How to reduce PCI MPoC evaluation scope ?
PCI MPoC certification is a challenge for SoftPOS providers, but they can optimize the scope of the evaluation.
The current challenge for all players involved in the tap to phone technology is to evaluate the best strategy to easily and rapidly comply with the new specification from the PCI Security Standard and fast track their product deployment. PCI MPoC requirements cover the all spectrum of the security measures necessary to protect the sensitive data processed during a contactless payment transaction operated on the smartphone or tablet of a merchant.
Key features of MPoC
The specification is built on security concepts and targets on data protection objectives that SoftPOS providers must reach to be compliant. The flexible approach of the evaluation leaves a greater choice to application developers to build their solution according their preferred security mechanisms.
Besides, SoftPOS providers can choose to support software SDK as well as attestation & monitoring services from certified third party providers, to shorten the scope of the certification of their solution.
SoftPOS providers must meet the PCI MPoC security requirements in order to be listed as approved providers on PCI website.
Where Alcinéo helps ?
Built upon our solid background in PCI PTS POI developments for terminal providers, Alcinéo has a proven track record in developing reliable and secure logical mechanisms to help payment solution providers to align with international security standards requirements.
Our SoftPOS SDK has been developed with data integrity in mind, and complies with the MPoC security requirements. Our customers benefit from our secure SDK comprising best-in-class software protection mechanisms, such as key management, cryptographic algorithms, attestation server or code obfuscation.
What do we provide ?
Alcinéo provides a SoftPOS SDK including accredited payment libraries, dedicated tools to integrate our customers’ payment application, documentation and sample code. Moreover, our dedicated attestation server and monitoring services enable them to easily control transaction and device status.
We bring the necessary elements for the lab to perform the evaluation of the solution :
- Software SDK
- Attestation and monitoring services
- documentation and code review
Prerequisites to be MPoC compliant
All payment players providing a SoftPOS application shall submit their solution to MPoC evaluation before deployment in the field.
One crucial step is to contract with an accredited laboratory and define the scope of evaluation and the schedule.
To apply for MPoC evaluation, SoftPOS solutions must :
- Integrate the payment software and protection components
- Show end-to-end data integrity of the full application
- Meet the requirements described for attestation and monitoring services
- Manage vulnerability of the software, the key management process and updates
During the evaluation process, the lab will check the integration of third party components, software SDK and back-end services.
To be validated, SoftPOS solutions must demonstrate high-level degree of sensitive data protection through all the components integrated, to prevent any risk of data breach.
Benefits for SoftPOS providers
Using our secure SDK, our customers can focus on building end-to-end security for their SoftPOS application.
Alcinéo support payment solution providers at all stages of the development of their project. Integrating our SDK, they benefit from certified payment library, bespoke tools to optimize integration, security features compliant with international payment and security standards.
SoftPOS SDK reduces the hurdles for our customers, speeds up their project timeline and fast-track the certification processes, hepling them to deploy the most advanced and secure payment solutions at a rapid and cost-effective pace.
For more information about the details of the PCI MPoC modules, read our previous post : MPoC certification tips
Fee freel to contact our team for any additional questions : contact@alcineo.com