PCI SPoC
E723415
PCI SPoC is a PCI Security Standards Council standard that defines security requirements for accepting PIN-based card payments on commercial off-the-shelf mobile devices using a secure PIN entry application and a trusted card reader.
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
PCI SSC standard
ⓘ
payment card security standard ⓘ |
| acronymFor | Software-based PIN Entry on COTS NERFINISHED ⓘ |
| addresses | threats to PIN entry on mobile devices ⓘ |
| aimsTo | reduce risk of PIN compromise on consumer-grade devices ⓘ |
| appliesTo | commercial off-the-shelf mobile devices ⓘ |
| category | cardholder data and PIN protection standard ⓘ |
| complianceDemonstratedBy | assessment by PCI-recognized laboratories ⓘ |
| complianceListedOn | PCI SSC list of approved SPoC solutions ⓘ |
| defines | security requirements for accepting PIN-based card payments on COTS devices ⓘ |
| documentationType | technical security standard ⓘ |
| focusesOn |
PIN-based cardholder verification
ⓘ
software-based PIN entry ⓘ |
| fullName | PCI Software-based PIN Entry on COTS NERFINISHED ⓘ |
| goal | enable secure PIN acceptance without traditional hardware PIN pads ⓘ |
| governs |
design of software-based PIN entry solutions
ⓘ
integration between mobile apps and external card readers ⓘ |
| includesRequirementsFor |
application security
ⓘ
device security controls ⓘ key management and cryptography ⓘ monitoring and integrity checks ⓘ secure communication between PIN entry app and card reader ⓘ |
| industry | payments industry ⓘ |
| intendedFor |
merchants using mobile devices for card-present PIN entry
ⓘ
solution vendors building PIN-on-mobile products ⓘ |
| objective |
maintain security of PIN-based transactions
ⓘ
protect PIN entry on COTS devices ⓘ |
| partOf | PCI PIN security standards ecosystem NERFINISHED ⓘ |
| publishedBy | PCI Security Standards Council NERFINISHED ⓘ |
| publisherAbbreviation | PCI SSC NERFINISHED ⓘ |
| regulates | how PIN is captured, processed, and transmitted on COTS devices ⓘ |
| relatedTo |
PCI CPoC
NERFINISHED
ⓘ
PCI MPoC NERFINISHED ⓘ PCI PTS POI NERFINISHED ⓘ |
| requires |
monitoring of deployed SPoC environments
ⓘ
protection of PIN from compromise on COTS device ⓘ secure lifecycle management of the SPoC solution ⓘ secure update mechanisms for the PIN entry application ⓘ segregation of sensitive functions from general-purpose mobile OS ⓘ tamper detection and response mechanisms in the solution ⓘ |
| requiresUseOf |
secure PIN entry application
ⓘ
trusted card reader ⓘ |
| scope | card-present PIN-based transactions ⓘ |
| usedBy |
acquirers and processors
ⓘ
payment service providers ⓘ solution providers offering PIN on mobile solutions ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.