PCI MPoC Standard

PCI Copd Standard v1.1: Advances in Solutions for Mobile Payments in Commercial Devices

PCI Copd Standard v1.1

PCI MPoC Standard

The PCI Security Standards Council (PCI SSC) has released version 1.1 of the standard PCI Mobile Payments on COTS (Epoc)designed to support the evolution of the solutions of acceptance of mobile payments. This standard provides safety requirements for solutions that allow merchants to accept payments with a PIN or contactless transactions by using mobile devices, commercial off the shelf (COTS, for its acronym in English), such as smartphones or tablets.

This update significantly improves the flexibility in how they develop, implement, and maintain solutions for mobile payments based on COTS, addressing the current needs of merchants and service providers.

What is the standard PCI Copd?

The standard PCI Copd it is an evolution of the standard previous: PCI SPoC (Software-based PIN entry on COTS) and PCI CPoC (Contactless Payments on COTS). Its goal is to enable merchants to use devices COTS to accept credit card payments, either through the introduction of a PIN, or methods without contact. Version 1.1 improves security, expanding the functionality and adaptability of these solutions in response to a landscape of mobile payments in constant change.

Main changes in version 1.1 of the PCI standard Copd

Version 1.1 includes a number of updates designed to improve the safety and usability of the standard. These are some of the highlights:

  1. Removal of certain functional requirements:
    • Deleted validations related to software security and functionality of the kernel.
  2. Compatibility between SDKs Copd:
    • Now it is possible to integrate an SDK of Copd within another, which improves interoperability.
  3. Updates of security, storage, and offline:
    • Conform to the requirements related to storage and safety out of line to reflect best practices.
  4. Improvements in the detection and response platforms committed:
    • Clarification of the necessary measures to identify and mitigate potential compromises in devices.
  5. Updates for PIN entry:
    • Set requirements to support input PIN in external devices and improved accessibility.
  6. Security guidelines (Section 1G-1.x):
    • Revision of the guidelines to strengthen the security in various applications.
  7. Requirements for self-assessment of SDKs Copd:
    • Developers must comply with new guidelines to integrate and test solutions in an effective way.
  8. Permissions for SDKs non-isolated:
    • Allows applications Copd manage secure channels, increasing the flexibility.
  9. Implementation of FIPS140-2 L2 HSMs in controlled environments:
    • The security modules of hardware are now acceptable under specific conditions.
  10. Update of requirements for RSA2048 and transactions with setbacks technical:
    • Clarification of scenarios where these methods are valid.
  11. Other general changes:
    • Minor adjustments in all of the standard to improve the clarity and consistency.

Advantages of the PCI standard Copd v1.1

Version 1.1 of the PCI standard Copd allows you to:

  • Greater modularity: Adapting to different methods of accepting payments and verification of the consumer.
  • Comprehensive support: It combines the capabilities of PCI SPoC and PCI CPoC, allowing the same device to drive data-PIN and contactless card.
  • Flexibility to merchants and suppliers: Facilitates the implementation of innovative solutions that meet the needs of an evolving market.

What does this mean for the industry?

With this new version, the merchants, acquirers, and service providers have access to a platform more robust and versatile to accept mobile payments. This is especially relevant in a context where consumers expect payment options, fast, secure and friction-free. The updates will also respond to the technical challenges that developers face when creating solutions that are compatible with the standard PCI Copd.

Conclusion

The PCI standard Copd v1.1 represents a breakthrough in the acceptance of mobile payments, allowing for greater flexibility and security in the use of commercial devices for card transactions. These updates reinforce the commitment of the PCI SSC to adapt to the demands of the industry, ensuring that the solutions are secure and accessible to all stakeholders in the ecosystem.

For more details, please refer to the official source in the document library of PCI SSC: PCI SSC Document Library.

You may be interested to see more content like this on our BLOG

Entradas relacionadas

logo_Colombia_Mesa de trabajo 1 copia

We are a company specializing in the security of digital payments with a presence in Latin america and the Caribbean

Linkedin Youtube

About

Services

Contact

Calle 118 # 19-52 office 206 Bogotá, Colombia

(+57) 317 485 8175 (+57 601) 658 2968