Today, the worldwide operating PCI Security Standards Council has recognized SRC as the fourth laboratory for the performance of security tests for SPoC and CPoC solutions.
With SPoC solutions (Secure PIN Entry on Commercial-off-the-Shelf devices) a merchant can accept payments with commercially available mobile devices.
While the SPoC program describes solutions with PIN entry, the CPoC program is aimed exclusively at contactless solutions that do not require PIN entry.
A SPoC solution consists of four core components
- a Secure Card Reader for PIN (SCRP), an external and PCI PTS approved card reader,
- a tested PIN CVM App for secure PIN entry on the merchant’s standard mobile device,
- the retailer’s mobile device (COTS device) such as a smartphone or tablet, and
- a background system that contributes significantly to the security of the overall system by means of attestation, monitoring and processing.
With CPoC, the PCI SSC has developed requirements for solutions for processing contactless payments without PIN entry (“Tap and Go”) on commercially available mobile devices (commercial off-the-shelf, COTS), such as smartphones or other mobile commercial off-the-shelf (COTS) devices with NFC interface.
With the SPoC and CPoC programs, the PCI SSC meets the increasing demand for new and secure acceptance solutions and ensures security in the acceptance of payments via mobile phones and tablets. The corresponding tests are now also carried out by SRC.
The recognition of SRC as a lab for the programmes SPoC and CPoC is an important signal to the market. Customers from this innovative environment can now also make use of SRC’s expertise for the development of secure payment solutions.