PCI Watch

Tracking changes across the Payment Card Industry

Document Comparison

SPoC_MSR_Annex-v1.0.pdf SPoC_MSR_Annex-v1.1.pdf
88% similar
27 → 26 Pages
7031 → 7010 Words
39 Content Changes

Content Changes

39 content changes. 29 administrative changes (dates, page numbers) hidden.

Added p. 4
Please note: All chip-based contact and contactless payment transactions must originate from the SCRP.
Added p. 6
Software-based PIN entry is not permitted for magnetic stripe read transactions.
Added p. 21
Evaluate and report as required in PCI PTS POI DTR K17.
Modified p. 4
The security and testing requirements described in SPoC Annex provide a framework for protecting the confidentiality and integrity of Account data1 captured and processed on a standalone MSR. The MSR works in combination with the existing elements of an SPoC Solution. Adding optional support to process magnetic stripe transactions allows merchants to use a single solution to accept payments.
The security and testing requirements described in SPoC Annex provide a framework for protecting the confidentiality and integrity of Account data1 captured using a permitted MSR. The MSR works in combination with the existing elements of an SPoC solution. Adding optional support to process magnetic stripe transactions with a magnetic stripe only reader allows merchants to use a single solution to accept payments where magnetic stripe acceptance is desired but the SCRP does not support magnetic stripe reader functionality.
Modified p. 4
To support and process transactions from the reading of magnetic-stripe cards, SPoC Solutions may support standalone MSRs, as long as the PIN is not allowed for such transactions. The MSR is an accessory to the SPoC Solution for payment acceptance, and not a substitute for the SCRP as it relates to producing surrogate PAN values or random seeds used by the PIN CVM Application.
To support and process transactions from the reading of magnetic-stripe cards, SPoC solutions may support either SCRPs that incorporate magnetic stripe reader functionality or standalone MSRs, as long as the PIN is not allowed for such transactions. The MSR is an optional accessory to the SPoC solution for payment acceptance and not a substitute for the SCRP.
Modified p. 5
Figure 1: Example of PIN CVM Solution Architecture with Optional MSR Support An MSR in an SPoC Solution has the following characteristics:
Figure 1: Example of PIN CVM Solution Architecture with Optional MSR Support An MSR in an SPoC solution has the following characteristics:
Modified p. 5
• The MSR connects and communicates securely with the PIN CVM Application.
• The MSR connects and communicates securely with the PIN CVM application.
Modified p. 5
• The MSR undergoes a security evaluation and approval, and it is referenced as part of the SPoC Solution.
• The MSR undergoes a security evaluation and approval, and it is referenced as part of the SPoC solution.
Modified p. 6
Note: A SPoC Lab must validate the MSR against specific requirements in Section 4, Non- PTS Approved MSR Security Requirements and Derived Test Requirements, which focuses on encryption of Account data on the device.
Note: An SPoC Lab must validate the standalone MSR against specific requirements in Section 4, Non-PTS Approved MSR Security Requirements and Derived Test Requirements, which focuses on encryption of Account data on the device.
Modified p. 6
When MSRs are used in SPoC Solutions, only the MSR devices included in the SPoC Solution listing can be used.
When MSRs are used in SPoC solutions, only the MSR devices included in the SPoC solution listing can be used.
Modified p. 6
To maintain the integrity of the SPoC Solution, the SCRP, which is a mandatory element of the SPoC Solution, must always be in position to communicate with the PIN CVM Application, even during the processing of data read by an MSR. All chip-based contact and contactless payment transactions must originate from the SCRP.
To maintain the integrity of the SPoC solution, the SCRP, which is a mandatory element of the SPoC solution, must always be in position to communicate with the PIN CVM Application, even during the processing of data read by an MSR.
Modified p. 7
Table 1 summarizes the options and the applicability of PCI SSC standards/programs to the supported MSRs allowed in an SPoC Solution.
Table 1 summarizes the options and the applicability of PCI SSC standards/programs to the supported MSRs allowed in an SPoC solution.
Modified p. 7
Table 1: Applicability of PCI SSC Standards/Programs to MSR 1.4 Audience The security and test requirements outlined in this document apply to entities who are developing SPoC Solutions that incorporate MSR functions and to PCI-recognized SPoC Laboratories.
Table 1: Applicability of PCI SSC Standards/Programs to Standalone MSR 1.5 Audience The security and test requirements outlined in this document apply to entities who are developing SPoC solutions that incorporate MSR functions and to PCI-recognized SPoC Laboratories.
Modified p. 8
Table 2: Glossary of Terms Term Definition SCR Abbreviation for Secure Card Reader. A physical card reader that has been assessed compliant to the PCI PTS POI device in SCR Approval Class and is listed on the PTS approval Website.
SCR Abbreviation for Secure Card Reader. A physical card reader that has been assessed compliant to the PCI PTS POI device in SCR Approval Class and is listed on the PTS approval Website.
Modified p. 8
MSR Abbreviation for Magnetic Stripe Reader. Magnetic Stripe Reader permitted in an SPoC Solution that either is listed as an approved PCI PTS POI device on the PCI SSC Approved Device website with a SCR Approval Class or is validated in accordance with the security requirements identified in this document and listed as part of The Solution. Also referred to as “Permitted MSR”.
MSR Abbreviation for Magnetic Stripe Reader. Magnetic Stripe Reader permitted in an SPoC solution that either is listed as an approved PCI PTS POI device on the PCI SSC Approved Device website with an SCR Approval Class, PCI PTS POI device on the PCI SSC Approved Device website with an SCRP Approval Class or is validated in accordance with the security requirements identified in this document and listed as part of The Solution. Also referred to as “Permitted MSR”.
Modified p. 8
Firmware Any code present in an MSR or an SCRP approval-class device is considered firmware and must be assessed and listed as part of the device approval.
Table 2: Glossary of Terms Term Definition Firmware Any code present in an MSR or an SCRP approval-class device is considered firmware and must be assessed and listed as part of the device approval.
Modified p. 9
• Approved PCI PTS device (approval class SCR)
• Approved PCI PTS device (approval class SCR or SCRP)
Modified p. 9
MSRs should encrypt Account data to prevent exposure within the PIN CVM Application and to ensure that Account data is securely transmitted to the back-end processing environment. The security of the encryption process within the MSR is expected to satisfy the encryption requirements in Section 4, Non-PTS Approved MSR Security Requirements and Derived Test Requirements..
MSRs should encrypt Account data to prevent exposure within the PIN CVM Application and to ensure that Account data is securely transmitted to the back-end processing environment. The security of the encryption process within the MSR is expected to satisfy the encryption requirements in Section 4, Non-PTS Approved MSR Security Requirements and Derived Test Requirements.
Modified p. 9
1.1.b For all approved PCI PTS devices, the tester must list and provide the PCI PTS approval number for each device and verify that the device is designed to operate in a single state, encrypting all Account data. Note: Report as required in SPoC Test Requirement TF1.1.
1.1.b For all approved PCI PTS devices, the tester must list and provide the PCI PTS approval number for each device and verify that the device is designed to operate in a single state, encrypting all Account data.
Modified p. 9
1.1.d The tester must verify that the MSR devices under review support only magnetic-stripe reading mechanisms.
1.1.d The tester must verify that the standalone MSR devices under review support only magnetic-stripe reading mechanisms.
Modified p. 9
1.2.a The tester must verify that the Account data is not available (or required for processing) in clear text outside the MSR. Note: Report as required in SPoC Test Requirement TB 3.1.
1.2.a The tester must verify that the Account data is not available (or required for processing) in clear text outside the MSR.
Modified p. 10
SCRPs support the reading of chip- based cards and payment devices, and provide security for the PIN CVM Application (seeding RNG, message signing). SCRPs are mandatory in the SPoC Solution. When an SCRP is unavailable, the Solution may optionally support MSR transaction processing. However, the Solution is required to detect that an SCRP is unavailable, and the Solution Provider should have a documented policy and a set of risk-based parameters to allow MSR transaction processing to continue in the absence …
SCRPs support the reading of chip- based cards and payment devices and provide security for the PIN CVM Application (seeding RNG, message signing). SCRPs are mandatory in the SPoC solution. When an SCRP is unavailable, the Solution may optionally support MSR transaction processing. However, the Solution is required to detect that an SCRP is unavailable, and the Solution Provider should have a documented policy and a set of risk-based parameters to allow MSR transaction processing to continue in the absence …
Modified p. 10
• Other mitigating controls implemented in the Back-end Monitoring Systems 2.1.b The tester must verify that the SPoC Solution allows for the physical connection or pairing of MSR devices in addition to and in conjunction with an SCRP.
• Other mitigating controls implemented in the Back-end Monitoring Systems 2.1.b The tester must verify that the SPoC solution allows for the physical connection or pairing of MSR devices in addition to and in conjunction with an SCRP.
Modified p. 10
The software-based PIN entry process should be protected from manipulation or subversion. Software-based PIN entry is allowed only for chip-based contact or contactless transactions and should not be entered when a magnetic stripe is read by an MSR that is permitted by the SPoC Solution.
The software-based PIN entry process should be protected from manipulation or subversion. Software-based PIN entry is allowed only for chip-based contact or contactless transactions and should not prompted for (i.e., PIN entry user interface should not be displayed to the cardholder) or be entered when a magnetic stripe is read by an MSR that is permitted by the SPoC solution.
Modified p. 10
2.2.b The tester must note any other transaction types supported by the PIN CVM Application, and for each type that does not involve a chip-based transaction, confirm that the software- based PIN entry is not supported or able to be performed. Note: Report as required in SPoC Test Requirement TB10.2.
2.2.b The tester must note any other transaction types supported by the PIN CVM Application, and for each type that does not involve a chip-based transaction, confirm that the software- based PIN entry is not supported or able to be performed.
Modified p. 11
• The monitoring system has signalled a tamper-detection event; or the PIN CVM Application is halted, loses focus, or otherwise is moved to background processing. Note: Report as required in SPoC Test Requirement TB7.
• The monitoring system has signalled a tamper-detection event; or the PIN CVM Application is halted, loses focus, or otherwise is moved to background processing.
Modified p. 11
To prevent correlation of the PIN entered on the COTS Device and Account data from the MSR, the PIN CVM Application should automatically clear its internal buffers (memory it controls). See additional guidance in SPoC Test Requirements TB7.
To prevent correlation of the PIN entered on the COTS Device and Account data from the MSR, the PIN CVM Application should automatically clear its internal buffers (memory it controls). See additional guidance in SPoC Test Requirements TB7.
Modified p. 11
2.4.a The tester must verify that the PIN CVM Application cannot modify or decrypt the Account data received from an MSR. Note: Report as required in SPoC Test Requirements TB3.4.
2.4.a The tester must verify that the PIN CVM Application cannot modify or decrypt the Account data received from an MSR.
Modified p. 11
The PIN CVM Application should not be able to decrypt the Account data encrypted by the MSR. Decryption of Account data can occur only in the PCI DSS-compliant back- end processing environment. See the SPoC Security Requirement 5.1 for additional guidance. 2.4.b The tester must verify that PIN CVM Application cannot disable encryption of the Account data. Note: Report as required in SPoC Test Requirements B5 and D2.
The PIN CVM Application should not be able to decrypt the Account data encrypted by the MSR. Decryption of Account data can occur only in the PCI DSS-compliant back- end processing environment. See the SPoC Security Requirement 5.1 for additional guidance.
Modified p. 11 → 12
2.5.a The tester must verify that the SPoC Solution supports only permitted MSRs. Note: Report as required in SPoC Test Requirement TR F1.
2.5.a The tester must verify that the SPoC solution supports only permitted MSRs.
Modified p. 11 → 12
Permitted MSRs provide a security baseline to protect Account data. The SPoC Solution supports MSRs that meet either of the following conditions:
Permitted MSRs provide a security baseline to protect Account data. The SPoC solution supports MSRs that meet either of the following conditions:
Modified p. 11 → 12
• Listed as an approved PCI PTS device on the PCI SSC Approved Device Website with an SCR Approval Class
• Listed as an approved PCI PTS device on the PCI SSC Approved Device Website with an SCR or SCRP Approval Class
Modified p. 12
2.6.a The tester must verify that mechanisms exist to uniquely identify the MSR. Note: Report as required in SPoC Test Requirement TD1.1-1.2.
2.6.a The tester must verify that mechanisms exist to uniquely identify the MSR.
Modified p. 12
Identification of the MSR can contribute to confirming the security status of the SPoC Solution when preparing to process a payment transaction. The physically connected or securely paired MSR should be uniquely identified by the Back-end Monitoring System or PIN CVM Application. For example, the PIN CVM Application or the Back-end Monitoring System could identify the connected MSR by determining a unique, verifiable identifier. MSR identification ensures that all communications come from a recognized MSR associated with the SPoC Solution,
Identification of the MSR can contribute to confirming the security status of the SPoC solution when preparing to process a payment transaction. The physically connected or securely paired MSR should be uniquely identified by the Back-end Monitoring System or PIN CVM Application. For example, the PIN CVM Application or the Back-end Monitoring System could identify the connected MSR by determining a unique, verifiable identifier. MSR identification ensures that all communications come from a recognized MSR associated with the SPoC solution,
Modified p. 12
2.6.b The tester must detail these identification mechanisms and the criteria used to validate their use. Note: Report as required in SPoC Test Requirements TC2.2-TC2.4.
2.6.b The tester must detail these identification mechanisms and the criteria used to validate their use.
Modified p. 13
This requirement ensures that all Account data is handled in a secure manner. The requirement allows for the encryption of Account data directly at the read head, or for Account data to be submitted to the controller of the MSR in clear text. This data is then communicated to the MSR controller where it is processed. The term “processed” includes, but is not limited to, Account data encryption and the selective disclosure of clear text Account data by the secure …
This requirement ensures that all Account data is handled in a secure manner. The requirement allows for the encryption of Account data directly at the read head, or for Account data to be submitted to the controller of the MSR in clear text. This data is then communicated to the MSR controller where it is processed. The term “processed” includes, but is not limited to, Account data encryption and the selective disclosure of clear text Account data by the secure …
Modified p. 14
All Account data should be encrypted using only ANSI X9 or ISO-approved encryption algorithms (such as, AES, TDES). The encryption algorithm should use a mode of operation described in ISO/IEC 10116:2006 (or equivalent), and follow secure padding guidelines. Any text encryption method that relies on non-standard modes of operation (such as, format-preserving Feistel-based Encryption Mode [FFX]) should be approved by at least one independent security evaluation organization or standards body. Such encryption methods should be subjected to independent expert review …
All Account data should be encrypted using only ANSI X9 or ISO-approved encryption algorithms (such as, AES, TDES). The encryption algorithm should use a mode of operation described in ISO/IEC 10116:2006 (or equivalent) and follow secure padding guidelines. Any text encryption method that relies on non-standard modes of operation (such as, format-preserving Feistel-based Encryption Mode [FFX]) should be approved by at least one independent security evaluation organization or standards body. Such encryption methods should be subjected to independent expert review …
Modified p. 21
Evaluate and report as required in PCI PTS POI DTR K17 TDES key components should be combined by either XORing of full-length key components or through implementation of a recognized secret- sharing scheme, such as Shamir. Private key components should be combined using a recognized secret-sharing scheme. Generating a check value for a key or key component should be done by a cryptographic process such that all portions of the key or key component are involved in generating the check …
TDES key components should be combined by either XORing of full-length key components or through implementation of a recognized secret- sharing scheme, such as Shamir. Private key components should be combined using a recognized secret-sharing scheme. Generating a check value for a key or key component should be done by a cryptographic process such that all portions of the key or key component are involved in generating the check value. Clear keys or clear-key parts should not be loaded using …
Removed p. 26
• SR 3.3 Type 1 Attestation and TR B5 Online Processing. While SCRPs must continue not to support magnetic-stripe read function, the SPoC Annex allows for the use of MSRs that meet the Annex requirements. One or more MSRs that meet the SPoC Annex requirements are allowed to be physically connected or paired and used with the PIN CVM Application. Other MSRs that are not approved as components of the SPoC Solution continue to be prohibited from physically connecting or pairing with the PIN CVM Application.

•One or more MSRs that meet the SPoC Annex requirements are allowed to be paired and used with the PIN CVM Application.

• TF 1.1 Secure Card Reader

•MSRs that meet the SPoC Annex requirements are a permitted method of entry for the Account data.

• Target of Evaluation

•Allows for the addition of one or more MSRs to the assets under this standard.

While some SPoC Solution testing and …