Ensuring your mobile POS terminals are PCI accredited is essential for maintaining trust and security in the payment market. Applus+ Laboratories provides the expertise and services necessary to achieve and maintain this accreditation efficiently.
PCI MPoC (Mobile Payment on Commercial Off-The-Shelf) is a standard that enables payment acceptance on commercial mobile devices, such as smartphones and tablets. This standard integrates the use cases from CPoC and SPoC standards. The new standard is designed to support both PIN and contactless cardholder data entry on the same device and adds support for offline transactions.
Similar to how EMVCo SBMP (Software-based Mobile Payment) is used to virtualize smart cards, PCI MPoC provides the framework for secure mobile payment solutions.
For detailed components and requirements, refer to the documentation available at the PCI Security Standards website.
Hereafter a summary on the MPoC documentation is shown:
Products already validated under the already in place PCI SPoC or PCI CPoC programs can be submitted for evaluation under the MPoC Program. If validated through a full evaluation, these products may be accepted by PCI SSC (Security Standard Council) and listed as MPoC products.
The security requirements outlined in the MPoC standard provide a framework to protect the confidentiality and integrity of sensitive payment information captured and processed in MPoC solutions. This framework is defined with security requirements, test requirements, and guidance for entities involved in the development, deployment, and operation of merchant operated mobile payment acceptance solutions that use COTS devices.
The main key features of PCI MPoC are the following:
The MPoC standard is required by several major payment systems to implement SoftPOS solutions. In the payment market, trust is paramount, and companies must ensure their systems remain secure to maintain this trust. So, how can they guarantee this reliability? The PCI MPoC certification standard is designed for this purpose, providing the best way to demonstrate that your product is trustworthy. This certification involves evaluating the SDK, APP, and A&M Services.
Additionally, certified products will be listed on the PCI website, where assessors, merchants, acquirers, and other interested parties can review Mobile Payments on COTS (MPoC) solutions.
Being listed is a good method to enter in this market that is growing exponentially; at the same time being MPOC accredited helps you to mitigate risks over a growing threat from cyber-attacks targeting business terminals.
In summary, all stakeholders who intend to work with the main payment schemes to sell mobile POS terminals are obliged to ensure their products are PCI accredited.
Applus+ Laboratories recommend some steps to perform quick and easy evaluations:
The document proof needed are:
Applus+ Laboratories offers extensive experience in mobile payment application security, from high expertise in products EMVCo SBMP (Software-based Mobile Payment) to the latest PCI MPoC standards.
Additionally, Common.SECC evaluation experience. Detailed evaluations based on the Software Payment POI Protection Profile version 1.2.
Leveraging our expertise in PCI PTS, EMVCo SBMP, and Common.SECC to perform quick and efficient evaluations. We can help you on the path to MPoC PCI compliance!
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.