Business Wire

PCI Security Standards Council Publishes Security Requirements for Software-Based PIN Entry on COTS Devices

Jaa

Today the PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).

“Mobile point-of-sale (MPOS) solutions have become very popular with smaller merchants for their flexibility and efficiency. MPOS has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive,” said Aite Group Senior Analyst Ron van Wezel. “With the new PIN entry standard, the PCI Council has responded to market need by specifying the security requirements for allowing PIN entry directly on the mobile touchscreen. This means that merchants can accept payments with just their mobile device and a small, cost efficient card reader connected to it along with a secure PIN entry application. The payment industry will benefit overall from the wider choice in payment acceptance, as it will drive the growth of electronic transactions.”

“The PCI Council has a long history of developing standards for protecting PIN as a verification method in hardware-based solutions. Existing PCI PIN Standards require hardware-based security protection of the PIN,” said PCI SSC Chief Technology Officer Troy Leach. “We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself. The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”

Key security principles included in the standard’s security and test requirements are:

  • Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
  • Isolation of the PIN from other account data;
  • Ensuring the software security and integrity of the PIN entry application on the COTS device;
  • Protection of the PIN and account data using a PCI approved Secure Card Reader for PIN (SCRP).

The Software-Based PIN Entry on COTS Security Requirements are for solution providers to use in designing each part of a complete solution. These requirements are available now on the PCI SSC website.

The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.

For more information on the new standard, read PCI Perspectives blog post New PCI Software-Based PIN Entry on COTS Standard .

“This standard gives solution providers and application developers a baseline of security requirements for how to securely accept PIN-based transactions on a COTS device, as well as methods to test that security is working, even as updates to the devices and applications occur frequently. PCI validated solutions will meet a robust set of security objectives that have been tested by independent laboratories,” added Leach. “More and more businesses are now accepting payments with smartphones, tablets and other COTS devices, especially within the small business community. The PCI SSC Software-Based PIN Entry Solution listing will provide these merchants with a resource for selecting PIN entry solutions that have been evaluated and tested by payment security laboratories, and their customers will benefit by having the best available protection for their payment data.”

About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

Contact information

PCI Security Standards Council
Mark Meissner, +1-202-744-8557
press@pcisecuritystandards.org
Twitter @PCISSC

Tietoja julkaisijasta

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Tilaa tiedotteet sähköpostiisi

Haluatko tietää asioista ensimmäisten joukossa? Kun tilaat mediatiedotteemme, saat ne sähköpostiisi välittömästi julkaisuhetkellä. Tilauksen voit halutessasi perua milloin tahansa.

Lue lisää julkaisijalta Business Wire

Positive Trial Results with Filgotinib in Psoriatic Arthritis and Ankylosing Spondylitis Both Published in The Lancet22.10.2018 20:15Tiedote

Gilead Sciences, Inc. (Nasdaq: GILD) and Galapagos NV (Euronext & NASDAQ: GLPG) today announced that detailed results from two clinical trials evaluating filgotinib, an investigational, selective JAK1 inhibitor, for the treatment of psoriatic arthritis and ankylosing spondylitis were both published in The Lancet. The publication of the Phase 2 EQUATOR data also coincides with a plenary session presentation at the 2018 American College of Rheumatology/Association of Rheumatology Health Professionals (ACR/ARHP) Annual Meeting. “The results of the EQUATOR and TORTUGA studies demonstrate that filgotinib improved the signs and symptoms of patients with psoriatic arthritis whose disease had not responded to prior therapies and independently, for those with ankylosing spondylitis,” said John McHutchison, AO, MD, Chief Scientific Officer and Head of Research and Development, Gilead Sciences. “These findings represent an important step forward in our efforts to improve outcomes for people livin

First Data Polska Deploys Inside Secure’s Mobile Payment Technology To Securely and Easily Connect to Mastercard and Visa22.10.2018 18:36Tiedote

Regulatory News: Inside Secure (Paris:INSD) (Euronext Paris: INSD), at the heart of security solutions for mobile and connected devices, today announced that First Data Polska S.A., a division of the global leader in commerce-enabling technology, selected Inside Secure technology to enable secure and flexible connections to Mastercard and Visa. First Data Polska S.A. chose Inside Secure’s Mobile Payment Client to easily integrate their solution with the Visa Token Service (VTS) and Mastercard Digital Enablement Service (MDES) – today’s major tokenization services that convert sensitive data into unique tokens that allow mobile payments to be processed. “Security and reliability are continual requirements for our services,” said Jolanta Rycerz, Member of Management Board at First Data Polska S.A. “We see Inside Secure as a valuable technology provider that enables us to easily migrate to the latest mobile payment technology and security standards. Thanks to Inside Secure, our customers,

PMI Launches Search for Next President and CEO22.10.2018 17:00Tiedote

Project Management Institute (PMI), the world’s leading professional membership organization for project managers, announced today that it has retained Heidrick & Struggles to help the organization find its next President and Chief Executive Officer (CEO). The dynamic leader shall oversee the implementation of a new strategic plan and guide the organization toward a future designed to help thousands of project professionals around the world accelerate their careers and make ideas a reality. Heidrick & Struggles is a premier provider of executive search, leadership assessment and development, organization and team effectiveness, and culture shaping services globally. PMI will conduct a comprehensive global review of both internal and external candidates for this key position. The selected candidate will embody PMI’s core values and possess the skillsets necessary to advance the organization’s key goals. PMI’s next President and CEO will help it execute a bold new multi-year initiative d

E2open to Acquire INTTRA, Adding the World’s Leading Ocean Shipping Network and Software Provider, Creating an Integrated Global Supply Chain and Logistics Operating Network22.10.2018 16:43Tiedote

E2open, the one place in the cloud to run your supply chain, today announced the acquisition of INTTRA, the leading ocean shipping network, software and information provider. The combination of INTTRA’s ocean carrier and shipper network with E2open’s industry leading business network will create a unified global logistics and supply chain network. E2open and INTTRA will join efforts to strengthen the connections and streamline the information flow between manufacturers, suppliers, shipping service providers, ocean carriers and all the participants in global trade. E2open is the largest cloud-based provider of networked supply chain solutions, featuring a complete portfolio of applications that enable the world’s most complex supply chains to better plan, collaborate, and execute their end-to-end operations. More than 70,000 partner companies and 200,000 users, many of the biggest brands and manufacturers across a range of industries, use the E2open network and platform to orchestrate t

Patient-Data Platform Raremark Raises £3m to Enable Precision Medicine in Rare Disease22.10.2018 15:00Tiedote

Raremark, the leading patient-data platform in rare disease, has raised £3m in funding from investors, led by AlbionVC and Ananda Ventures, with participation from Oltre Venture and from existing major investor the Cass Entrepreneurship Fund. The funding will be used to develop Raremark’s patient-engagement and data-analysis technology, helping biopharmaceutical companies to identify, engage and learn from patients, accelerating the development of new treatments. Raremark’s platform is the foundation for building research networks of rare disease patients and their families. Raremark provides biopharmaceutical companies with access to anonymized and aggregated patient data, helping to reduce the time and cost of clinical development. The Raremark platform engages and retains patients, leveraging machine-learning technologies in novel ways. The approach is designed to raise health literacy and informed participation in medical research, to improve the quality of existing therapies and t

Celltrion Healthcare Hosts Forum with Patient Advocacy Groups to Provide Information on the Use of Biosimilars in Oncology22.10.2018 14:50Tiedote

To coincide with the ESMO 2018 Congress in Munich, Germany, Celltrion Healthcare invited perspective from experts including a physician and pharmacist to provide information to patient advocacy groups on the history of biosimilars, how they are tested and approved, their cost saving benefit and the wealth of clinical evidence already available on their use in order to improve understanding of biosimilars. The introduction of biosimilars in the treatment of cancer has the potential to reduce pressure on healthcare budgets and increase access to other innovative treatments or more potent regimens. This is achieved by offering more cost-effective alternatives to the reference medicinal products and by increasing competition in the market. Breast cancer is the most common cancer in women worldwide and accounts for a quarter of all cancer diagnoses in women.1 For the benefits of biosimilar use to be realised in oncology, and in the treatment of breast cancer, barriers to their uptake need t

Uutishuoneessa voit lukea tiedotteitamme ja muuta julkaisemaamme materiaalia. Löydät sieltä niin yhteyshenkilöidemme tiedot kuin vapaasti julkaistavissa olevia kuvia ja videoita. Uutishuoneessa voit nähdä myös sosiaalisen median sisältöjä. Kaikki STT Infossa julkaistu materiaali on vapaasti median käytettävissä.

Tutustu uutishuoneeseemme