Category Archives: News & Events

Interac : updated terminal specifications v1.5b

Updates on contactless functionalities

Interac, the Canada-based payment network has released the latest version 1.5b of the “Dual interface reader/terminal specifications for Interac Direct Payment and NFC based transactions”.

The document sets requirements to guide vendors and developers wishing to implement the IDP specifications for contact and contactless transactions at POS systems and ATM (for contact).

Additional functionalities are described in the contactless specification part, defining the process for contactless transactions between a terminal and a mobile device supporting Interac application.

The main changes refer to the mobile payment requirements, such as a “Mobile Passcode” CVM type, or the retained cardholder data functionality, or the limit of contactless taps parameter.

These updated functionalities allow merchants to accept easily contactless payment at their POS systems, using the Interac contactless application, whether their customers hold a credit card, or a smartphone.

Other international payment schemes also set a range of functionalities to allow contactless payments using multi-form factors which drives further adoption and usage of the tap&go move, such as dual interface cards, smartphones, or other form factors like rings and wristbands.

Visit Interac website to discover Interac products, offers and services.

Feel free to contact your Alcinéo representative to obtain further information on our Interac contactless kernel, and on the range of software solutions and services for payment terminal security and interoperability.

*******************************************

Upcoming event : Trustech

Contact us at info@alcineo.com to arrange a meeting during the 3 days event in Cannes, November 28 – 30

 

TRUSTECH – Cannes – 28-30 Nov

Alcinéo will attend Trustech.

The show gathers experts of the worldwide payment sphere. As a trusted EMV software solution maker Alcinéo will present the secure software suite that will suit your needs.

Contact us at info@alcineo.com to arrange a meeting.

Meet us on our booth C010 at Lerins level to share our vision of payments.

For more information about the show, visit the website : Trustech-event 

 

Partnership with Design Shift for ultimate data protection

An Alliance between Software and Hardware to strengthen security levels

Design SHIFT, building digital security, and Alcineo today announced their partnership delivering protection of critical data based on a secure hardware platform and software data encryption with a remote key management system.

Read more

Visit Design Shift website : www.design-shift.com

Design Shift logo

EMV transactions at automated fuel dispensers

The challenges of securing electronic payments at automated fuel dispensers.

Whereas data security is at the center of concerns in all sectors, electronic transactions at automated fuel dispensers are still exposed to skimming and fraudALX payment terminal for automated fuel dispensersulent attacks.

Alcinéo partnered with ALX Technologies to design a fully integrated payment terminal, dedicated to gas pumps. The white paper describes best practices to implement EMV technology at the pump and mitigate the risk of data theft.

 

 Read the paper here.

Visit ALX Technologies website

PCI PTS 5.0 – to become mandatory by September

The up-to-date version 5.0 for PCI PTS POI was released 10 months ago.

Starting in September 2017, all new devices submitted to PCI PTS evaluation shall support the 5.0 requirements, leading to a greater level of security on the new POS systems.

There is a list of changes impacting the logical part of the PCI evaluation, that Alcinéo takes into account in its PCI PTS POI software solution. These evolutions concern the core logical module and the SRED module (Account Data Protection).

Devices must support firmware update functionality. The objective of PCI Standard Security Council is to enhance the protection of cardholders’ sensitive data.

Changes in the Security Requirements :

  • section B & K  : devices MUST support firmware updates
  • section K : the requirement for Independent Security mechanisms (K1.2) has been removed
    and additional guidances are mentioned to K 1.1 requirement

Changes in the Derived Test Requirements (defining the tests to be performed by laboratories) :

  • B9: Random Number – updated guidance on Deterministic Random Bit Generator
  • B20 : Updated to reflect additional required information to be included in the POI security policy
  • D1 : penetration protection : eliminated 10 hours minimum for exploitation time

All the changes mentioned above were released in the document from PCI SSC : POI – Summary of Requirements Changes.

Alcinéo is already developing logical modules according the 5.0 version, to provide the increased level of security required, and comply with the logical evaluation scope.
We support our customers during the development of their products and help them pass PTS evaluation. Our solution is based on a modular software approach, including Secure Boot Loader, Key Manager, Crypto Engine, and Secure Manager.

You will find all the necessary documents, Security Requirements, Vendor Questionnaire and summary of changes between v4.1 and v5.0, in the document library on the PCI website : 
www.pcisecuritystandards.org

EMV level 2 LoA validity

In a Type Approval bulletin published last week, EMVCo announced a new validity period for EMV contact level 2 products. 

All devices tested with 4.3f test plan version will now have a validity of 4 years. The LoA will be issued with this new validity period. Already approved products, with 4.3f version, will also receive a new LoA, mentioning the new validity period.

Find more information on EMVCo website.

TEE solution for mobile payments showcased at Money 20/20

Money 20/20 Europe, taking place in Copenhagen, June 26-28, is a “catalyst for the growth and development of the payments and financial services ecosystem”.

Money 20/20 is a key event for stakeholders who wish to participate in the evolving payment landscape. Alcinéo and Trustonic take an active part in this evolution by collaborating on a TEE solution, dedicated to secure mobile payments.

Alcinéo’s contactless kernels, embedded into the Trusted Executed Environment from Trustonic, offer a high level of security during contactless transactions on a smartphone or a tablet, hence providing a reliable alternative to traditional POS system. 

Come and try this disruptive payment innovation dedicated to mobile payments on Trustonic booth : H18

Feel free to contact us and require more details : info@alcineo.com.

 

Newsletter Issue n°11 – Software maintenance

Why maintenance is critical in the success of a product

Software maintenance  is the appropriate modification of a software solution after delivery. 

The objectives of a payment software’s maintenance are multiple… and should be taken really seriously to optimize software performance, and terminal life cycle.  

Have a look at our latest newsletter here.

EMV contact level 2 ICS and administrative process updates

EMVCo has issued updated versions of the Administrative process documents for the submission of products to EMV type approval. ICS  submission process has been changed.

Note that if  changes are made in the ICS after EMVCo review :

  • first ICS replacement is free of charge
  • Subsequent replacements will be charged by EMVCo.

If a new ICS version is released before the begining of testing sessions, the latest version of ICS must be used and submitted to EMVCo for review.

Find more information and the full submission rules in the administrative process documents.

Current version of the contact  ICS are available on EMVCo website or contact your Alcinéo representative to obtain them.

For more information feel free to contact us at : info@alcineo.com.