17:31 uur 04-12-2019

PCI Security Standards Council publiceert nieuwe standaard voor contactloze betalingen

—PCI Contactloze betalingen op COTS (CPoC™) Standaard biedt beveiliging en testvereisten voor oplossingen die contactloze betalingsacceptatie mogelijk maken op commerciële mobiele apparaten met behulp van NFC—

WAKEFIELD, Mass. – (BUSINESS WIRE) – Vandaag publiceerde de PCI Security Standards Council (PCI SSC) een nieuwe standaard voor gegevensbeveiliging voor oplossingen waarmee verkopers contactloze betalingen kunnen accepteren met een commercieel off-the-shelf (COTS) mobiel apparaat (bijv. , smartphone of tablet) met Near Field Communication (NFC). Met behulp van de PCI Contactloze betalingen op COTS (CPoC ™) Standaard en ondersteunend validatieprogramma kunnen verkopers contactloze acceptatieoplossingen bieden die zijn ontwikkeld en getest in laboratoria om betaalgegevens te beschermen.

“De betaalsector voorzien van standaarden en middelen die veilige acceptatie van betalingen ondersteunen in nieuwe en opkomende kaart- en kaart-gewortelde betaalkanalen is een belangrijk aandachtspunt van de Council,” zei PCI SSC-normfunctionaris Emma Sutcliffe. “De PCI CPoC-norm is de tweede norm die door de Raad is uitgebracht om betalingsacceptatie via mobiel aan te pakken. De PCI CPoC-standaard biedt met name beveiligings- en testvereisten voor oplossingen die contactloze betalingsacceptatie mogelijk maken op een COTS-apparaat van een verkoper met behulp van een ingebouwde NFC-lezer.”

PCI Security Standards Council Publishes New Standard for Contactless Payments

—PCI Contactless Payments on COTS (CPoC™) Standard Provides Security and Test Requirements for Solutions that Enable Contactless Payment Acceptance on Merchant Mobile Devices Using NFC—

WAKEFIELD, Mass.–(BUSINESS WIRE)– Today the PCI Security Standards Council (PCI SSC) published a new data security standard for solutions that enable merchants to accept contactless payments using a commercial off-the-shelf (COTS) mobile device (e.g., smartphone or tablet) with near-field communication (NFC). Using the PCI Contactless Payments on COTS (CPoC™) Standard and supporting validation program, vendors can provide merchants with contactless acceptance solutions that have been developed and lab-tested to protect payment data.

“Providing the payments industry with standards and resources that support secure payment acceptance in new and emerging card and card-rooted payment channels is a key focus for the Council,” said PCI SSC Standards Officer Emma Sutcliffe. “The PCI CPoC Standard is the second standard released by the Council to address mobile contactless acceptance. Specifically, the PCI CPoC Standard provides security and test requirements for solutions that enable contactless payment acceptance on a merchant COTS device using an embedded NFC reader.”

“Contactless, or tap and go, payment adoption is on the rise globally, and merchants want affordable, flexible and safe options for contactless payment acceptance that allow them to best serve their customers. In addition to PCI Software-based PIN Entry on COTS (SPoC) Solutions that enable contactless payment acceptance with a dongle attached to the mobile COTS device, the PCI CPoC Standard and Program now provide merchants the option to use validated solutions that require no additional hardware to accept contactless transactions,” said PCI SSC Senior Vice President Troy Leach.

The PCI CPoC Standard includes security requirements for vendors on how to protect payment data in CPoC Solutions and test requirements for laboratories (labs) to evaluate these solutions through the supporting validation program. Validated CPoC Solutions are listed on the PCI SSC website as a resource for merchants and acquirers. Program details are outlined in the CPoC Program Guide, which is available now on the PCI SSC website.

The primary elements of a CPoC Solution include: a COTS device with an embedded NFC interface to read the payment card or payment device; a validated payment acceptance software application that runs on the merchant COTS device initiating a contactless transaction; and back-end systems that are independent from the COTS device and support monitoring, integrity checks and payment processing. Software-based PIN entry is not permitted in a CPoC Solution.

Through a combination of the security controls built into the merchant application and ongoing monitoring and integrity checks performed by the back-end systems, merchants and consumers can have confidence in the security of the CPoC Solution and the contactless transaction.

“Developed with the input of the global payments industry via the requests for comments (RFC) process, the CPoC Standard is a continuation of the Council’s efforts to provide merchants with secure mobile payment acceptance options they can trust to support their customers and protect the integrity and confidentiality of their payment data,” added Leach.

The PCI CPoC Standard and Program documents are available on the PCI SSC website.

For more information on the new CPoC Standard and Program read PCI Perspectives Blog post Just Published: PCI Contactless Payments on COTS.

About the PCI Security Standards Council


The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

Contacts

Mark Meissner

PCI Security Standards Council

+1-202-744-8557

press@pcisecuritystandards.org
Twitter @PCISSC

Check out our twitter: @NewsNovumpr