From 13 June to 15 July 2022, Participating Organizations, PCI-recognized Laboratories, PCI-recognized Assessors, and Approved Scanning Vendors are invited to review and provide feedback on the new Mobile Payments on COTS (MPoC) Standard during a 30-day request for comments (RFC) period.
The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Background on the New Mobile Payments on COTS (MPoC) Standard
The Council is currently developing a new mobile standard that will be designed to support the future evolution of mobile payments. The new standard builds on the existing PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) Standards which individually address the security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments, using a smartphone or other commercial off-the-shelf (COTS) mobile device. The working title of this new standard is Mobile Payments on COTS (MPoC).
The purpose of MPoC is to provide a modular, objective-based, security standard that will support various types of payment acceptance channels and consumer verification methods on COTS devices. The goal is to create a flexible mobile standard and program for payment solution development, allowing for both PIN entry and contactless payments through the COTS-native interfaces.
This is the second RFC for this new standard, which is planned for release towards the end of 2022.
Also on the blog: The Future of PCI SSC Mobile Standards