The PCI Security Standards Council (PCI SSC) has published version 1.1 of the PCI Mobile Payments on COTS (MPoC) Standard, designed to support the evolution of mobile payment acceptance solutions. PCI MPoC builds on the existing PCI Software-based PIN entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) Standards, addressing security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments using a smartphone or other commercial off-the-shelf (COTS) mobile devices.
The PCI MPoC Standard version 1.1 provides increased flexibility in how payments are accepted and how COTS-based payment acceptance solutions can be developed, deployed, and maintained. Key updates in version 1.1 include:
- Removal of Secure Software and kernel functional validation requirements
- Allowance for one MPoC SDK to integrate another MPoC SDK
- Changes to some offline storage/security requirements
- Clarification of requirements around detection and response of compromised platforms
- Updates to PIN entry requirements – accessible PIN entry, PIN entry on external devices
- Updates to requirements in 1G-1.x (Security Guidance)
- Updates to self-testing requirements for MPoC SDK integration
- Non-isolating SDKs to allow for MPoC Application to manage secure channels
- Allowance for FIPS140-2 L2 HSMs (if implemented in controlled environments)
- Clarification of acceptability of RSA2048 and technical fallback transactions
- Other general changes throughout
The MPoC Standard provides a modular, objective-based security standard that supports various types of payment acceptance channels and consumer verification methods on COTS devices. It combines aspects of the existing PCI SPoC and PCI CPoC standards, allowing for the entry of both PIN and contactless cardholder data on the same COTS device. These new updates to the PCI MPoC Standard allow for new types of solutions to address the evolving needs of vendors, acquirers, and merchants.
The PCI MPoC Standard version 1.1 is now available in the PCI SSC Document Library.
