The security of mobile payments is constantly evolving. With the publication of version 1.1 of the PCI Mobile Payments on COTS (MPoC) standard, the PCI Security Standards Council (PCI SSC) is setting new benchmarks in the acceptance and development of mobile payment solutions.
What is the MPoC standard?
The PCI MPoC standard addresses security requirements for solutions that enable merchants to accept payments – whether by PIN entry or contactless – via commercially available mobile devices (COTS devices) such as smartphones or tablets. The MPoC thus integrates the existing SPoC (software-based PIN entry) and CPoC (contactless payments on COTS) standards into a flexible, modular structure.
Version 1.1 of the standard now offers additional adaptations that are primarily tailored to the needs of retailers, developers and providers.
The most important new features in version 1.1
- Increased flexibility in SDK integration
Developers are now allowed to integrate one MPoC SDK into another, making the development of complex but secure solutions much easier. - Changed security requirements
Version 1.1 removes the requirements for the validation of secure software and kernel functions, which reduces complexity for developers. At the same time, FIPS140-2 L2 HSMs (Hardware Security Modules) are now permitted in controlled environments, which opens up additional options for security implementations. - Optimized user-friendliness
Improved PIN entry defaults, including options for external PIN pads, increase acceptance and practicality for merchants. - Clarifications to security measures
The requirements for detecting and responding to compromised platforms have been clarified, which improves the security of mobile devices. In addition, RSA2048 encryption and technical fallback transactions have been classified as acceptable, allowing more flexibility in practical implementation. - Further developed self-tests
Providers benefit from simplified self-tests for the integration of MPoC SDKs.
The role of SRC in MPoC
SRC GmbH in Bonn supports companies in the approval phase and carries out assessments to ensure compliance with the PCI MPoC standard. With many years of experience in the field of mobile MPoC payment solutions and security standards, SRC offers a sound basis for guiding companies through the complex approval process.
Conclusion: security meets flexibility
Version 1.1 of the PCI MPoC standard brings decisive progress for the industry. SRC GmbH supports providers and developers in implementing secure, future-proof payment solutions in accordance with the requirements of the PCI SSC. For more information about our services in the area of approval support and assessment, please do not hesitate to contact us.
Interested in working with us?
Contact us and let’s work together on innovative solutions for mobile payments.