“Today the PCI Security Standards Council published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS (MPoC) builds on the existing PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) Standards, which individually address security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments using a smartphone or other commercial off-the-shelf (COTS) mobile device. The PCI MPoC Standard aims to provide increased flexibility not only in how payments are accepted, but in how COTS-based payment acceptance solutions can be developed, deployed, and maintained. PCI MPoC is a new, flexible mobile standard and program for payment solution development. It provides a modular, objective-based, security standard that supports various types of payment acceptance channels and consumer verification methods on COTS devices. PCI MPoC combines many of the aspects of the existing PCI SPoC and PCI CPoC standards, primarily by including the entry of both PIN and contactless cardholder data on the same COTS device.”

“Today, the PCI Security Standards Council (PCI SSC), a global payment security forum, published version 4.0 of the PCI Data Security Standard (PCI DSS). PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data.”

“Over one-third of Canadian consumers have experienced the consequences of a security breach or hack, according to newly released research conducted by secure payments provider to contact centers, PCI Pal . The findings suggest that a combination of recent high-profile breaches, media coverage of new data privacy regulations such as GDPR and Canada’s Personal Information Protection and Electronic Documents Act, and personal experience have made security a top concern for Canadian consumers.”

“The highly anticipated new guidance provides a much clearer path for retail contact centers looking to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS) and provides critical recommendations on new technologies and processes for securing payment card data.”

“The new set of requirements actually has two major components—The PCI Secure Software Standard and the PCI Secure Lifecycle Standard—and is under the umbrella of what the Wakefield, Mass.-based PCI Council calls its new Software Security Framework. The Council has been working on updating software security for more than a year, and indicated last month that new standards would be published in early 2019.”

“Today the PCI Security Standards Council (PCI SSC) published PCI PIN Security Requirements and Testing Procedures version 3.0, the PCI Security Standard for the secure management, processing and transmission of PIN data at ATMs and attended and unattended point-of-sale (POS) terminals. PCI SSC is also developing a program to train and qualify security assessors to support implementation of the PCI PIN Security Standard, to be available in 2019.”

“The updated device standard supports the development of PCI Software-based PIN Entry on COTS (SPoC) Solutions for merchants that enable EMV® contact and contactless transactions with PIN entry on commercial off-the-shelf (COTS) devices, such as tablets and smartphones. “