Press Release

Payment Card Industry Security Standards Council Welcomes Riscure as PCI Recognized Laboratory

Riscure B.V. Joins Global Group of PCI Recognized Labs to Provide Device and SolutionTesting to Validate Compliance to the PCI PIN Transaction Security (PTS), SPoC and CPoC Requirements

DELFT, The Netherlands, 01 April 2020 – The PCI Security Standards Council (PCI SSC) and Riscure B.V. (Riscure), have announced today that Riscure is now a PCI recognized laboratory approved to conduct security evaluations of payment acceptance devices.

Riscure joins a select group of labs globally that test and validate that payment devices meet the PCI Personal Identification Number (PIN) Transaction Security (PTS) requirements for protecting cardholder data. PCI PTS requirements are used around the world by device manufacturers for building secure equipment used in connection with accepting and processing payment card data. PCI approved devices, which include in-store terminals, secure card readers, hardware security modules (HSMs) and mobile payment devices, are listed on the PCI SSC website to help businesses choose technologies that are verified to protect their customers’ payment information.

Riscure can now offer security evaluation services to support solution providers to achieve their PIN transaction security (PTS), software-based PIN Entry on commercial-of-the-shelf (SPoC), and Contactless Payments on commercial-of-the-shelf (CPoC) solution certifications. Riscure expects that the introduction of new technologies that rely on mobile COTS devices will provide a major positive impact on the industry.

Mobile and contactless payments are highly popular and the use of COTS smartphones to accept contactless payments has shown very strong market interest enabling small and medium merchants to transition from cash to card-based transactions in a cost-effective manner. PCI SSC defines the standards for using COTS smartphones for SPoC, which still requires a dongle – the Secure Card Reader PIN (SCRP) – that interacts with the payment card.

The most recent standard from PCI SSC, CPoC, transforms COTS smartphones into acceptance devices, though PIN Entry is not supported yet. In other words, this PCI SSC standard is beneficial for low-value transactions, below the Consumer Device Cardholder Verification Method (CDCVM) limit.

“I am pleased to welcome Riscure to this group of globally recognized labs,” said PCI SSC Executive Director Lance Johnson. “Payments industry participation and input plays a key role in our efforts to evolve PCI Standards to support and align with changes in payments and technology. Riscure is joining a group of experts that we rely on to help us secure solutions through robust security evaluations and also improve our knowledge of new areas and requirements.”

Marc Witteman, CEO at Riscure, commented: “With the accreditation of Riscure by PCI as a recognized Security Lab, Riscure now offers a complete package of PCI SPoC and CPoC services for the Mobile Payment industry and enables our customers to achieve multiple certifications at once for their Tap-To-Phone or CPoC solutions. At Riscure we are passionate about mobile security, and our extensive expertise in the field puts us in the best position to support our customers in their secure development and certification processes. Therefore, working with Riscure becomes even more time and cost-effective.”

PCI SSC SVP, Operating Officer Mauro Lance added, “The Council is committed to delivering the highest quality in its certification programs, and we’re confident that Riscure will help us continue delivering robust security testing for PTS devices, and SPoC and CPoC solutions.”

PCI validated PTS devices are listed on the PCI SSC website at:

PCI recognized laboratories are listed on the PCI SSC website at:

About the PCI Security Standards Council

The PCI Security Standards Council is a global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Connect with the PCI Council on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

About Riscure

Riscure is a leading vendor of security tools and training for edge devices. Our tooling helps global technology leaders to build robust hardware and software solutions. Riscure security analysts bring top-notch security expertise to development teams and aim to run no-pain certification projects. Built on a wealth of security research and extensive practical experience, Riscure is well recognized for its technical leadership. If you are interested in evaluating your payment solution with Riscure, feel free to get in touch with us via