The PCI SSC recently released the MPoC standard or the Mobile Payments on Commercial off-the-shelf devices.
Do you accept payments on phones?
Do you want to?
Do you want to make software that does this?
I have been assessing payment software since 2012 on everything from kiosks to web applications. For payment software vendors who wanted to put their software on their mobile phones, the hurdle was the ineligibility requirements under PA-DSS. With the release of the software security framework, are payments available to be taken on mobile phones? Well, yes, but the standards around how that was going to be done were not quite clear. Mobile payments on commercial off-the-shelf (MPoC) simplifies that assessment process so that your payment software can be assessed.
Given that all kinds of merchants and service providers want to be able to use their mobile phones to accept and process payments, well, now that software can. The MPoC standard is new and it is not easy. We have experience in testing payments software. We also have experience testing mobile devices. Let's put those together, bring you in and we've got a solution in the making.
About Sully Perella
Sully Perella is a Senior Manager at Schellman who leads the PIN and P2PE service lines. His focus also includes the Software Security Framework and 3-Domain Secure services. Having previously served as a networking, switching, computer systems, and cryptological operations technician in the Air Force, Sully now maintains multiple certifications within the payments space. Active within the payments community, he helps draft new payments standards and speaks globally on payment security.