MineSec and Build38 enter a partnership to bring SoftPOS to the masses

The collaboration is focused in contributing to increase the acceptance of Contactless Payments through the use of standard mobile phones, enabling small retailers and independent providers of services to accept contactless payments without additional hardware costs. 

Accepting contactless payments from a standard phone at retail shops is becoming essential as social-distancing measures are enforced

Singapore, 22nd December 2020. MineSec, the Asian provider of the white-label SoftPOS solutions MineHades and MineZeus that allow Payment Services Providers and Acquirers to personalize and brand their own SoftPOS offering, is entering an agreement with Build38 to use its leading Mobile App Security Protection and Monitoring offering to secure their SoftPOS solution. In a nutshell, SoftPOS solutions are Apps that are downloaded from an App Store, e.g. Google Play, into a COTS (Commercially off-the-Shelf, that is, a regular phone as most end-users have) and, once activated and enrolled it can be used for accepting Contactless Payments through the NFC interface of the phone. Naturally, there are some requirements that the device has to meet, like supporting NFC, and some of those requirements are related to the security environment present on the device. As the devices process the payment transaction locally, there must be enough protections to guarantee that the transaction can not be compromised.

There are several specifications for the SoftPOS (sometimes known as well as mPOS, for Mobile POS, or Tap-to-Phone) but the one that will define the future of the industry is the PCI CPoC Specification. In its first release, it already defines the security and functional requirements for a solution to be compliant and accept contactless payments from a COTS Phone performed by a customer using a Contactless Credit Card or Mobile Pay on phone, e.g. Apple Pay. The joint effort by MineSec and Build38 will streamline the development and roll-out of CPoC compliant SoftPOS services by Payment Service Providers, Acquirers and, in general, any Fintech or retailer, in the shortest time-to-market and with the widest support possible.

Though the specifics of the agreement remain confidential, the collaboration comprises technical and commercial terms that will enable both companies to become lead players in this space. In particular for Build38, this further validates the mechanisms for mobile App Protection and Monitoring, like re-packaging protection, device attestation, root, emulator and hooking detection as well as the continuous monitoring of the installed base from their cloud service. Now, the SoftPOS use-case is an additional step forward in the broadening of the use-cases enabled by its solution and services, that already cover Transit Ticketing, Digital Identity and mID, Automotive and Mobile Banking. The ultimate goal for Build38 is to facilitate Service Providers of critical mobility solutions, like MineSec, to meet all the regulatory and industry security requirements in the shortest time-to-market and keeping them updated continuously through the lifetime of the Service. In this sense, keeping the solution and service updated to the latest security threats as well as the latest developments in mobile OS capabilities and device updates, is a critical part of the value provided.

Stay tuned for upcoming news in this space and, if you want to know more about Build38 and MineSec and how we can help you streamline the launch SoftPOS services, contact us here.