Strengthen contactless payment security on consumer devices
The need for payment terminals at the point of sale (POS) has always limited the acceptance of card-based payments. These terminals read the card details and accept the customer’s PIN. Many modern smartphones and tablets contain the card-reading hardware and security features necessary for payment acceptance. With the addition of a payment application, a smartphone can serve as a payment terminal.
Many benefits accompany this change, including faster merchant onboarding, improved integration with merchant systems and reduced operational costs. However, securing payment in this environment can prove quite complex as commercial off-the-shelf (COTS) devices lack the physical and hardware security common in traditional POS systems.
Interoperability, security and user experience are all important aspects of a SoftPOS system. Specific standards and specifications have been developed with associated compliance programs. Designing, developing and testing SoftPOS systems entails many challenges.
Our trusted payment expertise can help you overcome these challenges. We can help you understand and meet the complex security requirements involved in enabling payments on COTS devices.
Expert end-to-end payment advisory services
Our independent advisory services for payments provide you with expert, personalized guidance and support for your payment needs. We can help accelerate product development, support security and sustainability, and effectively manage regulatory compliance to access new markets. Whether it’s a third-party validation of your current work or an added level of expert advisement, we bring two decades of experience to every project we work on.
Our comprehensive global approaches include:
- Training and workshops
- Strategy and road-mapping
- Vendor selection
- Gap analysis
- Documentation review and update
- Business and technical requirements definition
- Strategic business and technical advisory
Helping you achieve PCI compliance with our comprehensive support
Although using commoditized hardware for payments may seem like a great idea for your business, it may not be that simple. The security requirements governing these systems are not trivial, and the user interface or card acceptance process isn’t always ideal, given the nature of the devices used.
Understanding the potential functional and security issues prior to implementation often plays a vital part in the success of the implementation. Depending on your role in the payment ecosystem, you may also need to comply with more than one payment card industry (PCI) program.
Many systems handling payments require PCI compliance. PCI released the Mobile Payments on COTS (MPoC) security requirements and approval program in Q4 2022, designed specifically for SoftPOS systems. UL Solutions offers testing against the MPOC requirements, including support during the full process.
Along with PCI MPoC certifications, we offer:
- Functional testing (EMV Protected Cardholder Data (PCD) Level 1 and Level 2 compliance)
- Payment network security evaluations
- PCI CPoC and SPoC certifications
- PCI Data Security Standard (DSS) services
- PCI Software Security Framework evaluations
- PCI PIN assessments
- PCI PIN Transaction Security (PTS) evaluations
“PAX is glad to have UL Solutions as our trusted partner, as always, providing creative solutions to the market. PAX’s solution has successfully become a listed CPoC solution on the PCI website.”