Home News Tap-on-Phone and how to secure it

Tap-on-Phone and how to secure it

One of the most exciting innovations in the payment and retailer segment today is the potential of utilizing commercial-of-the-shelf (COTS) smartphones as Point-of-Sale terminals. This is often referred to as Tap-to-Phone or Contactless Payment on COTS (CPOC).
This and other technologies are increasing market access by providing convenience and ease-of-use. Using smartphones as payment terminals has quickly become a sizeable business opportunity for both solution developers and merchants.

Smartphones as payment terminals

There are three main solution types, including Software-based PIN entry on COTS, Tap-On-Phone, and Tap-on-Phone with PIN entry. Each solution supports a different use cases and has a different risk profile and subsequent security needs.

The popularity for smartphone based payment terminals is largely driven by the expected cost reduction for payment terminals, convenience for the small and medium size merchant to accept card based transactions on their own smartphones and the potential for integration with other value-added services (e.g. loyalty programs).

Security concerns

With new technologies and innovations, new risks arise as well. When it comes to securing such smartphone based solutions, it is important to understand what attackers are capable of, which risks need to be considered and how you can protect your solution against all this.  Some of the most common risks would be skimming, unauthorized transactions and relay attacks. Currently, there are several standards developed, by both the card networks and the Payment Card Industry Security Standards Council (PCI SSC), that address concern from across industries regarding software-based PIN entry (SPOC) and contactless solutions (Tap-to-Phone and CPOC).

Learn more about smartphone transaction acceptance security by downloading our whitepaper.

Share This