From 23 October to 20 November, PCI SSC stakeholders have the opportunity to review and provide feedback on the draft PCI Software-Based PIN Entry on COTS Standard.
The PCI SSC is developing a security standard for software-based PIN entry on commercial off-the-shelf (COTS) devices, such as consumer-grade mobile phones or tablets. The standard will help mobile solution providers to develop products that enable merchants to securely accept PIN-based payments with the PIN entered on a COTS device.
The draft PCI Software-Based PIN Entry on COTS Standard consists of two interrelated documents: the Security Requirements, which are primarily aimed at mobile solution and component providers, and the Derived Test Requirements, which are aimed at laboratories and assessors that evaluate these solutions and components.
As part of the standards development process, PCI Participating Organizations (which include Affiliate and Strategic Members) Qualified Security Assessors (QSA) and PCI Recognized Labs are invited to review and provide feedback on the draft standard during a 30-day request for comment (RFC) period.
The comment period runs from 23 October to 20 November 2017.
For additional background on the standard and its development, read PCI Perspectives Blog post What to Know About the PCI Software-Based PIN Entry on COTS Standard.