The PCI Security Standards Council (PCI SSC) has published a new standard designed to improve the security of mobile-based payments and facilitate compliance efforts.
The council, a multi-industry payment card group responsible for the ubiquitous PCI DSS standard, said the release recognizes the different security requirements for traditional and mobile payments.
Its new standard, Mobile Payments on COTS (MPoC), builds on existing standards that cover solutions that enable merchants to accept cardholder PINs or contactless payments via a smartphone or other commercial mobile (COTS) device. These standards are known as PCI Software-Based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC).
MPoC combines the two by including PIN and contactless entry on the same COTS device. It is designed to be a more flexible and modular standard that supports different types of payment acceptance channels and consumer verification methods on COTS devices.
“As the payment acceptance landscape continues to grow, merchants, vendors and solution providers are looking for new ways to accept and process payments,” said Emma Sutcliffe, PCI SSC SVP Standards Officer.
“The PCI MPoC standard recognizes that there are different ways in which a card payment can be accepted in face-to-face environments using COTS products such as mobile phones and tablets.”
Compliance with the standard should be relatively easy for those familiar with PCI SPoC and PCI CPoC, as many of the requirements are the same, the PCI SSC said.
MPoC was also designed to separate the “technical” or “development” elements from the “operational” elements, allowing the standard to evolve to address market needs more fluidly, he added.
This is often a criticism of standards in the technology and security space: they cannot keep up with the speed of innovation in the market.
The announcement will be of interest to both existing card acceptance technology providers and acquirers and merchants who purchase and implement the solutions.
“It’s hard to say what the future of payments will be, but we know that payments can’t be one-size-fits-all,” said Andrew Jamieson, vice president of solutions at the PCI SSC.
“At the council we want to enable innovation, flexibility and agility in the way our standards address these new methods of accepting payments. At the same time, this innovation must support a sufficient level of security that allows the confidence in these solutions necessary for their widespread adoption”.
Led by Google Pay and Apple Pay, the use of mobile wallets has increased during the pandemic, according to the US National Retail Federation (NRF).