PCI SSC publishes new standard for mobile payment acceptance solutions - Help Net Security

The PCI Security Standards Council (PCI SSC) published a caller modular designed to enactment the improvement of mobile payment acceptance solutions.

PCI Mobile Payments connected COTS (MPoC) builds connected the existing PCI Software-based PIN Entry connected COTS (SPoC) and PCI Contactless Payments connected COTS (CPoC) Standards, which individually code information requirements for solutions that alteration merchants to judge cardholder PINs oregon contactless payments utilizing a smartphone oregon different commercialized off-the-shelf (COTS) mobile device. The PCI MPoC Standard aims to supply accrued flexibility not lone successful however payments are accepted, but successful however COTS-based outgo acceptance solutions tin beryllium developed, deployed, and maintained.

PCI MPoC is simply a new, flexible mobile modular and programme for outgo solution development. It provides a modular, objective-based, information modular that supports assorted types of outgo acceptance channels and user verification methods connected COTS devices. PCI MPoC combines galore of the aspects of the existing PCI SPoC and PCI CPoC standards, chiefly by including the introduction of some PIN and contactless cardholder information connected the aforesaid COTS device.

“As the outgo acceptance scenery continues to grow, merchants, vendors, and solution providers are seeking caller ways to judge and process payments,” said Emma Sutcliffe, SVP Standards Officer, PCI SSC. “The PCI MPoC Standard recognizes that determination are antithetic ways successful which a card-based outgo whitethorn beryllium accepted successful face-to face-environments done the usage of commercialized off-the-shelf (COTS) products, specified arsenic mobile phones and tablets.”

Many of the requirements wrong the modular volition beryllium acquainted to those who were already moving with the existing PCI SPoC and PCI CPoC standards; however, MPoC is structured to supply a separation of the ‘technical’ oregon ‘development’ aspects from the ‘operational’ aspects. This allows for MPoC to adhd flexibility by creating the quality to code marketplace needs which whitethorn different person been infeasible nether existing PCI SPoC oregon PCI CPoC programs.

“It’s hard to accidental what the aboriginal of payments volition be, but we cognize that payments can’t beryllium a one-size-fits-all. There volition proceed to beryllium a spot for dedicated outgo terminals, but progressively determination is simply a spot for different types of solutions arsenic well,” said Andrew Jamieson, Vice President Solutions, PCI SSC.

“At the Council, we privation to let for innovation, flexibility, and agility successful however our standards code these caller outgo acceptance methods. At the aforesaid time, this innovation needs to enactment a capable level of information that allows for the assurance successful these solutions that is required for their wide adoption. It is the extremity of MPoC to onslaught this balance.”

Vendors of paper contiguous outgo acceptance technologies and solutions volition beryllium funny successful the PCI MPoC modular arsenic it whitethorn supply caller types of solutions for them to code successful their markets. Similarly, entities who deploy oregon usage terminals – acquirers and merchants – whitethorn beryllium funny to spot what controls are enactment into spot to unafraid the technologies they whitethorn good beryllium utilizing adjacent twelvemonth and into the future.