The PCI security Standards Council has rolled out a new regulation that could increase contactless adoption rates and transactions. This newly crafted standard is special because it will enable customers to pay through a retailer’s off-the-shelf smartphone or mobile device.
Contactless payments enable customers to buy items or services with their debit, credit or smartcard (a.k.a. chip card) through RFID tech — or, smartphones and mobile gadgets like tablets using or near-field communication (NFC). All contactless-ready banking applications used in smartphones and mobile devices rely on near-field communication.
PCI’s new regulation is titled Contactless Payments on COTS (commercial off-the-shelf devices), or in short, CPoC. The standard highlights security rules controlling apps that enable mobile contactless payments from shoppers using EMV chip-cards, wearable devices, and smartphones.
And because mobile devices rely on NFC, CPoC will only impact contactless payments where the off-the-shelf card-taking smartphone is solo— or doesn’t involve other hardware integrations.
To ensure app developers comply, PCI has organized a team that will vet, test and approve CPoC payment apps. PCI also said it will list all approved CPoC systems on its website.
This standard comes as a second regulation on mobile contactless after the PCI PIN Transaction Security Point of Interaction (PCI PTS POI) Standard rolled out years ago.
A CPoC platform must include:
- A COTS gadget with a built-in NFC solution to scan and read the card or device making the payment.
- A PCI-approved payment-taking app installed on the retailer’s COTS device to enable contactless payments.
- Back-end solutions not connected physically to the COTS device, payment processing solutions, reliable support etc.
The payments watchdog said CPoC goes in line with its goal “to augment the security of international payment-account data by creating and enforcing regulations that ensure safe transactions in newfangled and upcoming payment avenues.”
The Council is positive that, for retailers, the CPoC will eventually add to the list of safe and secure ways to take payments.
The idea that a retailer can download an application on their device and begin taking payments ASAP from shoppers may as well be the next-big-thing in the payments sector.
Thanks to CPoC we can now say the future is brighter for contactless payments-especially mobile contactless.
CPoC is an excellent idea for a merchant looking to add one more payment option to their list of offerings. Be sure to confirm (from the council’s website) whether an app is PCI-certified before you begin using it for payments.