What is CPoC + PIN? Preparing for the PCI’s next evolution in contactless payments
Does CPoC + PIN spell the demise of the card reader? And what does this mean for mobile app developers who will have to comply with the PCI’s new CPoC + PIN standard?
The Payment Card Industry (PCI) Security Standards Council the body that defines standards governing payment card security will soon issue a new standard called CPoC™ + PIN.
CPoC + PIN will revolutionize card payments by enabling PIN entry on smart mobile devices to allow higher value transactions. This is great news for merchants, particularly smaller independents fed up with expensive cash registers, card readers, monthly contracts, and transaction fees. CPoC + PIN will democratise card payments by replacing expensive, specialist hardware with a secure, integrated experience on a smartphone.
However, given the security challenges and complexities involved in protecting a user’s PIN, achieving the CPoC + PIN standard will be no easy feat, as some softPOS vendors are discovering. How do you design a secure, future-proof solution that isolates and protects a user’s PIN separately from their account details, on the same device?
This paper explains the PCI’s standards and our understanding of the imminent new CPoC + PIN standard, the challenges in achieving certification against this, and outlines a solution for developers of mobile payment card apps.