The PCI Security Standards Council has published a flexible modular standard for accepting payments on a smartphone or other commercial off-the-shelf (COTS) mobile device that supports a variety of payment acceptance channels and customer verification methods including software point-of-sale (sPOS) contactless acceptance solutions.

The PCI Mobile Payments on COTS (MPoC) standard incorporates elements of the existing PCI Software-based PIN entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) standards but also “aims to provide flexibility not only in how payments are accepted, but in how COTS-based payment acceptance solutions can be developed, deployed and maintained” in order to extend the range of authorised use cases and solution architectures.

“Many of the requirements within the standard will be familiar to those who were already working with the existing PCI SPoC and PCI CPoC standards; however, MPoC is structured to provide a separation of the ‘technical’ or ‘development’ aspects from the ‘operational’ aspects,” the PCI says.

“This allows for MPoC to add flexibility by creating the ability to address market needs which may otherwise have been infeasible under existing PCI SPoC or PCI CPoC programs.

“Vendors of card-present payment acceptance technologies and solutions will be interested in the PCI MPoC standard as it may provide new types of solutions for them to address in their markets.

“Similarly, entities who deploy or use terminals — acquirers and merchants — may be interested to see what controls are put into place to secure the technologies they may well be using next year and into the future.”

The PCI MPoC standard is available now with a programme guide due to be published “in the coming months”.

“The official release of the MPoC standard is a great opportunity for the payment acceptance industry. The merchants are going to accept card present payment transactions from any amount using an off-the-shelf contactless device, without being limited in volumes,” Dejamobile CTO Ahmad Saif told NFCW.

“New use cases are allowed such as online PIN and offline transactions. Moreover, MPoC introduces a modular approach where individual components can be certified. This paves the way to a lighter integration work and a shortened time-to-market for the products.

“We are proud to have contributed to this specification as an active member of the Mobile Task Force of PCI SSC. More particularly, as a leading SoftPOS solution provider, we are looking forward to further supporting the development of this innovative technology worldwide.”

The PCI published its SPoC standard in January 2018 and its CPoC standard in December 2019.