Mobile and contactless payments are highly popular and the use of COTS smartphones to accept contactless payments has shown very strong market interest enabling small and medium merchants to transition from cash to card-based transactions in a cost-effective manner. PCI SSC defines the standards for using COTS smartphones for SPoC, which still requires a dongle – the Secure Card Reader PIN (SCRP) – that interacts with the payment card.
The most recent standard from PCI SSC, CPoC, transforms COTS smartphones into acceptance devices, though PIN Entry is not supported yet. In other words, this PCI SSC standard is beneficial for low-value transactions, below the Consumer Device Cardholder Verification Method (CDCVM) limit.
“I am pleased to welcome Riscure to this group of globally recognized labs,” said PCI SSC Executive Director Lance Johnson. “Payments industry participation and input plays a key role in our efforts to evolve PCI Standards to support and align with changes in payments and technology. Riscure is joining a group of experts that we rely on to help us secure solutions through robust security evaluations and also improve our knowledge of new areas and requirements.”
Marc Witteman, CEO at Riscure, commented: “With the accreditation of Riscure by PCI as a recognized Security Lab, Riscure now offers a complete package of PCI SPoC and CPoC services for the Mobile Payment industry and enables our customers to achieve multiple certifications at once for their Tap-To-Phone or CPoC solutions. At Riscure we are passionate about mobile security, and our extensive expertise in the field puts us in the best position to support our customers in their secure development and certification processes. Therefore, working with Riscure becomes even more time and cost-effective.”
PCI SSC SVP, Operating Officer Mauro Lance added, “The Council is committed to delivering the highest quality in its certification programs, and we’re confident that Riscure will help us continue delivering robust security testing for PTS devices, and SPoC and CPoC solutions.”
PCI validated PTS devices are listed on the PCI SSC website at: https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices
PCI recognized laboratories are listed on the PCI SSC website at: https://www.pcisecuritystandards.org/assessors_and_solutions/pci_recognized_laboratories
About the PCI Security Standards Council
The PCI Security Standards Council is a global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Connect with the PCI Council on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
Riscure is a leading vendor of security tools and training for edge devices. Our tooling helps global technology leaders to build robust hardware and software solutions. Riscure security analysts bring top-notch security expertise to development teams and aim to run no-pain certification projects. Built on a wealth of security research and extensive practical experience, Riscure is well recognized for its technical leadership. If you are interested in evaluating your payment solution with Riscure, feel free to get in touch with us via firstname.lastname@example.org.
|Alicia Malone||Konstantin Goncharov|
|PCI Security Standards Council||Riscure|
|+1-781-876-8917||+31 (0)15 251 4090|