PCI Security Standard Council calls for comments on new standard for contactless payments on commercial off-the-shelf NFC devices

24 iulie 2019

From 22 July to 20 August 2019, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the draft PCI Contactless Payments on COTS (CPoC) Standard. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.

PCI SSC is developing a new standard for contactless payments on commercial off-the-shelf (COTS) devices, which is planned for publication by the end of 2019. As part of the development process, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI Contactless Payments on COTS (CPoC) Standard during a 30-day request for comments (RFC) period from 22 July to 20 August. 

The RFC is available through the PCI SSC portal, including instructions on how to access the document and submit feedback. PCI SSC will review all feedback received, and the name of the organization, its comments and how PCI SSC is addressing the feedback will be posted in the PCI SSC portal for all RFC participants to view. For additional information on how this process works, refer to the RFC Process Guide.  

Background on the PCI Contactless Payments on COTS(CPoC)Standard 

With a growing number of merchants now using smartphones and other commercial off-the-shelf (COTS) mobile devices, PCI SSC is expanding its support for  mobile payment acceptance to develop new standards that leverage security techniques to provide proactive controls for managing threats and protecting data.  

The PCI Contactless Payments on COTS (CPoC) Standard provides security requirements for solutions that enable contactless, or “tap and go”, transactions on merchant COTS devices.  

The CPoC Standard includes: 

. Specific criteria for solution providers on how to protect payment data within their solutions;

. Test requirements for PCI-recognized Laboratories to assess solutions for validation and listing on the PCI SSC website through the supporting CPoC Program. 

The CPoC Standard is being developed with input from payment card industry stakeholders via the RFC process. This includes a dedicated RFC with the Mobile Task Force that took place in April 2019 and the current RFC with Participating Organizations, Qualified Security Assessors and PCI-recognized Laboratories. PCI SSC is targeting publication of the CPoC Standard by the end of 2019, with the CPoC Program to follow in 2020. 

Adauga comentariu

Cifra/Declaratia zilei

Gabriela Nistor – director general adjunct BT

Tendinţele pe care le-am remarcat înainte de începerea pandemiei s-au accelerat pe perioada stării de urgenţă. Am văzut acest lucru ca o oportunitate, un tipping point pentru bancă. Post-pandemie nu avem cum sa ne întoarcem la comportamentul financiar pe care îl aveam până în februarie a.c. Relaţia românilor cu online-ul s-a schimbat. In plus, cardul fizic se va dematerializa. Vom asista la o scădere a cererii pentru cardurile fizice, respectiv la o creştere a preferinţei pentru componenta digitală a acestora.”


In 23 septembrie 2019, BNR a anuntat infiintarea unui Fintech Innovation Hub pentru a sustine inovatia in domeniul serviciilor financiare si de plata. In acest sens, care credeti ca ar trebui sa fie urmatorul pas al bancii centrale in 2020?