PCI SSC recently completed the first of two request for comments (RFC) periods on the draft PCI Contactless Payments on COTS Standard and published a Magnetic Stripe Readers (MSR) Annex to the Software-based PIN Entry on COTS (SPoC) Standard. Chief Technology Officer Troy Leach discusses these new initiatives and explains how they fit into the PCI Council’s overall approach to developing standards and programs that supprequest for commentsRFCort mobile payment acceptance.
First, can you provide some insight into the PCI Council’s approach to developing standards and programs that support mobile payment acceptance?
Troy Leach: Merchants want affordable, flexible and safe options for mobile payment acceptance that allow them to best serve their customers. The PCI Council’s focus is to develop security standards and programs for payment acceptance solutions that give merchants secure options they can trust to support their customers and protect the integrity and confidentiality of their payment data.
PCI Standards have supported mobile payment acceptance for many years, with the PCI PIN Transaction Security Point of Interaction (PTS POI) Standard providing security and testing requirements for mobile devices dedicated to payments. With a growing number of merchants now using smartphones and other commercial off-the-shelf (COTS) devices, PCI SSC has expanded its support for mobile payment acceptance to develop new standards that leverage security techniques to provide proactive controls for managing threats and protecting data. These include the Software-based PIN Entry on COTS (SPoC) Standard, as well as the Contactless Payments on COTS (CPoC) Standard currently in development.
What’s new with SPoC?
Troy Leach: We’ve just published a Magnetic Stripe Readers (MSR) Annex to the Software-based PIN Entry on COTS Standard, which provides an optional path for vendors to develop SPoC Solutions that support merchant acceptance of both magstripe and chip card payments using a single solution. The SPoC Annex outlines additional security and testing requirements for SPoC Solutions. This is optional support for magnetic stripe readers (MSR) that are used with a SPoC PIN CVM Application for payment acceptance.