Build38 logo


February 14, 2023

Everything that you need to know about the new PCI MPoC standard

verything about the new PCI MPoC standard


Everything that you need to know about the new PCI MPoC standard

The payment card industry has recently introduced a new standard for secure payments: the Mobile Payments on Commercial Off-The-Shelf (MPoC) standard. This new technology promises to revolutionize the way businesses and consumers process payments, providing enhanced security and privacy while also improving the overall payment experience. In this blog post, we will look at what MPoC is, how it works, and how it can benefit both merchants and customers. We will also explain how businesses can ensure that they are fully able to meet the regulatory requirements needed to adopt this new standard.

Overview of the PCI MPoC standard

The PCI MPoC Standard is a new specification that was developed to help meet the increasing demand for secure, higher-speed, and better-integrated payment processing solutions. The new PCI MPoC standard integrates the existing use cases from the CPoC and SPoC standards, and adds new payment functionality along with new ways of certification. Most notably the new payment functionality includes PIN-based transactions without an additional security device attached to the merchant’s smartphone and adds support for offline transactions.

MPoC standard explained

The foundation for the MPoC standard will still be what is currently being used: Software-Based Pin on Cots (SPoC) and Contactless Payments on COTS (CPoC) standards. These standards each have their purpose

  • Software-Based Pin on COT uses an external card reader paired with a mobile device, which accepts the PIN on a COTS system.
  • Contactless Payments on COTS uses the NFC receiver directly in a COTS device, but does not allow a PIN entry.

This new standard will introduce modularity, new certification options, and new use cases, including support for software PIN without the need for an SCRP (Secure Card Reader for PIN), offline transactions and certification of components. Overall, the PCI MPoC Standard will help increase the security of payments and boost the revenue streams while boosting the adoption of Tap to Phone payments.

Key benefits of the PCI MPoC standard for businesses 

The PCI’s new MPoC Standard is a key development in payment security technology in mobile applications. It offers an array of benefits that make it an attractive option for businesses handling large volumes of payments. Here are some of the main advantages that the PCI MPoC Standard brings to the table for businesses throughout the globe.

  1. Improved Data Security: The PCI MPoC Standard provides additional layers of security for sensitive payment data. It uses advanced cryptography and authentication protocols to protect payment information from unauthorized access and malicious activity. This means that payment data can be securely stored and transmitted without any risk of exposure.
  2. Enhanced Privacy: It allows for increased privacy when it comes to payment processing. All data related to payments are encrypted and stored in a secure environment, making it difficult for third parties to gain access to sensitive information. This helps to ensure that customers’ private information is kept safe.
  3. Increased Flexibility: MPoC combines PIN and contactless entry on the same COTS device. It’s designed to be a more flexible, modular standard supporting different types of payment acceptance channels and consumer verification methods on COTS devices.
  4. Streamlined Compliance: The PCI MPoC Standard simplifies the process of meeting compliance requirements. By adhering to the standard businesses can save time and resources that would otherwise be spent on ensuring compliance with relevant regulations. This can help to minimize the costs associated with remaining compliant.

MPoC Standard Implementation

This standard has been created to protect consumers from fraudulent activity, as well as increase data security for businesses. The PCI MPoC Standard requires businesses to establish and maintain specific measures to ensure the secure handling of customer payment information. The security controls required to protect payment information depend on the type of payment acceptance channels and cardholder verification methods supported by the MPoC Software. All MPoC Software is required to meet the security objective, requirements, and test requirements in the Core Module. The objective of these security requirements is to ensure: 

  • The integrity of the COTS device
  • That the solutions provide adequate security mechanisms, controls, and mitigations to protect the cardholder’s account data and other assets such as cryptographic keys.

These requirements will make sure that the transaction is secure while protecting from unauthorized disclosure, modification, or misuse. Solution developers need to make sure their SoftPOS solutions follow the regulations requirements which include:

  • Protection of cryptographic keys
  • Robust security to ensure the app is resistant to reverse engineering.
  • Monitoring system that can offer visibility to threats.
  • Prevention of disclosure of information.
  • Protection of cardholder’s primary account number (PAN) and PIN data.

Slash your certification time by 60% while you are developing your SoftPOS solution with our Quick Start Guide.

Build38 helps your company ensure compliance in a reliable way

This new standard is designed to provide merchants with a secure, reliable, and compliant way to accept digital payments while reducing the risks of payment fraud for organizations of all sizes. It is important for businesses to understand how the PCI MPoC Standard will impact their operations. By taking the necessary steps to ensure compliance, businesses can protect themselves from costly fines and potential legal issues, as well as provide their customers with the highest levels of security when issuing online payments with a mobile application.

Get in touch with us to learn about Build38’s mobile application protection solutions and fast-track the implementation of solutions compliant to the new PCI MPoC standard, while future-proofing them through our support and expertise through the life-cycle of your service. Contact us.

> The purpose of MPoC is to provide a modular, objective-based, security standard that will support various types of payment acceptance channels and consumer verification methods on commercial off-the-shelf (COTS) devices. The goal is to create a flexible mobile standard and program for payment solution development, allowing for both PIN entry and contactless payments through the COTS-native interfaces._


Related posts

Discover the next generation 
of mobile app security