New Security Standard for PINS Will Give Retailers Less Costly Processing Options. A new standard published by the Payment Card Industry Security Standards Council (“PCI SSC”) may make it easier and less costly for retailers to take advantage of lower cost PIN based transactions in card present scenarios. The new standard addresses security of PIN entry through software encryption solutions rather than only through hardware-based encryption devises.
The PCI Council’s catchy name for this new standard is the PCI Software-Based PIN Entry on COTS (SPoC) Standard. “COTS” refers to Consumer Off-the Shelf devices, e. g., your iPhone or iPad or Android equivalents that are used as Mobile point-of-sale or “MPOS” purposes.
The primary purpose of the SPoC standard is to enable secure entry of PINS on tablets and mobile phones used to accept cards instead of the conventional POS terminals with dedicated PIN pads. The importance to retailers is that it may expand their ability to take advantage of lower cost processing options through mobile device acceptance channels.
The standard addresses at least two popular use cases. One is the familiar “Square” dongle on cell phones and another is the in-store mobile card entry devices that sales people use roaming around the stores. In the latter mode, devices utilizing the new standard will have to compete with existing mobile terminal devices that perform encryption within the hardware. These comply with the existing PCI PTS standard. These terminals have been in market for a while from several POS service providers. We don’t know how the new SPoC compliant software devices will compare in merchant cost and security. A third case may be the tablet based card readers now appearing at POS counters.
You still need a PIN entry device under the new standard, but it can now be a dongle that meets the security standard. The standard may for example also find usage in the European-style restaurant payment devices.