“Last month the PCI council announced the development of a new standard for software-based PIN entry on commercial off the shelf (COTS) devices. The concept behind this was one of permitting secure PIN-based applications and card readers to work with a mobile device, utilizing a back-end system for transaction monitoring and processing.
This week Infosecurity attended a presentation by MyPinPad featuring speakers from across payment security and retail technology. The theme was based around the fact that its been 12 years since the roll-out of Chip and PIN, and how the development of mobile-enabled payments have enabled more merchants to offer payments in instances where cash or cheques would only have been accepted in the past.
Jeremy King, international director of the Payment Card Industry Security Standards Council (PCI SSC), said that in instances such as local social clubs or outdoor festivals, those vendors offering mobile payments saw the most business. Therefore there was a need to determine a secure and practical solution to enable mobile payments, and the first draft of its new standard was published in January.
While this could take most of 2018 to come to light, as King admitted that the validation program documentation is expected in Q2, and it would be the end of 2018 before any approved solutions are released for merchants to use.
The concept that the PCI SSC have developed works around encrypting data so that it is never in plain text, using an application on the phone where the data is sent to a back end system and then to a processor, which will see it as a standard chip and PIN transaction.”