Soft POS vs strong customer authentication problems
Since September 2019, the standards of the PSD2 Directive have been in force with respect to the so-called strong customer authentication, which require, among other things, that part of contactless transactions be authorized with PIN code. This requirement is a serious problem for merchants using the so-called soft POS or application terminal, which currently does not allow to authorize transactions by means of PIN code. In December, we expect new guidelines in this respect from PCI Security Standards Council.
The current guidelines of PCI Council do not provide for the possibility of authorizing transactions executed via soft POS with PIN code. For the sake of simplicity, it can be assumed that the reason is due to technical limitations related to the requirement to separate card data from PIN code.
Unfortunately, PCI Council has announced that the new guidelines will not introduce any changes in this respect – there will still be no possibility to authorize transactions on soft POS with PIN code. Thus, only mobile payments based on biometric systems (such as Apple Pay) will enable the use of full functionality of application terminals.
We invite you to contact our Law Firm, which offers services such as:
- representation in front of KNF,
- legal design of the systems of strong customer authentication used by payment services providers.