PCI-CPoC a new standard for PCI Contactless Payments on COTS.

Blog

29
- July
2020
Posted by: jtsec Team
[Certification]
PCI-CPoC a new standard for PCI Contactless Payments on COTS.

What is PCI-CPoC?

PCI-CPoC is a new security standard approved by the PCI Security Standards Council (PCI SSC) for smartphones or other contactless payment devices like wearables, tablets, etc. known as COTS (commercial off-the-shelf).

The PCI CPoC standard brings security and testing requirements for products that support contactless payments on a commercial COTS device using a built-in NFC reader.

Security Elements of a CPoC Solution

The PCI CPoC Standard is designed to help vendors develop solutions that protect the confidentiality and integrity of payment account data through a combination of the payment application on the COTS device and the back-end systems. This includes proactive monitoring and integrity checks to ensure the security of the solution is not compromised. The architecture of the CPoC module is based on three components as we can see below:

  • A CPoC application: An optional software component, developed and provided by the solution provider, to allow third-party developers to interface with the CPoC solution.

  • COTS Devices: A mobile device (e.g., smartphone, tablet or wearable) that is designed for mass-market distribution.

  • Set of back-end systems: provides transaction processing, security monitoring and attestation services for the COTS system baseline, which work in tandem with the COTS device security mechanisms.

    PCI - CPoC Certification Process

    The certification process is similar to the one carried out for PCI-PTS. Once the product is validated under PCI CPoC Standard, will be listed on the PCI SSC website, where the buyers can find the solutions that have been developed and lab-tested to protect contactless payment data. Only PCI-recognized laboratories have the capacity and licenses necessary to test the product. .

    PCI - CPoC Consulting

    We are top notch consultants in PCI-CPoC,, we help you during the evaluation process in order to get your module validated as soon as possible, based on our experience and our recognition as valued consultants for laboratories.

    Most steps of the process, like filling the Vendor Questionnaire and generating the additional required documents are not easy tasks if you are not used to.

    We smooth the process, working side by side with the client and the lab, allowing you to focus on your product, saving time, money and resources.
    • tags
    jtsec Team/Staff

    jtsec: Beyond IT Security Team


    Contact

    Send us your questions or suggestions!

    By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
    RECENT POSTS
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    Jan 17, 2025
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    jtsec & Applus+ Laboratories at ICCC24
    Nov 14, 2024
    jtsec & Applus+ Laboratories at ICCC24
    How to use the CCN product catalog to improve your company's security
    Oct 14, 2024
    How to use the CCN product catalog to improve your company's security
    Common Criteria Statistics 2023
    June 17, 2024
    Common Criteria Statistics 2023
    How to enter ENS category high, stay in the catalog and add new versions of my product
    April 23, 2024
    How to enter ENS category high, stay in the catalog and add new versions of my product
    jtsec - Our LINCE 2023
    Febr 6, 2024
    jtsec - Our LINCE 2023
    We wish you a happy and cybersecure 2024
    Dec 19, 2023
    We wish you a happy and cybersecure 2024
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    Dec 14, 2023
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    How to include your product or service in ENS ALTA.
    Oct 31, 2023
    How to include your product or service in ENS ALTA.
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    Sept 19, 2023
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    CATEGORIES