Are you ready to unleash Tap to Phone across the whole mobile application ecosystem and all of its customer experiences?
Felix, the only company in North America that offers 100% cloud kernel payment acceptance, has now started PCI MPoC certification. We are positioned to be one of the first payment acceptance companies to go to market with MPoC-certified products, including Felix Terminal and Felix Cloud.
What is the MPoC standard?
The latest generation of PCI security standards for Mobile Payments on COTS (commercial off-the-shelf) devices is called MPoC – a new security standard developed by the PCI Security Standards Council.
It paves the way for businesses to use consumer-grade smartphones and tablets as compliant and secure contactless payment terminals – without the need for any external card reading or specialized PIN entry devices.
MPoC solutions leverage the internal NFC reader to accept ‘Tap to Phone’ payments and allow for secure PIN entry via the mobile device’s touch screen.
PCI MPoC standard released
As the adoption of mobile payment acceptance continues to gather momentum, the Payment Card Industry (PCI) Council has released PCI MPoC – “Mobile Payments on COTS (commercial off-the-shelf) devices”.
The PCI council released the new standard in November 2022.
Evolving PCI standards for mobile payments
While PCI standards already exist for contactless payment acceptance and PIN entry on mobile devices, namely CPoC and SPoC respectively, MPoC is the first PCI standard to permit both contactless payment acceptance and PIN-based verification measures to be certified together in a single unified solution.
The MPoC standard integrates many of the previous requirements from CPoC and SPoC into a single standard, allowing a smartphone or tablet phone to operate as a full-fledged payment terminal – a major milestone in the evolution of mobile payments.
Up until now the only products that allow for both contactless and PIN-based acceptance on a mobile device have been released under a pilot framework coordinated by the card brands. A formal release from PCI opens huge potential for expanding of mobile payment acceptance adoption across the payment industry ecosystem.
The table below summarises existing PCI standards for mobile payment acceptance and how they have evolved.
PCI Standard | Released | High-level scope |
SPoC | April 2018 | Allows for PIN-based payment verification to be handled on the touch screen of a consumer-grade mobile device. SPoC was designed for solutions in which there is a separate card reading device to handle the NFC interaction for contactless payments. |
CPoC | December 2019 | Allows for contactless payments to be received and processed on a consumer-grade mobile device, but does not include the capability for PIN cardholder verification methods (ie Tap only). |
MPoC | November 2022 | Integrates SPoC and CPoC into a single unified standard to allow for both contactless and PIN-based payment acceptance on consumer mobile devices. |
Key highlights of the new PCI standard
MPoC pushes the ‘Tap to Phone’ payments landscape beyond the card brand pilot framework and in turn introduces some important elements that make it favorable for software vendors, integrators, merchants, and the wider payment industry ecosystem. Key highlights of the MPoC standard include:
- Support both contactless (tap) and PIN-based payment acceptance for secure, fast, high-value mobile payment acceptance, without the need for added hardware (say goodbye to dongles).
- Newly added support for offline transactions, such that transactions can be processed in offline mode (previously not supported under card brand pilot initiatives).
- Option for Software Development Kit (SDK) certification, whereby an integrator can build their own mobile payment app by integrating an approved third-party SDK.
- The ability for providers to certify different components, such that they can release specialized SDKs for modularized functionality, such as attestation and monitoring.
- An overall reduction in the number of requirements and a less prescriptive approach to testing in which solution providers are evaluated against security objectives rather than detailed and prescribed implementation requirements.
The future of payment acceptance
As the payment industry switches gears to focus on the new MPoC standard, in years to come we can expect to see a more wholesale adoption of Tap to Phone technology and a radical shift in consumer psychology and our understanding of how payments are processed.
The inclusion of SDK optionality allows for flexible developer integration across various operating systems, environments, and use cases, thereby releasing the creative potential for Tap to Phone innovations, not just at the point of sale, but across the broader mobile application ecosystem and all its experiences.
Provisioning for PIN on mobile translates into higher value payments and delivers increased fraud prevention capabilities for those looking to leverage consumer mobile devices for payment acceptance. The use of card-present authentication methods in mobile apps is a potential game changer when considering that it’s now possible to integrate such measures on consumer devices without proprietary hardware.
Revolutionize Your Business with Tap to Phone
Tap to Phone, legitimized by MPoC, provides huge cost savings, unshackling the payment industry from its dependencies on proprietary hardware – providing benefits to businesses of all sizes, in both developed and developing world economies.
Felix is proud to be working as a key contributor to this growing shift and is working closely with card brands to push the boundaries for what is possible in payments.
“Drop the dongle, power the PIN, with Tap to Phone”. Watch this space!
Article updated on December 13, 2022