Expert solutions to support contactless payment security
The acceptance of card-based payments has always been limited by the need for payment terminals at the point of sale. These terminals were required to read the card details and accept the customer's PIN entry, but the industry is innovating beyond the reliance on dedicated payment terminals to accept payments with a standard phone or tablet.
Several standards and specifications, collectively referred to as Tap on Phone and SoftPOS, now exist in the payment ecosystem to enable commercial off-the-shelf (COTS) devices to act as contactless payment terminals. This new technology will allow mobile devices and smartphones to become point of sale (POS) systems. Although many benefits accompany this change, including instant merchant on-boarding, mobile payment acceptance and reduction in operational costs, securing a payment in this environment can be quite complex as COTS devices lack the physical and hardware security that is common in traditional POS systems.
UL’s trusted payment expertise can help you overcome these challenges. Our payment security experts help you understand and comply with the complex security requirements involved in enabling payments on COTS devices.
Helping you achieve PCI compliance with our comprehensive support
Although the use of commoditized hardware for payments may seem like a great idea for your business, it may not be that simple. The built-in security requirements governing these systems are not trivial, and the user interface or card acceptance process is not always ideal given the nature of the devices used.
Understanding the potential functional issues as well as the security issues prior to implementation is often vital to the success of the implementation. Depending on your role in the payment ecosystem, you may also need to comply to more than one PCI program.
Both Software PIN on COTS (SPoC) and Contactless on COTS, recent standards supported by PCI and the card brands, help you move safely into the new payment ecosystem, and UL can guide you through the process. As the sole security industry expert offering the greatest number of Payment Card Industry (PCI) services globally, UL helps you simplify PCI compliance for a more cohesive risk management program. We are also the only Approved Application Scanning Validator (ASVV) and Consumer Electronic Clearing System Approved Evaluation Facility.
Along with PCI CPoC and SPoC certifications, we offer:
- Technical trainings and introductory workshops
- Vendor selection, knowledge support and project road mapping
- Functional testing (EMV PCD Level 1 and Level 2 Compliance)
- Pre-study and gap analysis
- Payment networks security evaluations