PCI Releases New Payment Standards for Mobile Devices

PCI standards, standards, regulations and compliance

PCI MPoC is expected to work together with the dedicated payment terminal standard

Akshay Asokan (asokan_akshaya) •
November 18, 2022

PCI releases new payment standards for mobile devices
Image: Shutterstock

Payment card security group PCI Security Standards Council has a new standard that aims to enable commercial devices to support multiple payment inputs, including contactless cards and cardholder verification methods.

See also: Live Webinar | How to achieve your zero-trust goals with advanced endpoint strategies

The standard allows a single device to process the contactless card data and the PIN entered by the consumer.

Consumers around the world are increasingly using contactless payment methods, and Aite-Novarica estimates a global growth of 37.8% between 2020 and 2021. Forrester, in its annual research for the National Retail Foundation, found that most US merchants already accept Apple Pay. and PayPal.

Also Read :  VIDEO: When Tennis Legend Andre Agassi Surprised Everyone by Doing a Sitcom Cameo and Asking Hollywood Actress Christie Brinkley to Put Her Hands in His Trouser Pocket

The new standard – officially called PCI Mobile Payment on COTS, or MPoC – targets payment software vendors and service providers whose solutions range from applications used to accept user account data to software used to authenticate and monitor back-end payment data . .

“This was done in direct response to feedback we heard from our community,” said Andrew Jamieson, PCI SSC’s vice president of solution standards. “The PCI MPoC standard allows both contactless card data and PINs to be entered into a single COTS device for the same transaction, and supports the use of external card readers if desired.”

Also Read :  Industry players push for regenerative aesthetic with new technology — Features — The Guardian Nigeria News – Nigeria and World News

The new standard is quite different from the board’s previous, separate standards for PIN entry devices and contactless payment devices, Jamieson said in an email to Information Security Media Group. “The ‘operational’ aspects are decoupled from the ‘development’ aspects, allowing for future flexibility in designing and creating solutions,” he wrote. He said the standard supports software development kits to build mobile payment applications, and allows you to build a single application from multiple software development kits.

“The market was looking for greater flexibility, the ability to tailor solutions to fit smaller market niches, and the goal was for large deployments.”

Some retailers have responded to the rise in consumer demand for contactless payments by using devices not specifically designed to process payments. The standard takes that into account, as well as the different threat models posed by different payment solutions, Jamieson said. However, the standards will not completely drive dedicated payment terminals out of the market, he predicted.

Also Read :  James Gunn Wonders Why Everything Has to Be About Sex on the Internet As Fans Go Livid Over ‘She-Hulk’ Beating ‘the Boys’ and ‘Peacemaker’

General-purpose devices cannot provide physical security, which means “these devices still have a place in situations where an MPoC solution may not be the best fit,” he said.

“Just as physical payment cards have not been replaced by Apple Pay or Android Pay, I expect the use of phones or tablets to accept payments to co-exist with dedicated payment terminals.”


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button