Enhancing Secure PIN Entry in MPoC with CYNTE WhiteShield’s Secure PIN Feature

Mobile Payments on COTS (MPoC) has revolutionized payment card industry standards by enabling software-based PIN entry on COTS devices like mobile phones, wearables, etc. This breakthrough, however, brings significant security challenges that solution providers must address to protect sensitive PIN data.

As the MPoC standard gains traction, merchants worldwide are expected to adopt SoftPOS solutions more widely. Achieving PCI certification, a crucial step for solution developers, demands compliance with stringent security requirements outlined by MPoC. This includes protecting cryptographic keys, resisting reverse engineering, and ensuring resistance against tampering of SoftPOS mobile applications.

Software-based PIN entry introduces security risks due to the inherent vulnerabilities in graphical user interfaces (GUIs) provided by operating systems. Traditional attack techniques, such as screen recording, activity hijacking, clickjacking, and tapjacking can compromise PIN data.

Malicious actors often employ tactics like tricking merchants into installing a malicious app on the COTS device. Once installed, the malicious app monitors the SoftPOS app’s activities and attempts to intercept sensitive information. Elevated device privileges, achieved through rooting (Android) or jailbreaking (iOS), open doors to more potent attacks, including side-channel attacks using device peripherals like gyroscopes or accelerometers.

WhiteShield’s Secure PIN is an essential add-on feature designed to address the security challenges posed by software-based PIN entry. This feature equips SoftPOS developers with a set of tools to implement a secure GUI-based PIN entry mechanism in Android applications.

Key Capabilities of WhiteShield’s Secure PIN:

Confidentiality: Secure PIN ensures that PIN digits, the entire PIN, and encryption keys remain confidential, preventing their exposure in clear text.

Advanced Key Management: The add-on feature fully supports advanced key management standards, including TR-31 and Derived Unique Key Per Transaction (DUKPT), ensuring alignment with payment industry standards.

As SoftPOS solutions become integral to the payments landscape, the security of PIN entry is paramount. WhiteShield’s Secure PIN feature not only mitigates common threats associated with software-based PIN entry but also assists developers in meeting the rigorous security standards set by MPoC. By prioritizing confidentiality and advanced key management, Secure PIN adds a layer of robust security to SoftPOS solutions, instilling confidence in merchants and consumers alike.