informa
/
Risk
Quick Hits

PCI DSS Adds Standard for Software-based PIN Entry

Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.

The PCI Security Standards Council has created a new standard for software-based PIN entry for transactions on merchant smartphone and tablets and other off-the-shelf commercial devices.

PCI Software-Based PIN Entry on COTS (SPoC) provides security specifications for secure PIN entry apps that then are used with a secure card reader for PINs on mobile point-of-sale systems, which have become all the rage for small merchants.

Mobile PoS "has enabled them to take orders and accept payments on a tablet or smartphone, anytime and anywhere. However, some small merchants in markets that require EMV chip-and-PIN acceptance may have found the costs of investing in hardware prohibitive," said Ron van Wezel, senior analyst with Aite Group. The new PCI standard incorporates PIN entry into the mobile touchscreen: "This means that merchants can accept payments with just their mobile device and a small, cost-efficient card reader connected to it along with a secure PIN entry application," he said.

Troy Leach, PCI SSC Chief Technology Officer, said the new standard provides app developers and mobile and other platform vendors with security requirements for creating secure PIN technology for those devices. 

Read more about the new PCI standard here

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5