Scope
The PCI Security Standards Council released the new MPoC Standard on 16th November 2022, which builds on the existing SPoC and CPoC standards and is focused on providing increased flexibility for payment acceptance, as well as a way to develop, deploy and maintain COTS-based payment acceptance solutions. It does so, primarily, by including the entry of both PIN and contactless cardholder data on the same COTS device and by recognizing that there are different ways in which a card-based payments may be accepted in face-to-face environments using COTS products.
Timeline
At Yazara, we have prioritized our development efforts to complete all required development updates by the end of this calendar year. Likewise, we have reserved time with our certification lab vendor to immediately start the certification process upon completion of our development activities. We are looking to have our solution fully certified and ready for market launch during Q1 of 2023.
Our solutions are Visa Ready and Mastercard certified, and such approvals will remain intact. In addition to the PCI security requirements (MPoC), Visa and Mastercard will also certify other aspects of the solution, such as branding guidelines, operational compliance (L3), etc.
Please also note that Yazara have been provided an MPoC waiver by Visa and Mastercard (plus verbal from American Express and working to get the same from Discover) for our full SDK solution that eliminates the need for a Delta Security Evaluation, in addition to our existing CPoC certification. All existing projects that are currently approved, will be able to be renewed before March 31st, 2023, if required. In the case of new implementations (pilots, full solution) requiring a new approval by the schemes, the project should be approved before June 30, 2023, without any impact. In both cases, projects will be allowed for one year, and the expectation is to fully comply with MPoC requirements before the end of such period, including any additional security evaluations.
What this means to you
For our existing, live customers, nothing changes, and you continue benefiting from our CPoC certification, MPoC waiver and full SDK certification benefits. If the project waiver expires before March 2023, you will be allowed a renewal for one year. During this waiver period, we will work diligently to obtain MPoC certification (hopefully during Q1 2023) and then support you with the transition and security compliance of your solution to MPoC.
Call for action:
Customers currently in integration phase but have not completed Pilot program application: to complete before 31st of March with WL/SDK
Customers in integration phase and using old SDK: a) switch to our new SDK to avoid entering any further security evaluation or b) (not recommended but still an option) apply for delta security evaluation by June 30, 2023
Customers that have already signed a contract but have not initiated the Softpos project: to apply Pilot program to Visa/Mastercard by March 31, 2023.
For our potential customers, you will also benefit from all of our current certifications and waivers, but you will have to submit a new request for a project launch before June 30, 2023. Assuming you obtain a one-year approval, we will work to transition your program to be MPoC-compliant and support you with additional security compliance activities as necessary.
The moment Yazara obtains MPoC approval, any new project deployments or renewals will only need compliance with the MPoC standard, including possible security delta evaluations if an SDK option is utilized (no additional evaluations for white label options). This compliance will be verified during L3 certification, but additional involvement or approval from payment schemes is not expected.
We’re here to help you get started. Contact us and learn more about how we can work together. We will continue sharing with you the latest updates from Yazara. Stay tuned!