The PCI Security Standards Council (PCI SSC) has announced security requirements for software-based PIN entry on commercial off-the-shelf devices (COTS) such as mobiles and tablets.

The PCI Software-Based PIN Entry on COTS (SPoC) Standard offers measures to allow secure EMV contact and contactless transactions on the merchant’s consumer device using secure PIN entry application combined with a Secure Card Reader for PIN (SCRP).

According to the security requirements, active monitoring of the service is required to avoid any potential threats to the payment environment within the COTS device.

In addition, the standards say that the PIN has to be isolated from other account data.

The council further advises to confirm the software and integrity of the PIN entry application, along with protection of both PIN and account data by using a Secure Card Reader-PIN (SCRP) approved by the PCI.

PCI SSC chief technology officer Troy Leach said: “Existing PCI PIN Standards require hardware-based security protection of the PIN.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“We are now building on this foundation with a new standard that allows for an alternative approach to secure PIN entry by isolating the PIN from other data and using a new robust set of security controls that extend beyond the physical hardware device itself.

“The PCI Software-Based PIN Entry Standard gives solution providers and application developers a baseline of security requirements specifically for accepting EMV contact and contactless transactions using software-based PIN entry.”