Accounting

News

Accounting

Payment services: The PCI Council has published security standards for soft POS

Payment services: The PCI Council has published security standards for soft POS

On December 4, 2019, the PCI Security Standards Council (i.e. the organization established MasterCard and Visa) published the long-awaited security standards for soft POS transactions (i.e. the so called application terminals). Unfortunately, as predicted, the new standards do not provide for the possibility of authorising PIN transactions. In practice, this represents a serious brake on the development of soft POS. (i.e. PIN on glass)

Why is this a problem for merchants using soft POS?

Let us remind you - since September 2019, the standards of the PSD2 Directive have been in force in the scope of the so called strong authentication, which requires, among other things that a part of contactless transactions is authorized with a PIN. Moreover, the vast majority of contactless transactions with a value exceeding PLN 50 also require PIN authorization.

In practice, for merchants who use the so-called: soft POS or an application terminal, which at the moment does not allow for authorization of transactions with PIN - this means that they can accept:

  1. low value contactless card transactions (and these are only some, due to the PIN authorisation requirements also applicable to these transactions),
  2. ApplePay transactions,
  3. GarminPay transactions.

GooglePay will probably soon join this narrow circle.

I encourage you to contact the Law Firm - we provide, among others services related to:

  1. payment services,
  2. designing and adapting systems and internal regulations to the requirements of EBA and KNF.


Piotr Putyra

Lawyer

Piotr Putyra

Barrister, Managing Partner

Piotr Putyra

Contact:

Rondo ONZ 1
00-124 Warsaw