PCI Security Standards Council (PCI SSC) has introduced a third mobile payment standard for payment providers, the PCI Mobile Payments on COTS (MPoC) security protocol. 

The PCI Mobile Payments on COTS (MPoC) security protocol is designed to provide merchants with compliance support when accepting cardholder PINs and contactless payments through smartphones and other commercial off-the-shelf (COTS) mobile devices. 

Flexibility and security in payments are not the only areas that the PCI MPoC standard affects. It will also be used as a certification stamp for COTS-based payment acceptance solutions and their development, deployment and maintenance. 

“As the payment acceptance landscape continues to grow, merchants, vendors, and solution providers are seeking new ways to accept and process payments,” said Emma Sutcliffe, SVP Standards Officer at PCI SSC. “The PCI MPoC Standard recognizes that there are different ways in which a card-based payment may be accepted in face-to-face environments through the use of commercial off-the-shelf (COTS) products, such as mobile phones and tablets.”

PCI MPoC will include many of the requirements from the two already-existing standards, but the company says that it will also diverge into three different structures – technical, development and operational. 

This way, PCI predicts that they will be able to address market needs that have been otherwise difficult to support under the previous two standards. 

Andrew Jamieson, Vice President Solutions of PCI SSC, said: “It’s hard to say what the future of payments will be, but we know that payments can’t be a one-size-fits-all. There will continue to be a place for dedicated payment terminals, but increasingly there is a place for other types of solutions as well.

“At the Council, we want to allow for innovation, flexibility, and agility in how our standards address these new payment acceptance methods. At the same time, this innovation needs to support a sufficient level of security that allows for the confidence in these solutions that is required for their broad adoption. It is the goal of MPoC to strike this balance.” 

The standard has been developed based on two Request for Comments (RFC) made by PCI SSC, gathering around 900 comments from 37 companies on their views on COTS-based payment acceptance solutions.

It can be viewed in the Document Library on PCI SSC’s website. A program guide is also expected to be published in the upcoming months.