The rapidly changing world of SoftPOS
What’s new in the rapidly changing world of SoftPOS?
The MPoC standards are due for release soon. How will they change the market and what will consumers think about paying through an Android smartphone?
So, it’s been a few months since my last blog, and I imagine you are all wondering what’s new in the SoftPOS world. Well, MPoC (Mobile Payments on COTS), the new PCI SoftPOS standard has now been through all its external reviews, the Mobile Task Force has done great work, and when its released, it’s going to bring a lot to the market. Just a quick reminder, MPoC is the standard that officially allows contactless payments, with PIN entry on a smartphone. For now, it’s with the PCI internal team to make final changes and to incorporate comments from the reviewers, before its formally released at the end of the year. Once MPoC arrives, full scale PIN based SoftPOS projects will finally be possible, no more restricted deployments based on pilot rules. It will be interesting to see how the market adopts this new solution and how quickly users accept and embrace it.
User acceptance will be interesting to watch. Up until now, people have become accustomed to only entering their PIN into a physically secured device, an ATM, traditional POS terminal or a hardware based MPoS terminal. I know there have been exceptions to this, there have been a few SPoC (Software-based PIN Entry on COTS) solutions where you put your card into (or tapped onto) a device called a SCRP (Secure card reader for PIN) and entered the PIN into a phone screen, but at least there was a separate official looking device. I’ve personally only come across one SPoC system being used in the wild. You may also have typed your PIN into phone if you have been lucky enough to find a retailer involved in one of the scheme tap to phone pilots, but they have also been few and far between.
As a self-confessed payment and security geek, I wonder whether the public will be concerned about typing their PIN into a strangers android phone. I’m sure if the phone belongs to a trusted person, like your regular window-cleaner or a café you frequent, you won’t think twice. But would you walk up to a market stall, where you don’t know the seller and be willing to type your PIN into their phone? That may be a step too far for some, but in general, in my experience the public are very trusting, so maybe these discussions are just for those of us with a healthy degree of security paranoia! I think the Apple effect will help bring confidence in the system, Apple have teased us with news about their own solution. But even they have been slow to deploy their SoftPOS solution, and I haven’t heard any new about when a move across the Atlantic is planned. I’m sure we will see lots of scaremongering from the press, just like we did when contactless cards and mobile wallets were first released, but contactless card and mobile wallets haven’t brought the massive fraud increases predicted, contactless is now fully mainstream, in some ways thanks to Covid.
Once MPoC solutions start to rollout, where will they stop? Will we start to see retailers using a general-purpose Android tablet being used to replace traditional POS terminals? I think the next few years will see rapid evolution in card acceptance devices and technologies, it’s an exciting time to be involved in card payments!