

A new standard was published by the council to support the evolution of mobile payment acceptance solutions.
The existing standards for PIN Entry on COTS and Contactless Payments on COTS address security requirements for solutions that enable merchants to accept card payments. Increased flexibility in how payments are accepted and how COTS-based payment acceptance solutions can be developed, deployed, and maintained is one of the aims of the PCI MPoC Standard.
The program for payment solution development is based on the new mobile standard. It provides a modular, objective-based, security standard that supports various types of payment acceptance channels. The entry of both PIN and card data on the same COTS device is one of the aspects of the new PCI MPoC standards.
Merchants, vendors, and solution providers are looking for new ways to accept and process payments as the payment acceptance landscape continues to grow. The use of commercial off-the-shelf (COTS) products, such as mobile phones and tablets, is one of the ways in which a card-based payment may be accepted in face to face environments.
Many of the requirements within the standard will be familiar to those who were already working with the existing standards; however, MPoC is structured to provide a separation of the technical andoperational aspects. This allows for MPoC to add flexibility by creating the ability to address market needs which may otherwise have been impractical under existing programs.
It’s hard to say what the future of payments will be, but we know that payments can’t be a one-size-fits-all. There will be a place for dedicated payment terminals, but more and more there is a place for other types of solutions as well.
The Council wants to allow for innovation, flexibility, and agility in how they address these new payment acceptance methods. This innovation needs to support a sufficient level of security that allows for the confidence in these solutions that is required for broad adoption. The goal of MPoC is to strike a balance.
Vendors of card present payment acceptance technologies and solutions will be interested in the new types of solutions that the standard may provide. Entities who deploy or use terminals may be interested to see what controls are put into place to secure the technologies they may well be using next year.
Shared responsibility model for cloud security
- mobile payment
- PCI SSC
- security standard