PCI Releases New Payment Standards for Mobile Devices

PCI Standards, Standards, Regulations and Compliance

PCI MPoC is Expected to Work in Accordance with the Standard for Dedicated Payment Areas

Akshaya Asokan (asokan_akshaya) •
November 18, 2022

PCI Releases New Payment Standards for Mobile Devices
Photo: Shutterstock

The payment card security group PCI Security Standards Council has a new standard intended to allow commercial devices to support more payment inputs including contactless cards and cardholder authentication methods.

See also: Live Webinar | How to Meet Your Zero Reliance Goals with Advanced Endpoint Strategies

The standard allows a single device to process contactless card data and a PIN entered by the consumer.

Consumers around the world are increasingly using contactless payment methods, and Aite-Novarica estimates a 37.8% growth in such payments worldwide from 2020 to 2021. Forrester, in an annual survey conducted for the National Retail Foundation, concluded that most US retailers already accept Apple Pay. and PayPal.

Lire Aussi :  Indian mobile operators call on government to make OTTs pay for traffic

The new standard – its official name is PCI Mobile Payment on COTS, or MPoC – is aimed at payment software vendors and service providers whose solutions range from applications used to receive user account data to software deployed to authenticate and monitor payment data in the background. .

“This was done in direct response to the feedback we heard from our community,” said Andrew Jamieson, vice president of standards solutions at PCI SSC. “The PCI MPoC standard allows both contactless card data and PINs to be embedded in the same COTS device, with parallel functionality, and to support the use of external card readers if that is required.”

Lire Aussi :  Virtual Realty Exhibit Blends Art And Food At Miami Art Week 2022 – NBC 6 South Florida

The new standard differs significantly from the council’s previous, separate standards for PIN entry devices and contactless payment devices, Jamieson said in an email to Information Security Media Group. “The ‘operational’ aspects are separated from the ‘development’ aspects, allowing more flexibility in how solutions are developed and created,” he wrote. The standard supports software development tools to create mobile payment applications and allows a single application to be built with multiple software development kits, he said.

“The market was looking for increased flexibility, the ability to adapt solutions to fit smaller markets and to target larger applications.”

Some retailers have responded to consumers’ increasing demand for contactless payments by using devices that are not specifically designed for payment processing. The standard takes that into account, as well as the different threat models posed by different payment solutions, Jamieson said. Still, the standards won’t completely push dedicated payment terminals out of the market, he predicted.

Lire Aussi :  Russian mobile calls, internet seen deteriorating after Nokia, Ericsson leave

General-purpose devices can’t provide physical security, which means “there’s still a place for these devices in situations where an MPoC solution might not be the best fit,” he said.

“In the way that physical payment cards have not yet been replaced by Apple Pay or Android Pay, I expect that the use of phones or tablets to accept payments will be accompanied by dedicated payment terminals.”


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button