mPOS Security (Mobile Point of Sale)

Thales hardware security modules (HSMs) are already helping PSPs to deliver secure mobile point-of-sale (mPOS) solutions to large numbers of merchants, some accepting card payments for the first time.

mPOS

Mobile point-of-sale (mPOS) is a flexible, low cost method of expanding card acceptance in face-to-face environments by using hardware encryption technology to facilitate the use of untrusted devices across untrusted networks. A summary of the role of Thales HSMs in the mPOS ecosystem can be found below.

Many transactions involving small (or micro) merchants, often outside a physical retail store, still take place using cash rather than credit or debit cards. For traditional bank acquirers and payment service providers (PSPs) this is a very large market to address with card-based acceptance solutions.

However it is not an easy task since there are two potentially competing elements involved: low cost required by the merchants and high security required by the payment systems.

For many years traditional point-of-sale (POS) terminals have been rejected by micro merchants on the basis of their high cost, long term contractual commitments, restrictive user interfaces and PCI DSS compliance requirements. Today there is a clear move in the payments industry to adopt mobile point-of-sale (mPOS) technology to either replace or complement traditional POS terminals.

Watch our video, mPOS Secure Mobile Card Acceptance

mPOS Card Payments: Today’s Challenge
  • Ensuring that the smart phone or tablet cannot access sensitive payment data to eliminate the need for the device to undergo stringent security certifications
  • Protecting the card data from the point of capture through to the payment gateway to ensure the merchants stay out of scope for PCI DSS compliance
  • Enabling card acceptance to take place securely in locations outside a retail store where there is no fixed network connectivity, providing merchants maximum flexibility
  • Lowering the cost of supply and configuration of the card acceptance equipment, without compromising the expected physical security, to make it an attractive proposition for merchants with low transaction volumes
mPOS Security: Thales e-Security Solutions

Thales hardware security modules (HSMs), both payShield 9000 and nShield, are already helping PSPs to deliver secure mobile point-of-sale (mPOS) solutions to large numbers of merchants, some accepting card payments for the first time. The HSM performs three critical functions for PSPs – managing keys for the card readers, decrypting the encrypted transaction data received from the merchants and translating the PIN blocks for online PIN-based transactions. payShield 9000 meets all the relevant payment security certification standards (FIPS 140-2 Level 3 and PCI HSM) in addition to supporting various algorithms and key management methods used in mPOS transactions – with the ability to add custom functions to meet individual PSP requirements if necessary. Working in conjunction with numerous partners in the mPOS ecosystem, Thales enables all PSPs to choose from a wide range of card readers, providing a fast, efficient and proven security solution with minimum integration risk.

Securing mPOS with Thales HSMs
  • Use the HSM to manage the mPOS card reader keys to suit the particular payment gateway requirements – secure generation and loading at the factory or via remote key injection after shipment to the merchant
  • Take advantage of the pre-integration with a wide range of leading mPOS card readers, enabling more choices for merchants
  • Comply with PCI HSM and PCI P2PE requirements out-of-the box with a hardware/software combination specifically designed for mPOS which simplifies PCI DSS compliance for both merchants and PSPs
  • Reduce time to integrate the HSM with the mPOS payment gateway by using Thales sample code and online test environment – ideal for PSPs new to HSMs and/or point-to-point encryption
  • Implement highly resilient hardware with full remote management flexibility – keeping all keys secure and providing ability to upgrade performance in line with mPOS transaction volume growth

White Paper : mPOS Secure Mobile Card Acceptance

Thales e-Security is very active in the mobile payments market, working with leading card reader vendors to integrate hardware-based key management and encryption technologies. This enables PSPs to get to market quickly with a proven security solution for installation at the payment gateway that supports a wide variety of card readers and their preferred encryption methods. The ability to create a secure infrastructure for mPOS, which uses untrusted devices (mobile phones and tablets) across untrusted networks (cellular, Wi-Fi or Internet), is one of the critical security challenges solved by Thales technology.

Download

White Paper : mPOS: The Payment Acceptance Revolution at the Point-of-Sale

Hardware security modules (HSMs) play a considerable role in enabling transactions to be performed securely using untrusted devices (phones/tablets) across untrusted networks (standard mobile networks). All participants can quickly take advantage of the flexible P2PE support options together with simplified PCI compliance delivered through Thales technology and launch mPOS solutions to participate in this POS revolution!

Download

Video : mPOS Secure Mobile Card Acceptance

Play
인터랙티브 동영상 시청하기 자세히 보기
라이브 데모 예약하기 예약하기
전문가와 상담하기 연락하기