SoftPOS allows merchants to accept contactless payments directly on commercial off-the-shelf (COTS) devices. Because it is a new technology, questions may arise about payment security. Leading SoftPOS providers follow rigorous security standards, including Payment Card Industry (PCI) certification, strong network security, considerations for operating systems, and continual monitoring.
Software-based point of sale (SoftPOS) technology allows merchants to accept contactless payments directly on a mobile device. Near-field communication (NFC) allows the device to capture data from the chip on the customer’s contactless card or from the customer’s mobile wallet. Then, the SoftPOS application processes the transaction and gives the merchant approval in only a few seconds. The whole process is fast and customer-friendly.
But the advantages aren’t limited to the consumer side. One of the biggest benefits for merchants is that it allows them to accept payments on devices they use for other purposes. At a time when device memory is in high demand, SoftPOS allows merchants to use one device to run business applications and accept contactless payments. There are fewer devices to monitor and maintain, resulting in less complexity and a lower total cost of ownership (TCO).
As more people discover the advantages of SoftPOS and adoption grows, consumers will be able to make convenient contactless payments in more places, from their front doors during a delivery and curbside when they pick up an order to farm stands, taxi cabs, salons, shops, and restaurants.
However, because SoftPOS technology is new, merchants and consumers often ask whether it’s as safe as dipping a card in a security-hardened payment terminal. The answers to these five questions will give you the information you need to make SoftPOS payments with confidence, knowing that this technology protects payment data, consumer accounts, and merchants’ businesses.
Answers to Frequently Asked SoftPOS Security Questions
1. Does PCI Have SoftPOS Standards?
In 2022, the Payment Card Industry Security Standards Council (PCI SSC) published a new standard for contactless payments on commercial off-the-shelf (COTS) devices. The Mobile Payments on COTS (MPoC) Standard builds on previous standards: Contactless Payments on COTS (CPoC) and Software-based PIN Entry on COTS (SPoC). It addresses the security requirements related to accepting payments on a mobile device. However, the standard also governs how SoftPOS solutions can be developed, deployed, and maintained.
2. How Does A SoftPOS Application Become PCI-Certified?
Achieving PCI certification is an extremely rigorous process involving different layers of certification. In addition to complying with the MPoC standard, SoftPOS solutions providers must also meet all applicable requirements of the PCI Data Security Standard (PCI DSS), PCI PIN, and PCI Secure Software Lifecycle (PCI Secure SLC). Developers must also certify the software development kit (SDK) and white-labeled mobile app (if applicable) as well as the application itself.
Independent third parties perform penetration tests and other tests on SoftPOS applications before they’re certified and after the developer makes any significant changes. Developers invest a great deal of time and resources into maintaining compliance and application security.
3. How Does SoftPOS Protect Transmitted Data?
A SoftPOS application is designed to work on mobile devices, which can transmit data over Wi-Fi, a WLAN, a LAN, or a 4G or 5G network. SoftPOS, as with any payment technology, requires PCI-compliant network security. Because payment data may be transmitted via a cellular network, SoftPOS solutions providers implement strong security against man-in-the-middle attacks, which is enforced by PCI.
4. Are There Differences Between SoftPOS Security for iOS and Android Devices?
SoftPOS developers must recognize and address different security requirements in different operating system environments. Apple’s iOS is proprietary, which requires apps that run on iOS devices to conform to its technology. Security is prescribed by the platform. On the other hand, Android is open, which opens the door to more flexible development, but can also introduce security vulnerabilities. An experienced SoftPOS provider will address the security of its application on both platforms and closely monitor them in the field.
5. Can a Careless Employee Put Payment Data At Risk?
SoftPOS security is purposely designed not to have a single point of failure. The layered security that developers build into the solution ensures that one attempt at compromise will not put the solution at risk. If the SoftPOS provider detects unusual activity, it will make the device in question inoperable. Furthermore, if the provider detects a vulnerability with a particular OS running the application, it can disable that version of the application until the issue is addressed. Providers are committed to staying aware of what’s happening with their SoftPOS application in the field and providing the highest level of security.
Watch Convenient, Secure SoftPOS Adoption Grow
SoftPOS is secure by design and thoroughly tested. As more people understand that it’s a convenient and safe way to pay, adoption will grow rapidly around the world. Grand View Research predicts that the global market, which totaled about USD 365 million in 2024, will grow to USD 1,243.9 million by 2030, an incredible 23.1% CAGR from 2025 to 2030. North America was the largest market in 2024, but India is expected to log the highest CAGR in this timeframe. European markets, including Germany and the UK, are expected to see steady growth and increasing merchant demand, and the Asia Pacific region is set to see a 25.1% CAGR, driven by increasing digitalization and government cashless commerce initiatives.
Acquirers and ISVs that want to position themselves to capitalize on this growth will find that Ingenico is a valuable partner. Ingenico SoftPOS, a white-labeled solution, allows partners to offer a solution, and the Ingenico team is ready to help partners communicate information about SoftPOS security. Ingenico’s implementation processes also include a technology delivery phase in which new partners get to learn about and build confidence that they can address user questions and concerns.
To learn more about an Ingenico partnership and providing a secure Ingenico SoftPOS solution to your users, contact us.
FAQs
Yes, Ingenico offers Tap to Pay solutions with contactless payments, enabling quick, secure transactions via card or mobile device. Our SoftPOS technology, enhanced by the acquisition of Phos, turns smartphones and tablets into secure payment terminals, eliminating the need for traditional POS hardware. Perfect for small businesses, freelancers, and service providers, our solution combines flexibility, ease of use, and top-notch security.
For detailed product information and pricing, please get in touch with our sales team.
No, you can only connect a bank account that is in the same country where you signed up for Ingenico Tap to Pay solution.
Yes, you can accept international cards using Ingenico Tap to Pay solution. Any card displaying the Mastercard, Maestro, V PAY, or Visa logo can typically be processed. However, keep in mind the following:
- Cardholders may be charged additional currency conversion fees.
- Payout times for international transactions may take longer.
- All payments are subject to the card issuer’s approval.
The Ingenico Tap to Pay solution is compatible with any Android or Apple phone or tablet which runs OS Android 8.1 or above (and currently running OS Android 11 or above) or iPhone XS devices and above and iOS 16.4 version and above and has an NFC module.
Yes, as a regulated entity, we must comply with strict requirements set by financial regulators, card schemes (Visa and Mastercard), and our acquiring partner. This means we may not be able to support all business models. Restricted categories can change over time based on updates from our partners. We strive to keep the list of restricted categories up to date. For further questions, please contact our Support Team.
