Why was MPoC so expected ?
Since its release last November, MPoC has generated lots of enthusiasm and questioning from all payment industry stakeholders, as it drives a major step towards unifying security requirements for contactless payment on COTS.
The modularity of the specification facilitates the entrance of new actors and the collaboration between complementary payment and security players, with the objective of maintaining high-performance security levels.
The first objective targeted by PCI SSC with the publication of MPoC, is to provide a common specification reflecting the multiple configuration possibilities for contactless payments on commercial off-the-shelf devices.
Indeed MPoC gathers many requirements from CPoC and SPoC, respectively defining the security requirements for contactless transactions on mobile devices (not supporting PIN entry), and the security of sensitive cardholder data during PIN entry on COTS (using peripheral device to read cards).
Hence MPoC answers to the needs of payment solution providers to develop efficient protection mechanisms to secure payment card transactions operated on smartphones or tablets with PIN entry support.
The modular approach introduced in the MPoC security requirements facilitates the implementation choices for payment solution providers, focusing on the reach of security objectives rather than the process used to secure data.
The requirements are divided into 5 modules, enabling stakeholders to evaluate all or parts of a SoftPOS solution according to what they want to provide on the market.
This flexibility enables collaboration between several experts and innovators in the payment industry who can rely on each other’s expertise to build a convenient, and overall secure payment solution.
Now that MPoC is live, SoftPOS solution providers shall redefine their strategies to certify their products with international payment standards and evaluate the security of their solution with PCI MPoC accordingly.
It is reasonable to think that the pilot phase shall come to an end at the end of 2023, and that SoftPOS solutions will find their place in the payment market.