Road to MPoC: Understanding the current certification standards

News of the release of the new PCI standard for mobile payments in December last year were very much welcomed by the Payments community. The new Mobile Payments on COTS (MPoC) standard presents new opportunities in the continued development of digital payments that supports all businesses – from street vendors to large enterprises, and ultimately benefits consumers.


Back to Basics

The PCI MPoC standard addresses the gaps that earlier released industry standards were not able to fill, and may eventually render those same standards unnecessary. To fully understand the need for this new standard, we first look at the various certification standards available in Payments today:

• PCI SPoC (Software-Based PIN Entry on COTS) – released April 2018

Developed to cater to card acceptance solutions that required chip and PIN, SPoC allowed for low-cost card readers to be securely paired with consumer mobile devices like smartphones and tablets.

This became a more affordable alternative to traditional payments hardware such as mPOS and AndroidPOS.

• PCI CPoC (Contactless Payments on COTS) – released December 2019

With the onset of the pandemic, a tectonic shift away from the use of cash to contactless meant a critical need for MSMEs globally, especially in emerging markets, to adopt contactless payments acceptance methods.

For these small businesses (think market vendors), even a low-cost card reader could be tricky to own and handle in their places of business. CPoC enabled merchants to accept contactless payments on everyday Android-based mobile devices with NFC capabilities instantly and remotely.

• PIN on Glass Certification (by Mastercard and Visa) – released 2020

The CPoC standard had a major shortcoming – the lack of PIN support for transactions over CVM limits. To solve this problem, major card issuers Mastercard and Visa came together to provide PIN on Glass certification that allowed CPoC-certified solutions to also support PIN-entry for larger purchases.

• PCI MPoC (Mobile Payments on COTS) – released November 2022

Although many requirements within the MPoC standard are familiar to those already working with PCI SPoC and CPoC — unlike these standards, MPoC is designed to keep up with the constant evolution of new payment technologies.

Not only does it unify the SPoC and CPoC standards with support for PIN entry, it also provides a flexible, modular, SDK-based approach to cater for changing market needs.


What will it bring to Payments?

The introduction of this umbrella standard for mobile payments will greatly impact collaboration and innovation in the sector. Modularity, in particular, will encourage the entry of new solution providers, increased speed to market and collaborations between vendors for better innovation.

Read more: MPoC is coming, does this mean face to face payments will soon be an SDK? Our hopes and forecast!



PCI Security Standards Council, PCI SSC Publishes New Standard for Mobile Payment Solutions