PCI Releases New Payment Standards for Mobile Devices

Payment card security group PCI Security Standards Council has a new standard aimed at allowing commercial devices to support multiple payment inputs including contactless cards and methods of cardholder verification.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

The standard allows for a single device to process contactless card data and a consumer-entered PIN.

Consumers across the globe increasingly use contactless methods for payment, and Aite-Novarica estimates 37.8% global growth in such payments from 2020 to 2021. Forrester, in an annual study conducted for the National Retail Foundation, concluded that most U.S. merchants already accept Apple Pay and PayPal.

The new standard – its official name is PCI Mobile Payment on COTS, or MPoC – is aimed at payment software vendors and service providers whose solutions range from applications used for accepting users’ account data to software deployed for back-end payment data attestation and monitoring.

”This was done in direct response to the feedback we heard from our community,” said Andrew Jamieson, vice president of solution standards at PCI SSC. “The PCI MPoC standard allows for both contactless card data and PINs to be entered into the same COTS device, for the same transaction, as well as supporting the use of external card readers if those are desired.”

The new standard is quite different than the council’s previous, separate standards for PIN entry devices and contactless payment devices, Jamieson said in an email to Information Security Media…