Chip Security TestingΒ 
Binary Security AnalysisΒ 
Contact us
Back to all articles
Mobile App & Software

PCI MPoC: The New Standard for Mobile Payments

4 min read
Edit by Thilo Pannen β€’ Jun 2, 2023

The PCI Security Standards Council (PCI SSC) has recently unveiled an innovative mobile payment security standard, known as Mobile Payments on COTS (Commercial-Off-The-Shelf) devices (PCI MPoC), designed to support the evolution of mobile payment acceptance solutions.

PCI MPoC builds upon the PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) standards, each coming with a limitation.

What sets PCI MPoC apart is its ability to support both PIN entry and contactless card processing on a mobile COTS device (phone or tablet), transforming it into a contactless payment acceptance point-of-sale (POS) device. Notably, while a PCI MPoC solution may utilize hardware security components integrated in the device (e.g. Secure Elements (SE) or Trusted Execution Environments (TEE)), it can also be realized purely in software.


The Demand for Mobile App and Backend Security

As contactless payments have gained popularity, particularly in the wake of the pandemic, developing secure PCI MPoC solutions becomes crucial. Developing a solution on a COTS device requires a deep understanding of state-of-the-art mobile app and backend security. Protecting the contactless payments demands rigorous measures to ensure data integrity, confidentiality, and resilience against evolving threats.

At eShard, we are specialized in mobile app security and have a proven track record in mobile payment security standards. Leveraging our knowledge and experiences, we offer comprehensive security services tailored specifically for PCI MPoC solution providers and SDK or app developers.

From the initial stages of your project to the security approval application at a PCI MPoC lab, our team of experts provides unwavering support. We assist with any security-related queries, ensuring a smooth journey and helping you meet all the necessary requirements.


Prepare for the Future in 4 steps


Set the scene with MPoC Workshop

With the introduction of this new standard, vendors naturally have a multitude of questions regarding its content and implications. At the Foundation Workshop, we equip you with essential insights and guidance on the PCI MPoC program. Our expert team introduces you to the program's key aspects, including stakeholders, roles and responsibilities, high-level security requirements, dos and don'ts, pitfalls to avoid, and its relationship with other vital PCI standards like PCI DSS, PCI SSF, PCI PTS, and PCI PIN.


Offensive and Defensive Mobile App Security Training

Empower your developers with our specialized training modules focused on offensive and defensive mobile app security. In the Offensive Training Modules, developers learn to think and attack like real-world adversaries, developing effective defensive measures. The Defensive Training Module highlights typical weaknesses of mobile applications and imparts the knowledge needed to implement resilient code. Our training combines theory and hands-on practical exercises, providing developers with the skills necessary to protect mobile apps from evolving threats.


Technical Security Pre-Assessment

Prepare yourself for a smooth security evaluation process at the PCI MPoC lab with our Technical Security Pre-Assessment module. Our experts will review your security design, source code, or binary release candidate to ensure compliance with PCI MPoC security requirements. By identifying any potential vulnerabilities or gaps early on, we help you save time and avoid unnecessary iterations during the lab testing phase.


Consultancy and Expertise Services

Throughout your PCI MPoC project, our consultancy and expertise services are at your disposal. We offer comprehensive support as your trusted security expert, answering your questions, providing guidance, training, and coaching until you achieve the final approval at the PCI MPoC lab. Our team will address not only security-related concerns but also any non-security queries that arise during the project, ensuring a seamless and efficient experience.


The future of mobile payments is here, and we are excited to be at the forefront of this transformative journey. With our comprehensive PCI MPoC security services, we aim to empower businesses, solution providers, and developers to build robust and secure mobile payment acceptance solutions. Let us be your trusted partner in safeguarding the future of mobile payments.

Contact us today to unlock the full potential of PCI MPoC security.



All articles
Case Studies
Chip Security
Corporate News
Expert Review
Mobile App & Software
Vulnerability Research

you might also be interested in

Vulnerability Research
Corporate News

Introducing esReverse 2024.01 β€” for Binary Security Analysis

4 min read
Edit by Hugues Thiebeauld β€’ Mar 13, 2024
CopyRights eShard 2024.
All rights reserved
Privacy policy | Legal Notice