SUMMARY
PCI SSC has developed lab-tested NFC solutions to protect payment data
Merchants will require no additional hardware to accept contactless transactions
The standard also includes security requirements for vendors on how to protect payment data in CPoC solutions
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
In a bid to secure the commercial off-the-shelf (COTS) payments ecosystem, the Payment Card Industry Security Standards Council (PCI SSC) has published a new standard for contactless near-field communication (NFC) payments using mobile devices.
According to a MoneyControl report, the newly launched PCI Contactless Payments on COTS (CPoC) Standard and Supporting Validation Program will help merchants to use lab-tested PCI SSC’s NFC solutions to protect payment data.
Explaining about the new standard for COTS payments, PCI SSC officer Emma Sutcliffe said that PCI CPoC Standard provides security and test requirements for solutions that enable contactless payment acceptance on a merchant COTS device using an embedded NFC reader. This is the second standard released by the council to address mobile contactless acceptance.
Notably, the technology which helps merchants to accept contactless payments includes a COTS device with an embedded NFC interface to read a card or mobile device, a payment acceptance software that runs on the device initiating a contactless transaction, and a back-end systems that are independent of the COTS device and support monitoring for integrity checks and payment processing.
PCI SSC senior vice president, Troy Leach, added that the new standard will enable merchants to leverage PCI’s software-based PIN entry on COTS (SPoC) solutions that enable contactless payment acceptance with a dongle attached to the mobile COTS device. Additionally, the PCI CPoC Standard and Program will provide merchants with the option to use validated solutions that require no additional hardware to accept contactless transactions.
The PCI CPoC Standard also includes security requirements for vendors on how to protect payment data in CPoC solutions. It also incorporates the test requirements for laboratories to evaluate these solutions through the PCI SSC’s Supporting Validation Program.
Moreover, PCI SSC has also published validated CPoC Solutions as a resource guide for merchants and users of the contactless payments service.
Push For Contactless Payments
Founded in September 2006, PCI CCS is a joint collaborative effort of American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc to managing the ongoing evolution of the payments industry data security standards.
The launch of new standards for the security of NFC payments comes at a time when the adoption of contactless, or tap and go, payments solutions is on the rise. Merchants want affordable, flexible and safe options for contactless payment acceptance that allow
them to best serve their customers.
One such Indian startup, AtomX, which is looking to increase NFC-based payments adoption in India has raised undisclosed investments, April 2019, from BookMyShow.
Another startup that is working in the contactless payments domain in the country, ToneTag, has also raised $1.3 Mn from an overseas investor, Tropical Star Limited.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.