Strengthen contactless payment security on consumer devices
The acceptance of card-based payments has always been limited by the need for payment terminals at the point of sale. These terminals were required to read the card details and accept the customer's PIN entry, but the industry is innovating beyond the reliance on dedicated payment terminals to accept payments with a standard phone or tablet.
Several standards and specifications, collectively referred to as Tap on Phone and SoftPOS, now exist in the payment ecosystem to enable commercial off-the-shelf (COTS) devices to act as contactless payment terminals.
This new technology will allow mobile devices and smartphones to become point of sale (POS) systems.
Although many benefits accompany this change, including instant merchant onboarding, mobile payment acceptance and reduction in operational costs, securing a payment in this environment can be quite complex as COTS devices lack the physical and hardware security that is common in traditional POS systems.
Our trusted payment expertise can help you overcome these challenges. We help you understand and meet the complex security requirements involved in enabling payments on COTS devices.
Expert end-to-end payment advisory services
Our independent advisory services for payments provide you with expert, personalized guidance and support for your payment needs. We help accelerate product development, support security, and sustainability, and effectively manage regulatory compliance to access new markets. Whether it’s a third-party validation of your current work or an added level of expert advisement, we bring two decades of experience to any project.
Our comprehensive global solutions include:
- Training and workshops
- Strategy and road-mapping
- Vendor selection
- Gap analysis
- Documentation review and update
- Business and technical requirements definition
- Strategic business and technical advisory
Helping you achieve PCI compliance with our comprehensive support
Although the use of commoditized hardware for payments may seem like a great idea for your business, it may not be that simple. The built-in security requirements governing these systems are not trivial, and the user interface or card acceptance process is not always ideal given the nature of the devices used.
Understanding the potential functional issues as well as the security issues prior to implementation is often vital to the success of the implementation. Depending on your role in the payment ecosystem, you may also need to comply with more than one PCI program.
Both Software PIN on COTS (SPoC) and Contactless Payments on COTS (CPoC), recent standards supported by PCI and the card brands, help you move safely into the new payment ecosystem, and UL Solutions can guide you through the process. UL Solutions helps you simplify PCI compliance for a more cohesive risk management program. We offer services as an Approved Application Scanning Validator (ASVV) and Consumer Electronic Clearing System Approved Evaluation Facility.
Along with PCI CPoC and SPoC certifications, we offer:
- Functional testing (EMV Protected Cardholder Data (PCD) Level 1 and Level 2 Compliance)
- Payment networks security evaluations
"PAX is glad to have UL Solutions as our trustful partner as always providing creative solutions to the market. PAX's solution has successfully become a listed CPoC solution on the PCI website.”