Looking at this timeline of card payment acceptance technology, you can see that each innovation was driven by either improved convenience or fraud reduction – often both.
Embossed cards made filling out authorisation slips quicker and less error prone. Magstripe made the cards machine readable – removing the need to manually fill out a slip. Then came EMV, which introduced cryptographic signing to reduce fraud while a PIN was quicker to enter on a keypad than an easily forged signature (did the shop assistant ever really check them anyway?). Contactless taps made in-store payments even easier and paved the way to card-scheme based mobile wallets.
Each technological jump reduced in-store payment friction while adding new protections against fraud.
Ready to dive deeper?
Get our fintech security ebook free.
Now we are seeing the next evolution: SoftPOS. This will allow payment acceptance on standard smartphones – often referred to as Consumer Off The Shelf devices (COTS).
In many ways, SoftPOS is the logical next step from Mobile Point of Sale (mPOS) devices that have become increasingly popular over the last decade.
mPOS to SoftPOS
It is fair to say that Square pretty much invented the mPOS category, providing small merchants (and some very large ones) with innovative and attractive hardware and software, backed up by systems and services. Of course, this has been primarily in the United States before the EMV migration started and simple mag stripe (and no security whatsoever) was allowable.
In other parts of the world where EMV was already deployed, the original Square solution was not allowed. This created space for new entrants in the market, like iZettle, to develop EMV compliant mPOS products. These used a dedicated “Pin Entry Devices” (PEDs); and could be considered a hybrid, combining traditional POS devices with some of the benefits of Square’s approach.
Thus, the mPOS market has grown and it is now common to see a vendor at a farmers’ market in California taking Square payments or a food-cart cashier in Stockholm taking chip and pin payments via an iZettle terminal; use-cases where the larger EMV PEDs from established players are simply too expensive to make sense.
Of course, nothing stays still. Inspired by HCE Payment Wallets, start-ups and payment processors began innovating to create pure software Point of Sale solutions that could accept contactless payments on any Android smartphone. Even traditional POS terminal manufacturers soon got in on the act.
At each stage of evolution, industry stakeholders are tasked with defining the rules and specification to maintain the security and interoperability of the payment networks. Given SoftPOS changes from an established and trusted security model to a new approach, this is more important than ever.
Motivated to support the industry trend, the Card Schemes, EMVCo and PCI have developed standards for SoftPOS. The two headline standards are both from PCI: Contactless Payments on COTS (CPOC) and Software-based PIN entry on COTS (SPOC). These standards are not yet interoperable, so the Card Schemes have developed a waiver program to allow PIN entry with CPOC.
CPOC defines the security standards for a classification of terminals often called Tap-to-Phone. Allowing any Android phone to safely and security accept contactless card payments.
While SPOC does the same for PIN-on-Glass – enabling any touchscreen to be a trusted device for PIN entry.
Enabling card acceptance with software security
By leveraging many years’ experience building approved and certified mobile payment solutions, Verimatrix’s new eBook demonstrates how to resolves many of the challenges a vendor will encounter when undergoing PCI security certification for their Contactless Payments on COTS (Tap-to-Phone) and Software-based PIN Entry (PIN- on-Glass) products.
Payment acceptance will evolve rapidly in the next few years. The flexibility of SoftPOS provides the platform to enable innovation. By using Application Shielding as a solid security foundation, not only is SoftPOS certification easier to achieve, but it becomes the basis for the vendor’s point of sale solutions for many years to come.
See how we can help protect your business:
• Mobile applications and APIs
• Video content
• Digital payments