The up-to-date version 5.0 for PCI PTS POI was released 10 months ago.
Starting in September 2017, all new devices submitted to PCI PTS evaluation shall support the 5.0 requirements, leading to a greater level of security on the new POS systems.
There is a list of changes impacting the logical part of the PCI evaluation, that Alcinéo takes into account in its PCI PTS POI software solution. These evolutions concern the core logical module and the SRED module (Account Data Protection).
Devices must support firmware update functionality. The objective of PCI Standard Security Council is to enhance the protection of cardholders’ sensitive data.
Changes in the Security Requirements :
- section B & K : devices MUST support firmware updates
- section K : the requirement for Independent Security mechanisms (K1.2) has been removed
and additional guidances are mentioned to K 1.1 requirement
Changes in the Derived Test Requirements (defining the tests to be performed by laboratories) :
- B9: Random Number – updated guidance on Deterministic Random Bit Generator
- B20 : Updated to reflect additional required information to be included in the POI security policy
- D1 : penetration protection : eliminated 10 hours minimum for exploitation time
All the changes mentioned above were released in the document from PCI SSC : POI – Summary of Requirements Changes.
Alcinéo is already developing logical modules according the 5.0 version, to provide the increased level of security required, and comply with the logical evaluation scope.
We support our customers during the development of their products and help them pass PTS evaluation. Our solution is based on a modular software approach, including Secure Boot Loader, Key Manager, Crypto Engine, and Secure Manager.
You will find all the necessary documents, Security Requirements, Vendor Questionnaire and summary of changes between v4.1 and v5.0, in the document library on the PCI website :
In a Type Approval bulletin published last week, EMVCo announced a new validity period for EMV contact level 2 products.
All devices tested with 4.3f test plan version will now have a validity of 4 years. The LoA will be issued with this new validity period. Already approved products, with 4.3f version, will also receive a new LoA, mentioning the new validity period.
Find more information on EMVCo website.
Money 20/20 Europe, taking place in Copenhagen, June 26-28, is a “catalyst for the growth and development of the payments and financial services ecosystem”.
Money 20/20 is a key event for stakeholders who wish to participate in the evolving payment landscape. Alcinéo and Trustonic take an active part in this evolution by collaborating on a TEE solution, dedicated to secure mobile payments.
Alcinéo’s contactless kernels, embedded into the Trusted Executed Environment from Trustonic, offer a high level of security during contactless transactions on a smartphone or a tablet, hence providing a reliable alternative to traditional POS system.
Come and try this disruptive payment innovation dedicated to mobile payments on Trustonic booth : H18
Feel free to contact us and require more details : email@example.com.
Why maintenance is critical in the success of a product
Software maintenance is the appropriate modification of a software solution after delivery.
The objectives of a payment software’s maintenance are multiple… and should be taken really seriously to optimize software performance, and terminal life cycle.
Have a look at our latest newsletter here.
The latest issue of the Nilson Report mentions Alcinéo & IFPL partnership.
Thanks to this collaboration, the two companies have developed a unique PIN-on-screen solution, dedicated to on-board payments.
The Nilson Report’s publication is available here.
EMVCo has issued updated versions of the Administrative process documents for the submission of products to EMV type approval. ICS submission process has been changed.
Note that if changes are made in the ICS after EMVCo review :
- first ICS replacement is free of charge
- Subsequent replacements will be charged by EMVCo.
If a new ICS version is released before the begining of testing sessions, the latest version of ICS must be used and submitted to EMVCo for review.
Find more information and the full submission rules in the administrative process documents.
Current version of the contact ICS are available on EMVCo website or contact your Alcinéo representative to obtain them.
For more information feel free to contact us at : firstname.lastname@example.org.
Alcinéo’s mission is to meet customers’ expectations, in terms of performance, efficiency and support.
Beyond the fact that our objective is to help them to achieve type approval, we place great value on their opinion regarding Alcinéo’s products and services provided during the overall project duration.
We are therefore pursuing satisfaction campaigns with our customers. Through the results of the questionnaires, we can analyse their feedback and continuously enhance our services.
If you haven’t received your satisfaction survey, feel free to contact your Alcinéo representative.
Our solutions are at the core of payment, and our customers are at the core of our business.
What’s new in the air ?
Alcinéo and IFPL have strengthened their partnership to provide a unique solution for aircraft payment. The solution will be displayed at the next Aircraft Interior Expo held in Hamburg – April 4-6, 2017.
For more information about this secure PIN-on-glass innovation, read the article here
ISTQB® (International Software Testing Qualifications Board) is recognized internationally for the certification of competences in software testing.
Pre-validation of EMV payment solutions is a crucial stage in the development phase of an EMV capable terminal.
At Alcinéo, testing campaigns are performed by highly qualified validation engineers, who successfully achieved their ISTQB certification. Each kernel is internally tested against the most up-to-date specification version, before being delivered to our customers. Hence providing the best-in-class solution, ready to be submitted to Type Approval, either for contact or contactless capabilities.
ISTQB scheme is recognized internationally for the certification of competences in software testing. Alcinéo’s expertise and quality engagement is enhanced with the commitment and advanced skills of our collaborators.
Visit ISTQB foundation web site to have more information on software testers certifications.
contact us at : email@example.com
EMVCo has released an update of Contact Level 2 Type Approval documentation, effective from the 1st of March 2017.
From now on, EMV terminals submitted to Contact level 2 certification at an accredited laboratory shall be tested according the new version 4.3f of testing documents and processes (test plans, test cases, ICS, administrative process).
Keep in touch with your Alcinéo representative to obtain further details.
Visit EMVCo website to have access to all the related documents and processes.
Contact us @ : firstname.lastname@example.org