The PCI Security Standards Council has issued a new data security standard that will allow vendors to provide merchants with tap-and-go payment solutions that have been developed and lab-tested to protect payment data.
“Providing the payments industry with standards and resources that support secure payment acceptance in new and emerging card and card-rooted payment channels is a key focus for the Council,” PCI SSC Standards Officer Emma Sutcliffe said in a press release. “The PCI CPoC Standard is the second standard released by the Council to address mobile contactless acceptance. Specifically, the PCI CPoC Standard provides security and test requirements for solutions that enable contactless payment acceptance on a merchant COTS device using an embedded NFC reader.”
“Contactless, or tap-and-go, payment adoption is on the rise globally, and merchants want affordable, flexible and safe options for contactless payment acceptance that allow them to best serve their customers. In addition to PCI Software-based PIN Entry on COTS (SPoC) Solutions that enable contactless payment acceptance with a dongle attached to the mobile COTS device, the PCI CPoC Standard and Program now provide merchants the option to use validated solutions that require no additional hardware to accept contactless transactions,” added PCI SSC Senior Vice President Troy Leach.
The new standard includes security requirements for vendors on how to protect payment data in CPoC Solutions, as well as test requirements for labs to evaluate these solutions through the supporting validation program. Validated CPoC Solutions are listed on the PCI SSC website for merchants and acquirers to review.
“Developed with the input of the global payments industry via the requests for comments (RFC) process, the CPoC Standard is a continuation of the Council’s efforts to provide merchants with secure mobile payment acceptance options they can trust to support their customers and protect the integrity and confidentiality of their payment data,” said Leach.