February 9, 2018
Authored by: Bryan Cave and Stanton Koppel
A new standard published by the Payment Card Industry Security Standards Council (“PCI SSC”) may make it easier and less costly for retailers to take advantage of lower cost PIN based transactions in card present scenarios. The new standard addresses security of PIN entry through software encryption solutions rather than only through hardware-based encryption devices.
The PCI Council’s catchy name for this new standard is the PCI Software-Based PIN Entry on COTS (SPoC) Standard. “COTS” refers to Consumer Off-the Shelf devices, e. g., your iPhone or iPad or Android equivalents that are used as Mobile point-of-sale or “MPOS” purposes.
The primary purpose of the SPoC standard is to enable secure entry of PINS on tablets and mobile phones used to accept cards instead of the conventional POS terminals with dedicated PIN pads. The importance to retailers is that it may expand their ability to take advantage of lower