2020, Legal information
Freemindtronic’s NFC hardware wallets with credit card management are PCI DSS compliant
Dec
Why Freemindtronic NFC hardware wallets with credit card management are PCI DSS compliant.
NFC hardware wallets with credit card management the patented nfc hardware wallet designed and developed by Freemindtronic SL Andorra has a secure manager function, with physical protection of the Bank Cards.
These are highly secure NFC devices for storing encrypted data in AES 256. They have a multi-factor access control and authentication system. These factors are set at the discretion of the user. They may be different for each credit card stored in the device. It is even possible to limit a data’s access to a geographical area.
This is a physical safe Gre reen Tech. Indeed, theNFC device works without a battery, since it recoverstheenergy via the NFC signal of the phone that serves as its terminal.
This allows it to always keep available stored data, for 40 years, without maintenance, without the need to be connected to an energy source.
These Hardware wallets are trying to combat the risk of contamination linked to COVID; indeed, they are used without contact via an NFC phone
These Hardware wallets are Air Gap 1. That is, they are physically isolated from any computer network. The data is stored encrypted only in the device’s non-volatile memory. They are physically accessible only by theuserand/or their administrators.
This Cold Wallet does not collect any personal data. It doesn’t use a remote server, cloud, or remote backup unit.
After authenticating the Cold Wallet user, he can automatically fill out the fields of a credit card to make hispayments online. This is a similar gesture to contactless payment, but to make online purchases. Beyond the risk of COVID contamination,they fight cybersecurity attacks, since theuserdoes not touch the computer keyboard. The data is transmitted from the device and encrypted to the computer system. The data displayed on the screen is offended, shielded froms ss s and prying systems indiscreet or malicious.
Thus, the user can make his purchases online on any computer system or phone without leaving any information of his bank cards. In fact, the user does not need to back up their bank card data in a computer system, in a phone, or in online shopping sites.
Who is affected by the PCI DSS standard?
The PCI standard is dedicated to the data security of the payment card industry (PCIDSS). It is a set of security standards designed to ensure that all businesses that accept, process, store or transmit credit card information maintain a secure environment.2
The PCI DSS standard applies to any organization, regardless of the size or number of transactions, that accepts, transmits or stores cardholderdata.
It applies to all merchants who trade withbank cards. This also applies to merchants who do not store credit cards data but who have received credit or debit cards as a method of payment.
You can check out the PCI DSS standard on the www.pcisecuritystandards.org website(https://www.pcisecuritystandards.org/document_library).
Freemindtronic’s Cold Wallet NFC are not bank cards
These NFC devices are not bank cards. They are also not payment instruments frequently used for retail purchases. The definition of a bank card is defined in particular by the European Parliament and Council regulation of 29 April 2015 (EU) 2015/751. (https://eur-lex.europa.eu/legal-content/FR/TXT/HTML/?uri=CELEX:32015R0751&from=FR).
Similarly, these Cold Wallet NFC are not means of payment. These are NFC devices that allow you to fill in information fields of bank cards, in a secure way, to makepayments. This is made fromcomputersystems and connected phones (e.g. computer, smartphone, tablet), but whose transaction is necessarily carried out by existing means of payment, subject to the PCI DSS standard.
PCI DSS does not apply to Freemindtronic SL Cold Wallet NFC
For several reasons, Freemindtronic SL Cold Wallet NFC cannot be subject to all PCI DSS standards.
First, these Hardware wallets are not an organization, nor a trader.
Second, they donot have the functions of payment cards.
Third, they do not allow payment transactions to be carried out on a terminal. An electronic payment terminal is a device that allows a merchant to accept and process credit card payments. The device allows you to record the transaction, debiting the customer’s bank account and crediting the professional’s account with the amount of the sale. Nordoes it allow you to make money ata bank counter.
Finally, they are also not an electronic payment method (E-payment). Because electronic payment is a means of conducting commercial transactions for the exchange of goods or services over the Internet.
More information
These Hardware wallets have a control system that prohibits token of invalid bank cards.
In addition, the storage of credit card information does not include the PIN.
Physical protection of the bank card
These Hardware wallets effectively protect against the risk of fraudulent use of bank cards as a result of theft, loss or malicious persons. Simply physically erase the CCV from the credit card after backing up the information in the Cold Wallet.
Demo – tutorial:
- EviToken Technology https://youtu.be/Pb19wphQWok
- EviApha Technology: https://www.youtube.com/watch?v=rgGs5q1vx3s
Cybersécurité anti phishing
These Cold Wallet NFC also havecontrolsystems including intelligent self-connectionto an original website. The user always connects to the original sites where he automatically manages the favorites.
An associated plugin is compatible with many web browsers, Chromium, Chrome, Brave, Opera, Firefox, Edge. It has a HTTPS control system and exposure to phishing risks based on domainnames.
in short
Even if Freemindtronic’s Cold Wallet NFC is not affected by PCI DSS standards, these curity level, combined with that of bank cards and their uses, is greatly increased to limit the area of attack in the face of identity theft and fraudulent uses.
These Cold Wallet NFC are the most secure, highly secure, mobile storage units dedicatedto physical protection and security of the use of sensitive data such as the visible information of bank cards on connected media as well as their uses on the internet and intranet.
User Experience
These devices, available in credit card format, are usedas for contactless payment at merchants. Thanks to the simple and fast system of self-filling the information fields of bank cards,we have the same known sensations as those of contactless payment. It can therefore be said that itisCold Wallet NFC allowsattempt to make online payments without contact.
1 Air Gap : https://www.techopedia.com/definition/17037/air-gap Yes https://www.automation.com/en-us/articles/2011-2/scada-securitys-air-gap-fairy-tale
