On July 31, 2020, the PCI Security Standards Council (i.e. organization established by i.a. MasterCard and Visa) announced that it is working on an update to the security standards for soft POS transactions (i.e. the so called application terminals). The new / updated standards are to provide for the possibility of authorizing PIN transactions on merchant’s soft POS device. The new standards are expected to be published in Q4 2021.
The currently binfing standards were published on December 4, 2019, whereas they do not provide for the possibility of authorizing PIN transactions on soft POS type devices (so called PIN on glass). It is to be changed along with the announced update of the standards. First draft can be expected in Q2 2021.
Why current situation is a problem for merchants using soft POS?
Let’s remind - since September 2019, the standards of the PSD2 Directive have been in force in the scope of the so called strong customer authentication, which requires, among other things that a part of contactless transactions is authorized with PIN. Moreover, the vast majority of contactless transactions with a value exceeding PLN 50/100 also require PIN authorization.
In practice, for merchants using the so-called: soft POS or an application terminal, which at the moment does not allow for authorization of transactions with PIN - this means that they can accept:
- low value contactless card transactions (and these are only some, due to the PIN authorisation requirements also applicable to these transactions),
- ApplePay transactions and their derivatives (GarminPay, GooglePay).
We encourage you to contact our Law Firm - we provide, among others services related to:
- payment services,
- designing and adapting systems and internal regulations to the requirements of EBA and KNF.