On November 16, 2022, the heavily anticipated Mobile Payments on Commercial Off-The-Shelf (MPoC) standard was released by the PCI Security Standards Council, building on their SPoC and CPoC standards. As a pioneer in the SoftPOS ecosystem, and namely being the first solution with PIN support and the first solution provider with Full SDK certification, Yazara aims to be the early adopter of PCI’s MPoC regulation.
We are now in the Dawn of a New Era
What is MPoC?
MPoC, which stands for Mobile Payments on COTS (Commercial Off-The-Shelf) devices, represents the latest generation of PCI security standards introduced by the PCI Security Standards Council.
This new standard enables businesses to transform ordinary consumer-grade smartphones and tablets into compliant and secure contactless payment terminals, eliminating the requirement for external card readers or specialized PIN entry devices.
With MPoC solutions, merchants can utilize the internal NFC reader of the mobile device to accept ‘Tap to Phone’ payments, providing a convenient and seamless payment experience for customers. Additionally, secure PIN entry is facilitated through the mobile device’s touch screen, ensuring the necessary security measures are in place for processing sensitive payment information.
Why MPoC is important?
The MPoC (Mobile Payment on COTS) standard is important for several reasons:
Consolidation of Standards: The MPoC standard combines aspects of two predecessor standards, streamlining and unifying the requirements for mobile payment acceptance solutions. This consolidation helps simplify the implementation and compliance processes for businesses and organizations involved in mobile payment processing.
Enhanced Security: By addressing and standardizing mobile payment acceptance solutions, the MPoC standard aims to enhance security measures in the mobile payment ecosystem. This is crucial to protect sensitive cardholder data and prevent potential fraud or data breaches.
Flexibility in Acceptance: The standard promotes increased flexibility across acceptance, allowing merchants and service providers to offer a wide range of mobile payment solutions. This flexibility caters to the diverse needs and preferences of both consumers and businesses.
COTS Device Compatibility: The standard targets Commercial Off-The-Shelf (COTS) devices such as smartphones and tablets. This emphasis on compatibility with widely available consumer devices allows for broader accessibility and adoption of mobile payment technologies.
Clarity on Scope: The regulation explicitly defines the scope of the standard, specifying that it applies to solutions using COTS devices for mobile payment acceptance. By doing so, it excludes solutions involving integration into other products or deployment in unattended environments, providing clarity and focus for those seeking compliance.
Overall, the MPoC standard plays a critical role in promoting secure and standardized mobile payment acceptance solutions while offering flexibility and accessibility to both businesses and consumers in the evolving digital payment landscape.
Types of entities involved
The standard defines three (3) types of entities involved: MPoC Solution Provider, MPoC Software Provider, and MPoC Attestation and Monitoring Service Provider. At Yazara we provide a comprehensive, end-to-end solution for our customers and we typically take on all three roles in our standard offering to our customers. In other words, we provide the software packaged as a solution, including the back-end attestation and monitoring capabilities. We are going to become an MPoC Software vendor and A&M Service provider. Customers will be able to view Yazara as “Using Listed MPoC Software and A&M Service”.
Impact of MPoC on the Yazara technology
At Yazara, we view MPoC as the gold-standard and one of the most exciting and impactful developments for contactless acceptance. As a modular standard that promotes flexibility for payment solution development, additional functionality can easily be integrated and brings together mobile application development and payment acceptance. The new standard will continue to support different integration formats and hosting solutions, allowing Yazara to provide customized offerings aligned with the go-to-market strategies of our clients and prospects. We will continue to provide options for SDK, white-label, and deep-link front-end integration that seamlessly ties into existing acquiring operations of our customers. At the same time, we will be able to provide different PCI-DSS certified hosting options to fulfill local regulations and client preferences. For maximum agility and speed to market, we can also support our customers with HSM hosting and L3 certifications. As you can see, our expectations with the new MPoC standard are very high, and we hope to continue leveraging our expertise and market traction to achieve increased levels of performance and value-added features without compromising our high security levels certified by PCI.
What is next for our clients and merchants?
By providing a SoftPOS solution certified with MPoC, we anticipate significant adoption of electronic payments and increased ubiquity for SMEs globally that are not able to accept contactless payments today. We also see larger merchants looking to supplement their existing POS infrastructure to address current pain points such as queue busting and other use cases, or to reduce costs and replace some or all of their existing POS devices with SoftPOS solutions. Likewise, the modularity will promote and accelerate the transition from SoftPOS to SmartPOS, as additional value-added services can easily be integrated into the solution beyond traditional payment acceptance and provide superior customer experiences.
We hope to be one of the first, if not the first, to achieve this milestone of being MPoC certified so we can continue to support our existing customers with best-of-breed solutions and provide state-of-the-art capabilities for our future customers going forward.