | Tiedote
Not many people on this earth can say that they have never heard of ABBA. In addition to the wonderful voices of Agnetha Fältskog and Anni-Fried Lyngstad, the musicians, Björn Ulvaeus and Benny Andersson have written the most wonderful songs, not only composed with charm and elegance, but also so breathtakingly beautiful and unforgettable that they will always resonate. For the Danish singer, BILLBOARD Hot 100 artist, composer and lyricist, Lecia Jonsson, ABBA has been much more than an inspiration. Lecia shared the same melodic universe as ABBA, making her mark with many records as part of duo LECIA & LUCIENNE. Later, as part of another duo, LABAN, Lecia entered BILLBOARD HOT 100 in the United States, had releases in 48 countries worldwide, and sold more than 1.5 million albums. Lecia’s identity is formed by her pure voice and her great sense for writing unique songs filled with a great melodic substance. If anyone should write a song to honour ABBA’s music, Lecia is definitely the pe
Ultivue Expands Global Presence with Opening of European Subsidiary, Ultivue EMEA Srl21.2.2019 17:30:00 | Tiedote
Ultivue, a developer of tissue biomarker identification and quantification assays for pathology and translational research labs, today announced that it has expanded its commercial footprint with a wholly-owned European subsidiary and appointed Luigi Pirovano as General Manager. Mr. Pirovano is an international executive with significant experience managing European Diagnostics and Life Science operations and will be responsible for managing the new subsidiary, Ultivue EMEA Srl, located in Milan, Italy. “The establishment of a European subsidiary provides an excellent structure to support Ultivue’s expanded commercial activities across Europe and engage deeply and efficiently with the biomedical community,” said Philippe Mourere, Ultivue’s Senior Vice President of Commercial Operations. “Ultivue will capitalize on Luigi’s demonstrated success leading both Life Science and Diagnostics activities to continue driving strong execution of its business plan.” Luigi Pirovano has more than 30
NTT DATA Launches Advanced 3D Digital Map Package for 5G Network Planning21.2.2019 17:00:00 | Tiedote
NTT DATA (TOKYO:9613), a leading IT services provider, announced today its launch of “AW3D Telecom for 5G,” an advanced 3D digital map package that leverages high-quality satellite imagery for the planning of fifth-generation (5G) wireless networks, effective immediately. AW3D for 5G is expected to be used by telecom carriers, network vendors and IoT companies engaged in businesses involving 5G networks. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190221005320/en/ Images of AW3D Telecom for 5G (Graphic: Business Wire) Commercial 5G services via fixed wireless access networks launched in the USA in 2018 and will begin operating in Japan, South Korea, the UK and Australia in 2019. Accurate 3D models are crucial for designing 5G networks, which use millimeter-spectrum waves that are highly sensitive to interference from natural and manmade objects. Buildings, trees, bridges, flyover roads, etc. need to be expressed precisely
Seoul Semiconductor Made Global Distributor Stop Selling Everlight Product in Japan21.2.2019 17:00:00 | Tiedote
Seoul Semiconductor Co., Ltd. (KOSDAQ 046890) (“Seoul”), a leading global innovator of LED products and technology, announced that it has concluded a patent infringement lawsuit seeking an injunction on the sales of certain LED product sold by Mouser Electronics (“Mouser”). The accused LED product was manufactured by Everlight Electronics Co., Ltd. (“Everlight”). This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190221005040/en/ Seoul Semiconductor's Headquarters in Korea (Photo: Business Wire) In February 2018, Seoul filed a patent infringement lawsuit with the Tokyo District Court, accusing the LED product manufactured by Everlight and sold by Mouser of infringing an LED patent of Seoul’s affiliate. Mouser agreed not to export the accused Everlight LED product in Japan, and Seoul therefore agreed to withdraw the lawsuit. The patented technology involved in this litigation serves to efficiently extract light emitted from the i
Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.Tutustu uutishuoneeseemme