Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
Digital Identity, Security & Online Fraud

PCI Council publishes security requirements for PIN Entry Standard

Friday 26 January 2018 | 10:29 AM CET

PCI Security Standards Council publishes security requirements for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets.

The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).

Key security principles included in the standard’s security and test requirements are:

• Active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
• Isolation of the PIN from other account data;
• Ensuring the software security and integrity of the PIN entry application on the COTS device;
• Protection of the PIN and account data using a PCI approved Secure Card Reader-PIN (SCRP).

The Software-Based PIN Entry on COTS Test Requirements outline testing processes for laboratories to use in evaluating solutions against the standard. These will be published in the next month, followed by a supporting program that will list PCI validated solutions on the PCI SSC website for merchant use.