SRC recognized as SPoC/CPoC Lab by the PCI SSC

SRC recog­nized by PCI SSC as SPoC and CPcC Security Lab

Today, the worldwide operating PCI Security Standards Council has recog­nized SRC as the fourth laboratory for the perfor­mance of security tests for SPoC and CPoC solutions.

With SPoC solutions (Secure PIN Entry on Commercial-off-the-Shelf devices) a merchant can accept payments with commer­cially available mobile devices.

While the SPoC program describes solutions with PIN entry, the CPoC program is aimed exclu­sively at contactless solutions that do not require PIN entry.

A SPoC solution consists of four core compo­nents

  • a Secure Card Reader for PIN (SCRP), an external and PCI PTS approved card reader,
  • a tested PIN CVM App for secure PIN entry on the merchant’s standard mobile device,
  • the retailer’s mobile device (COTS device) such as a smart­phone or tablet, and
  • a background system that contributes signif­i­cantly to the security of the overall system by means of attes­tation, monitoring and processing.

With CPoC, the PCI SSC has developed require­ments for solutions for processing contactless payments without PIN entry (“Tap and Go”) on commer­cially available mobile devices (commercial off-the-shelf, COTS), such as smart­phones or other mobile commercial off-the-shelf (COTS) devices with NFC interface.

With the SPoC and CPoC programs, the PCI SSC meets the increasing demand for new and secure accep­tance solutions and ensures security in the accep­tance of payments via mobile phones and tablets. The corre­sponding tests are now also carried out by SRC.

The recog­nition of SRC as a lab for the programmes SPoC and CPoC is an important signal to the market. Customers from this innov­ative environment can now also make use of SRC’s expertise for the devel­opment of secure payment solutions.

PCI DSS guidance for Large Organizations

PCI DSS best practices guidance for large organi­za­tions published

SRC Security Research & Consulting GmbH contributed to the most recent PCI (Payment Card Industry) Security Standards Council Special Interest Group (SIG). The resulting guidance on PCI DSS for Large Organi­za­tions is now published.

Complex organi­za­tions, corpo­ra­tions and companies often face specific challenges when imple­menting PCI DSS (Payment Card Industry Data Security Standard) require­ments: the hetero­geneity of their infra­struc­tures and processes, the constant change of corporate struc­tures, and dealing with diverse require­ments, respon­si­bil­ities and management tasks.
The new guidance on PCI DSS for Large Organi­za­tions helps large and/or complex organi­za­tions coordinate and manage their PCI DSS activ­ities across multiple environ­ments.

  • PCI DSS guidance for Large Organi­za­tions //document.