Page 18 - GS210701
P. 18
Views
How contactless more sales in less time? Imagine a busy retail store on
Black Friday. If the store deploys a CPoC solution, its
payments are taking employees can process customer payments anywhere in
the store using CPoC-enabled mobile devices, preventing
long checkout lines from ever forming. CPoC is a low-
off with CPoC cost, high-efficiency way for merchants to improve the
customer experience by offering a level of convenience
closer to online shopping.
What does security have to do with it?
Part of the CPoC specification is a Federal Information
Processing Standards (FIPS)-validated random number
generator. That's where a FIPS 140-2 Level 3-validated
hardware security module (HSM) fits in: to securely
process transactions (including cloud payment
processing), authenticate devices and remotely load keys.
CPoC transactions can use DUKPT, the same encryption
method used in standalone payment terminals today.
In addition, most current mobile devices have secure
enclaves, which are a special part of the mobile device
By David Close where the CPU is walled off from the main processor to
Futurex provide extra security. Additionally, at the application
layer, there is typically white-box cryptography, which
ontactless payments are revolutionizing the combines encryption and obfuscation to embed encryption
way businesses interact with customers. keys within the application code.
Whether you're managing a department store
C during the holiday rush or selling produce at a What's ahead in payments?
farmers' market, contactless payments extend your point As consumers grow more comfortable with mobile
of sale beyond the checkout counter. This is not only expe- payments and contactless payments, CPoC will expand in
dient for merchants and customers, but also for acquirers, use. For example, most consumers now have contactless
banks and ISOs. credit and debit cards with an embedded NFC chip,
which allows them to communicate with contactless-
CPoC is a PCI Security Standards Council (PCI SSC) enabled payment terminals. To complete a transaction, the
standard and is short for Contactless Payments on COTS; consumer simply places their card near the terminal.
COTS stands for a commercial off-the-shelf device such as
a smartphone. The contactless payments are conducted This is becoming commonplace in grocery stores and major
with near field communication (NFC) chips embedded in retailers, but imagine being able to pay this way at pop-up
most modern COTS devices. (The PCI SSC is in the process shops, food trucks, arts and crafts festivals, and sporting
of evolving its mobile security standards, bringing both event concession stands. For micro merchants, CPoC is an
PCI Software-based PIN Entry on COTS (SPoC) and CPoC easy way to expand business—and improve the consumer
under a single standard called Mobile Payments on COTS.) experience—without the startup costs and hassle. What
are we seeing in terms of new developments? New devices,
CPoC eliminates the need for card-reading hardware, new terminals, new phones and new wearables with
lowering the cost to entry for merchants of all sizes. It contactless and mobile payment functionality. However,
also provides a high level of security. Payment data is the right software is needed. Merchants are looking to
encrypted and sent to back-end systems for attestation implement SoftPOS (software point of sale) solutions
and monitoring—after which it is securely processed—all enabling them to accept card payments directly on their
with no manual PIN entry required. Customers can pay mobile devices without additional software.
quickly and without hassle. Large merchants gain agility
and scalability, while smaller merchants are able to rapidly With the payment ecosystem moving away from cash and
meet customer demand. contact, what we might see less of is actual wallets, with
Moving from contact to contactless payments mobile wallets gradually taking their place.
The payments ecosystem continues to shift as merchants David Close is chief solutions architect at Futurex, a trusted provider
quickly respond to consumer needs impacted by the of hardened enterprise data security solutions. He is a subject mat-
pandemic. Mobile POS devices are already ubiquitous, ter expert in enterprise key management best practices and systems
and CPoC-based solutions have gained momentum in
the past 12 months. How can contactless payments spur architecture and infrastructure design. Contact him at linkedin.com/
in/davidclose or www.futurex.com.
18
