We are one of the first recognized PCI MPoC laboratories in the world and can offer all the services needed to efficiently develop and certify a solution. Our comprehensive security services can help you successfully access target markets with MPoC security compliant mobile payment solutions, enabling risk mitigation and limitless worldwide deployment.
What is MPoC?
In November 2022, PCI introduced its new Mobile Payments on COTS (commercial off-the-shelf) (MPoC) security standard for mobile devices such as smartphones and tablets. MPoC is the natural successor to PCI CPoC, PCI SPoC and the various ‘Tap to Phone with PIN’ pilot programs used by payment networks (Visa, Mastercard, etc.). ‘Tap to Phone with PIN’ pilot programs have been very successful but will be discontinued by the end of 2023 and so new solutions must now achieve PCI MPoC approval.
The MPoC standard was introduced to address the increasing popularity of mobile payments and the need for secure acceptance of cardholder PINs or contactless payments on non-traditional payment terminals. It allows merchants to use consumer-grade devices, like smartphones and tablets, equipped with approved payment acceptance software to process payment transactions. This standard includes requirements for secure software development, device management, tamper-resistant capabilities, and cryptographic controls to protect sensitive cardholder data during the payment process.
MPoC standard: what sets it apart?
The new MPoC standard combines three standards into one – PCI SPoC (Software-based PIN Entry on COTS), PCI CPoC (Contactless Payments on COTS) and ‘Tap to Phone’ pilot standards for payment networks. It is expected to stimulate developments and growth in software-based payment solution deployments by offering an industry-wide standard that can be adopted by associated international payment networks.
Limitless world-wide deployment is possible after achieving a PCI MPoC solution approval, and the PCI MPoC standard offers modularity and choice for supported functionality. While Tap to Phone, CPoC, and SPoC focus on specific payment functionalities (contactless, PIN entry), MPoC covers a broader scope of mobile payment acceptance. It supports various payment methods, including contactless payments, mobile wallets and other mobile-based payment solutions. This flexibility enables tailoring in line with market demands for Europay, Mastercard and Visa (EMV) card types (contact, contactless, magnetic stripe reader (MSR)) or with/without PIN, etc.
Whether you are a software developer, a software development kit (SDK) provider or a back-end provider in the payment ecosystem, compliance with the MPoC standard is crucial when delivering the highest level of security to your valued customers. By adhering to the PCI MPoC standard, developers and merchants can effectively mitigate associated risks, while maintaining compliance with industry regulations.
Start your MPoC journey with evaluation services from SGS Brightsight
As a PCI MPoC recognized laboratory, we offer comprehensive services tailored to your needs – from training to the final security evaluation. Our team of security experts can support you throughout all phases of the evaluation and certification process, enabling you fast-track time to market. We are experienced in the field of software-based payment solution evaluations, with a large number of developers achieving security approval (CPoC, SPoC, TTP) following our completion of a security evaluation.
Would you like to learn more about our PCI MPoC services? Contact our security experts today.