This result document serves as a template for a basic security design document that assumes typical security requirements required in the field of payment terminals. The target of evaluation (TOE) is the software installed in payment terminals, and the threats assumed by the TOE, security functions to counter threats, and the basis for their sufficiency are explained. Therefore, the publication of this result document has the impact of helping strengthen the security of payment terminals and confirming their security.

Result document publication page
Home page of Common.SECC, a British and German industry association related to payment terminals.

---

Abstract

This Software Payment POI Protection Profile follows a new method for card based payment transactions to be accepted by merchants. This new payment acceptance method utilizes CommercialOff -the-Shelf, (COTS) devices. Card Payment Schemes have introduced different acceptance methods to be implemented with COTS devices. This Software Payment POI Protection Profile provides for a modular approach to enable security evaluations for all of these acceptance methods.

---

Acknowledgments

This document is based on results obtained from a project, JPNP23013, commissioned by the NewEnergy and Industrial Technology Development Organization (NEDO).