PCI releases new payment standards for mobile devices | Techy Kings


PCI MPoC is expected to work alongside standard dedicated payment terminals

Akshaya Asokan (asokan_akshaya) •
in 2022 November 18

Image: Shutterstock

The payment card security group PCI Security Standards Council has a new standard that aims to allow commercial devices to support multiple payment inputs, including contactless cards and cardholder verification methods.

See also: Live Webinar | How to achieve zero-trust goals with advanced endpoint strategies

The standard allows one device to process contactless card data and the PIN code entered by the user.

Consumers around the world are increasingly using contactless payment methods, and Aite-Novarica estimates that from 2020 until 2021 worldwide, the number of such payments will increase by 37.8%. Forrester concluded in its annual National Retail Foundation survey that most U.S. merchants already accept Apple Pay. and PayPal.

The new standard — officially known as PCI Mobile Payment on COTS, or MPoC — targets payment software vendors and service providers whose solutions range from applications used to accept consumer account data to software used to validate and monitor payment data. .

“This was done in direct response to feedback we heard from our community,” said Andrew Jamieson, PCI SSC’s vice president of solution standards. “The PCI MPoC standard allows both contactless card data and PINs to be entered into the same COTS device in the same transaction, and supports the use of external card readers if needed.

The new standard is a complete departure from the council’s previous standards for stand-alone PIN entry devices and contactless payment devices, Jamieson said in an email. in a letter to the Information Security Media Group. “Operational” aspects have been separated from “developmental” aspects, allowing more flexibility in designing and building solutions,” he wrote. The standard supports SDKs for building mobile payment apps and allows you to build a single app from multiple SDKs, he said.

“The market has been looking for greater flexibility, the ability to tailor solutions to fit smaller market niches, as well as push for large deployments.”

Some retailers have responded to consumers’ increased demand for contactless payments by using devices that are not specifically designed to process payments. According to Jamieson, the standard takes this into account, as well as the different threat models posed by different payment solutions. However, the standards will not completely drive dedicated payment terminals out of the market, he predicted.

General-purpose devices can’t provide physical security, which means “there’s room for these devices in situations where an MPoC solution might not be the best fit,” he said.

“Just as physical payment cards have not been replaced by Apple Pay or Android Pay, I expect phones or tablets to accept payments alongside dedicated payment terminals.”


Source link