"CPoC" refers to "Contactless Payments on COTS." This term refers to a technology that allows merchants to accept contactless payments using their commercial off-the-shelf (COTS) mobile devices, such as smartphones and tablets.
CPoC is an acronym for Contactless Payments on COTS (with COTS being another acronym for Commercial Off The Shelf!). Both sides of a payment transaction can now use “off the shelf” mobile tablets, phones, smartwatches or other future wireless devices for payments. CPoC technology enables merchants to process payments without the need for specialized payment terminals or hardware. The certification process for CPoC devices is typically handled by payment industry organizations, such as Visa or Mastercard, and involves testing to ensure that the devices meet the necessary security and performance requirements for processing contactless payments.
In the context of CPoC, attestation refers to the process of verifying that a solution complies with the security requirements set forth by the payment industry organizations, such as Visa, Mastercard, or other card networks. Attestation is typically required for any CPoC solution that is designed to accept payments using mobile devices, such as smartphones or tablets.
The attestation process involves several steps, including:
-
Security assessment: The solution provider must conduct a security assessment to identify potential vulnerabilities in the solution and implement appropriate security controls to mitigate those risks.
-
PCI DSS compliance: The solution must comply with the Payment Card Industry Data Security Standard (PCI DSS), which outlines requirements for protecting cardholder data during payment transactions.
-
Testing: The solution must undergo a series of tests to demonstrate that it meets the necessary security and performance requirements for processing contactless payments.
-
Attestation report: The solution provider must submit an attestation report to the payment industry organization, which outlines the results of the security assessment and testing.
-
Listing on approved CPoC solution list: Once the attestation report is approved, the CPoC solution is listed on the approved solution list maintained by the payment industry organization.
The attestation process for CPoC solutions is designed to ensure that they meet the necessary security and performance requirements for processing contactless payments, and that they are able to protect cardholder data during payment transactions. It is important for solution providers to follow the attestation process and maintain compliance with security standards in order to provide secure and reliable CPoC solutions to merchants.
Approov's Mobile Attestation and RASP (Runtime Application Self-Protection) solution can be used as part of a CPoC (Contactless Payments on COTS) solution.
The RASP solution provides an additional layer of security to mobile applications, which is important for CPoC solutions that process contactless payments using mobile devices. The RAST solution works by integrating a lightweight runtime library into the mobile application, which monitors the app's behavior at runtime to detect and prevent malicious activity.
By using RASP as part of a CPoC solution, merchants and payment providers can add an additional layer of protection to their mobile applications, which can help to reduce the risk of fraud and other security threats. The RASP solution can be used in conjunction with other security measures, such as PCI DSS compliance, to provide a comprehensive security solution for CPoC applications.
It is worth noting that while the Approov solution can help to improve the security of CPoC applications, it is important for solution providers to follow the attestation process set forth by the payment industry organizations and comply with relevant security standards to ensure that their solutions are secure and compliant.