Immigration law /

Soft POS vs strong customer authentication problems

Since September 2019, the standards of the PSD2 Directive have been in force with respect to the so-called strong customer authentication, which require, among other things, that part of contactless transactions be authorized with PIN code. This requirement is a serious problem for merchants using the so-called soft POS or application terminal, which currently does not allow to authorize transactions by means of PIN code. In December, we expect new guidelines in this respect from PCI Security Standards Council.

The current guidelines of PCI Council do not provide for the possibility of authorizing transactions executed via soft POS with PIN code. For the sake of simplicity, it can be assumed that the reason is due to technical limitations related to the requirement to separate card data from PIN code.

Unfortunately, PCI Council has announced that the new guidelines will not introduce any changes in this respect – there will still be no possibility to authorize transactions on soft POS with PIN code. Thus, only mobile payments based on biometric systems (such as Apple Pay) will enable the use of full functionality of application terminals.

We invite you to contact our Law Firm, which offers services such as:

  1. representation in front of KNF,
  2. legal design of the systems of strong customer authentication used by payment services providers.
Author team leader DKP Legal Piotr Putyra
Contact our expert
Write an inquiry: [email protected]
check full info of team member: Piotr Putyra

Contact us

Młyńska 16
61-730 Poznań
+48 61 853 56 48[email protected]
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Swobodna 1
50-088 Wrocław
+48 61 853 56 48[email protected]
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]