PCI MPoC Services

PCI MPoC (Mobile Payments on COTS) is a security standard developed by the Payment Card Industry Security Standards Council (PCI SSC) to address the growing use of mobile devices for payment processing. MPoC provides a framework for securing mobile payment applications that operate on Commercial Off-The-Shelf (COTS) devices, such as smartphones and tablets.

This standard aims to ensure that mobile payment solutions meet rigorous security requirements, protecting cardholder data from threats and vulnerabilities. By adhering to PCI MPoC, developers and vendors can demonstrate their commitment to security, fostering trust among consumers and merchants in mobile payment solutions. The guidelines cover areas such as encryption, secure key management, application integrity, and secure coding practices, ensuring comprehensive protection of sensitive payment data.

Our company is dedicated to providing comprehensive services to ensure your mobile payment applications meet the stringent requirements of the PCI Mobile Payment on COTS (MPoC) standard. We offer a range of solutions tailored to guide you through achieving and maintaining PCI MPoC compliance.

PCI MPoC Security Evaluation

IS Laboratory is a PCI-recognized security laboratory authorized to perform full PCI MPoC (Mobile Payments on COTS) security evaluations for SoftPOS and mobile payment solution providers.

We support vendors seeking official Validation and Listing of their MPoC Products under the PCI Security Standards Council MPoC Program, enabling secure acceptance of card payments on commercial off-the-shelf (COTS) mobile devices.

Our MPoC Security Evaluation service is designed for MPoC Software Vendors, MPoC Service Providers, and MPoC Solution Providers who require an independent, accredited assessment of their products against the Payment Card Industry MPoC Security & Test Requirements.

Accredited MPoC Laboratory Services

As an authorized MPoC Lab, we conduct end-to-end evaluations of candidate MPoC Products, including:

  • MPoC Applications and MPoC SDKs
  • Complete MPoC Solutions
  • MPoC Services (A&M and Payment Processing)

Our assessments follow the official MPoC Program framework and include:

  • Comprehensive technical testing against all applicable MPoC security and test requirements
  • Review of cryptographic design, secure channels, application integrity, and sensitive data protection
  • Evaluation of operational and architectural controls where required by the standard
  • Production of formal MPoC Evaluation Reports
  • Submission of validation evidence to PCI SSC to support product Acceptance and public Listing

A Structured Path to MPoC Validation

We work closely with vendors throughout the evaluation lifecycle, from initial scoping to final submission, providing:

  • Clear definition of evaluation scope and product boundaries
  • Guidance on required artifacts and technical evidence
  • Rigorous, laboratory-grade security testing
  • Transparent reporting with actionable findings
  • Direct support through the PCI Acceptance and Listing process

Our approach ensures your MPoC Product is assessed with the depth and rigor expected by PCI SSC, helping you achieve Validation efficiently while maintaining the highest security standards.

Gap Analysis

Our PCI MPoC gap analysis service identifies the differences between your current mobile payment application setup and the requirements of the PCI MPoC standard. We provide a detailed report highlighting areas that need improvement to achieve compliance, helping you prioritize remediation efforts efficiently.

Workshops

Our interactive workshops are designed to educate your team on PCI MPoC standards and best practices. These sessions cover critical aspects of mobile payment security, offering practical insights to help your team understand and implement necessary security measures effectively.

Penetration Testing

Our penetration testing service focuses on the specific requirements of PCI MPoC, covering critical security areas such as:

  • Requirement 1A-1.3: Ensuring the secure implementation of mobile payment applications on COTS devices by testing for vulnerabilities that could compromise data integrity and confidentiality.
  • Requirement 4A-3.1: Verifying the interfaces between the MPoC Application or MPoC SDK, and back-end environments.

Our penetration tests are thorough and aligned with the latest PCI MPoC guidelines, providing you with detailed findings and actionable remediation steps to strengthen your application’s security.