From 26 Feb to 26 March, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the draft PCI SPoC Magnetic Stripe Reader (MSR) Annex. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.
Request for Comments (RFC) on PCI SPoC MSR Annex
As published in a previous post, PCI SSC is developing a PCI SPoC Magnetic Stripe Reader (MSR) Annex. PCI SSC stakeholders are invited to review and provide feedback on the draft SPoC MSR Annex during a 30-day request for comments (RFC) period from 26 February to 26 March. The RFC follows the formal PCI SSC RFC process, as outlined in the recently published RFC Process Guide. It is available through the PCI SSC portal, including instructions on how to access the document and submit feedback.
Please note that as part of the RFC process all feedback will be reviewed and considered for development of the final Annex, planned for publication in May 2019. The name of the organization, its comments and how PCI SSC is addressing the feedback will be posted in the PCI SSC portal for all RFC participants to view.
Background on the PCI SPoC MSR Annex
PCI SSC originally developed the PCI Software-based PIN Entry on COTS (SPoC) Standard (published in January 2018) and program in response to market demands for secure SPoC solutions in mature EMV markets. Since its publication, PCI SSC has received feedback that changing the SPoC Standard to allow non-PIN based magnetic stripe transactions would benefit less mature EMV markets where magnetic stripe with signature (or no CVM) transactions are still common.
PCI SSC is responding to this industry feedback by developing a temporary extension to the SPoC Standard in the form of a standalone “Annex” document. The PCI SPoC MSR Annex will outline the security and testing requirements needed to ensure the protection of account data accepted through SPoC solutions that support magnetic stripe transactions. The intent is to broaden the applicability of the SPoC Standard to meet the need for SPoC solutions that provide merchants in relevant markets with a secure option for acceptance of non-PIN based magnetic stripe transactions.
PCI SSC will incorporate the Annex into the SPoC Standard as part of a revision anticipated for 2020.