PSA Certified scheme logo

SGS Brightsight is a PCI-recognised lab, qualified and approved by PCI SSC to perform SPoC, 3DS SDK and CpoC evaluations. SGS Brightsight has a proven track record in software-based security evaluations, and helping our customers with mPOS, Host Card Emulation (HCE) and Trusted Execution Environment (TEE) solutions.


SGS Brightsight is a market leader in PCI PTS approvals, having completed more than 100 PCI-PTS V5.X security evaluations. Pin Transaction Security (PTS) devices enable merchants to capture payment card data and validate approval for a transaction. The Payment Card Industry (PCI) Security Standards Council validated the conformity of the PTS device with the PCI PTS standard. The PCI PTS Point of Interaction (POI) version 6 was released in June 2020. The world's first PCI PTS version 6.x was approved after a security evaluation completed by SGS Brightsight. 

Click here for an overview of approved PCI PTS devices


The PCI SPoC (Software-based Payment on COTS) programme was introduced in 2019. The PCI programme Software-based PIN Entry on COTS (SPoC), also known in the market as PIN on Mobile, enables merchants to accept true EMV-based transactions, both contact and contactless, with the option of PIN entry on COTS (commercial off-the-shelf) devices, such as smartphones and tablets. This makes it possible to accept high-value payments on cost-effective solutions, which are expected to be attractive to micro and small merchants.

In addition to the merchant’s mobile device, an SPoC solution requires an SRED-approved Secure Card Reader – PIN (SCRP) and a back-end system responsible for the overall security of the solution. The security of the PIN entry and processing on the COTS device must be secured with a dedicated, sophisticated PIN CVM application, while an inherent monitoring service should ensure that the functionality is only available if the authenticity, integrity and security status of the COTS device are ensured.

Contrary to the PTS POI programme, which covers the approval of single components, the PCI SpoC programme covers solution approval of all components of the solution. This includes the operational controls of the back office and processes to maintain the security of deployed implementations.


The PCI CPoC (PCI Contactless Payments on COTS) programme was introduced in 2019. The PCI CPoC standard provides security and test requirements for payment solutions that enable EMV-based contactless payment acceptance on merchant mobile devices (such as smartphones and tablets) using near-field communication (NFC). This makes it possible to accept low-value payments on cost-effective solutions, which are expected to be attractive to micro and small merchants.   

Click here for an overview of PCI CPoC solutions


3DS software development kits (3DS SDK) are embedded into merchant's mobile applications to facilitate cardholder authentication. 

Click here for an overview of PCI 3DS SDK solutions