For most merchants, payment terminals have become ubiquitous necessary parts of their technology investments and the cost of doing business. Unfortunately, feature-rich terminals are often outside the reach of micro-merchants and SMBs with limited resources or appetites for going all-in on a robust payment solution.
Wouldn’t it be nice if SMB merchants could use readily available and affordable commercial off-the-shelf (COTS) smartphones to accept payments? We’re talking about true contactless payments—fast and secure—without using third-party dongles or other pieces of hardware. Believe it or not, a payment terminal-free future is nearer than you might think.
“Tap on phone,” “tap to mobile” or SoftPOS, turns any smartphone or mobile phone into a payment acceptance device. Of course, using a consumer-grade device over a purpose-built payment terminal raises many security questions. In December 2019, the PCI Security Standards Council published a data security standard for CPoC, or contactless payments on COTS devices. According to the standard:
“The solution enables a cardholder to pay with a contactless-enabled card or device [e.g., wearable, phone, tablet] at a merchant using a COTS device and associated CPoC application for authorization of contactless chip-based card payment transactions. To secure account data, these solutions rely on a combination of mechanisms and security controls including, but not limited to, application software and monitoring, and attestation of the entire process.”
This new standard gave card brands and payment companies the necessary direction for how to build such solutions. Unsurprisingly, industry leaders such as Visa, Mastercard and Samsung began announcing CPoC initiatives.
The advantages are apparent. There’s no shortage of SMBs, including the underserved micro-merchant segment, that could benefit significantly from this technology. In fact, there are hundreds of millions of micro and small merchants operating, transacting trillions of dollars annually and interacting with billions of customers every day. At the same time, COVID-conscious consumers have shown an increased interest in using contactless payments.
With such a large potential market in need of an affordable electronic payment method, it won’t be long before we see contactless off-the-shelf apps with the ability to accept contactless payments. Merchants will only have to download an app and connect to the payment processor to make a full functional contactless acceptance device. The phone will automatically receive its provisioning credentials and the merchant can be accepting cards within minutes.
CPoC is the real deal, but the industry is still in the early days of solution development.
Standards are still evolving and there has yet to be a real solution launched at scale, but it doesn’t mean it’s too early to start planning your CPoC strategy. NMI, who has been developing EMV kernels for years, has been working towards enabling app developers with the toolkit needed to build their own dongle-free POS and payment solutions.
If you are a merchant, get in touch with your solution provider and inquire about their CPoC plans, and if you’re a payment solution provider just starting out with your CPoC strategy, NMI is here to help. Contact us to learn how.