In the first part of this blog series, we have already informed you that there is a strong trend towards cashless and especially contactless payment. Payment via smartphone is also becoming increasingly important. The SPoC and CPoC standards provided by the PCI play an important role here.
PCI SPoC and CPoC – what is this all about?
SPoC (Software-based PIN Entry on COTS) is – simply spoken – the software-based PIN Entry standard from PCI for mobile devices, in combination with a Secure Card Reader for PIN which is an extra piece of hardware, connected to the mobile device, e.g. by Bluetooth.
CPoC (Contactless Payments on COTS) is the second and more recent standard which makes accepting contactless payments even simpler. The NFC capability transforms mobile devices into a contactless payment reader.
Common to both standards are the mobile card reader app, the attestation and monitoring services. All of it just for upholding a high level of security and trust. Of course, besides that typical payment related services are part of the back-end.
What role does Build38 play in this?
Build38 fulfils the strictest security requirements mandated by PCI:
- Ensuring the app is running in a secure environment (and only there)
- Anti-repackaging technology
- Secure PIN entry
- Mitigation of detected threats already on the mobile device, etc.
On top of that Build38 provides the required attestation component which acts as verifier to determine the current security state of the app. It delivers additional security signals into the monitoring system which detects, alerts, and mitigates suspected or actual threats and attacks.
PCI security requirements can be overwhelming with all its complexities, yet there is nothing to be afraid of!
You understand payments at your best, and Build38 masters your mobile security!
At Build38 we believe that in a changing digital landscape, the app security is not a luxury. It is a necessity. Your developers should focus on what they are best at: delivering business value and world-class payment apps, while Build38 provides mobile app security. Build38’s Trusted Application Kit (T.A.K) is a highly secure, holistic and easy to integrate mobile app security framework.
It all starts with better understanding your mobile risks.