News

PCI Council publishes security requirements for PIN Entry Standard

Friday 26 January 2018 10:29 CET | News

PCI Security Standards Council publishes security requirements for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets.

The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).

Key security principles included in the standard’s security and test requirements are:

• Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
• Isolation of the PIN from other account data;
• Ensuring the software security and integrity of the PIN entry application on the COTS device;
• Protection of the PIN and account data using a PCI approved Secure Card Reader-PIN (SCRP).

The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: PCI Council, security, merchants, digital payments, EMV
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions