PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices
Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”
“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”
Key security principles included in the standard’s security and test requirements are:
- Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
- Isolation of the PIN from other account data;
- Ensuring the software security and integrity of the PIN entry application on the COTS device;
- Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).
The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.
The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.
For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .
“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Tilaa tiedotteet sähköpostiisi
Haluatko tietää asioista jo ennen kuin ne uutisoidaan? Kun tilaat tiedotteemme, saat ne sähköpostiisi yhtä aikaa suomalaisen median kanssa. Tilauksen voit halutessasi perua milloin tahansa.
Lue lisää julkaisijalta Business Wire
Maxion Wheels to Showcase Market-Leading Light Weight Commercial Vehicle Wheels at REIFEN 201816.8.2018 07:05 | Tiedote
Maxion Wheels, the world’s largest producer of wheels, announced today its participation in REIFEN, the leading tire and wheel industry event in Europe, from Sept. 11 – 15, 2018 in Hall 12.1 / Stand D24. For the first time, REIFEN will be co-located with Automechanika Frankfurt at the Messe Frankfurt. “REIFEN is the premier event for European tire and wheel manufacturers and resellers, bringing us together to meet and collaborate on the important aftermarket themes of innovation, service and delivery,” stated Mark Gerardts, Vice President of Global Sales and Marketing, Maxion Wheels. “After a highly popular launch to truck and trailer OEMs in 2017, we’re excited to have the industry’s lightest mass production steel wheel now available to our aftermarket distributors. This wheel, along with several others, including our new 10.00W-20 wide base tubetype and tubeless heavy duty armored vehicles wheel are great examples of our continued efforts to bring our OE multi-application innovations
Lenovo Accelerates Turnaround with Back-to-Back, Double-Digit Quarterly Revenue Growth16.8.2018 02:40 | Tiedote
Lenovo Group (HKSE: 0992) (PINK SHEETS: LNVGY) today announced results for its first fiscal quarter ended June 30, 2018. For the second straight quarter, Lenovo achieved strong double-digit growth in revenue year-on-year. Group revenue reached US$11.91 billion, up 19% year-on-year. The company also reported strong pre-tax income during the quarter of US$113 million, an improvement of US$182 million year-on-year, as profitability improved across all businesses. In the first fiscal quarter, Lenovo’s profit attributable to equity holders grew to US$77 million, up US$149 million year-over-year. Basic earnings per share in the first fiscal quarter was 0.65 US cents or 5.10 HK cents. “As we persistently execute our 3-wave strategy, all our businesses made solid improvements in both revenue and profitability. Lenovo has passed the turning point and entered a phase of ‘acceleration’ - accelerating the execution of our transformation strategy and accelerating the rising momentum in business per
CORRECTING and REPLACING Ebola Successfully Neutralized by Latest Generation Polyclonal Immunotherapy16.8.2018 01:37 | Tiedote
Please replace the release with the following corrected version due to multiple revisions. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180815005602/en/ New Ebola immunotherapy developed by SAB Biotherapeutics uses natural human polyclonal antibodies to combat disease. (Photo: SAB Biotherapeutics) The corrected release reads: EBOLA SUCCESSFULLY NEUTRALIZED BY LATEST GENERATION POLYCLONAL IMMUNOTHERAPY Promising new platform can rapidly respond to emerging infectious diseases Sioux Falls, SD, August 15, 2018 – SAB Biotherapeutics, Inc. (SAB), a clinical-stage biopharmaceutical company, today announced that its anti-Ebola immunotherapy (SAB-139) provided “100% protection against a lethal dose of the Ebola virus” in a recent animal study published in The Journal of Infectious Diseases . The study was conducted at the Integrated Research Facility, National Institute of Allergy and Infectious Diseases, National Institutes of He
QConnect – Markkinoiden älykkäin, erittäin kompakti ja lujatekoinen viestintälaite15.8.2018 23:23 | Tiedote
Quake Global, Inc. (QUAKE), yksi maailman johtavista IoT-markkinoiden toimittajista, julkaisi QConnect™, uuden sukupolven kehittyneen telematiikkalaitteen. Äärimmäisen kompakti QConnect integroituu kiinteisiin ja liikkuviin omaisuuksiin niiden seuraamiseksi, valvomiseksi ja hallitsemiseksi reaaliajassa mistä ja milloin tahansa. Laite tarjoaa useita pitkälle kehitettyjä langattomia kommunikaatiovaihtoehtoja, mukaan lukien LTE/2G/3G, kaksitaajuus-Wi-Fi, Bluetooth/BLE, V2X ja satelliitti. Laite on suunniteltu vastaamaan moniin eri vaatimuksiin yksinkertaisista ja edullisista seurantasovelluksista aina korkean suorituskyvyn monikanavaisiin videon suoratoistosovelluksiin. Tämä lehdistötiedote sisältää multimediaa. Katso koko julkaisu täällä: https://www.businesswire.com/news/home/20180815005706/fi/ Quake Global’s new QConnect, the most intelligent, global, ultra-compact and rugged communication device available (Photo: Business Wire) QConnect tarjoaa joustavuutta sen ainutlaatuisilla sovell
Ebola Successfully Neutralized by Latest Generation Polyclonal Immunotherapy15.8.2018 20:43 | Tiedote
SAB Biotherapeutics, Inc. (SAB), a clinical-stage biopharmaceutical company, today announced that its anti-Ebola immunotherapy (SAB-139) provided “100% protection against a lethal dose of the Ebola virus” in a recent animal study published in The Journal of Infectious Diseases . The study was conducted by the National Interagency Confederation for Biological Research and other collaborators including United States Army Medical Research Institute of Infectious Diseases (USAMRIID) and the Naval Medical Research Center (NMRC). This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180815005602/en/ New Ebola immunotherapy developed by SAB Biotherapeutics uses natural human polyclonal antibodies to combat disease. (Photo: SAB Biotherapeutics) According to the World Health Organization, Ebola virus disease (EVD), formerly known as Ebola hemorrhagic fever, is a severe, often fatal illness in humans with an average fatality rate around 50%.
Rimini Street Receives Asia-Pacific Stevie Award for Customer Service Innovation15.8.2018 20:05 | Tiedote
Rimini Street, Inc. (Nasdaq: RMNI), a global provider of enterprise software products and services, and the leading third-party support provider for Oracle and SAP software products, today announced it has been honored with a Stevie® Award in the Innovation in Customer Service Management, Planning & Practice category for its ultra-responsive, premium level service in the Asia-Pacific region. This honor marks the Company’s 12th Stevie Award win this year, and the second consecutive year the Company has been recognized by the Asia-Pacific Stevie Awards. Rimini Street recently earned Stevie Awards in several categories, including Company of the Year from the 2018 American Business Awards® and Customer Service Department of the Year from the 2018 Stevie Awards for Sales & Customer Service. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180815005580/en/ Rimini Street Receives Asia-Pacific Stevie Award for Customer Service Innovat
Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.Tutustu uutishuoneeseemme