What do we expect to see in SoftPOS through the second half of 2023, will Apple change the game with Tap to Pay on iPhone? Will MPoC gain real traction?

It's been several months since my last update on SoftPOS, and during this time, it seems like the market is in a bit of a limbo phase. The hard work of the PCI Mobile Task Force is now complete, and the MPoC (Mobile Payments on COTS) specifications have gone through two stages of review and have been officially released by the Payment Card Industry (PCI). Now, everyone eagerly awaits large-scale deployments enabled by MPoC. These specifications have finally paved the way for production deployments in the market. From what I hear, numerous companies are scrambling to finalize their solutions, undergo penetration testing, obtain certification, and integrate their systems into back-end infrastructure for real market deployment.

Personally, as a UK resident, I don't anticipate witnessing many significant SoftPOS solution deployments in the UK. This is primarily due to the fact that the UK is an offline PIN market. In such markets, contactless cards are limited to transactions under £100, as contactless and PIN-based transactions are not possible. In an offline PIN transaction, the PIN is passed to the card for validation instead of being sent to the bank. Unfortunately, this is not an option for contactless cards, which SoftPOS primarily focuses on. However, if you're using a mobile wallet like Apple Pay or Google Wallet, this restriction no longer applies. User authentication on the phone, usually through secure biometric authentication, replaces the need for a PIN. Despite the growing popularity of mobile wallets, physical cards remain the dominant payment method. For retailers, unless all their transactions fall below £100, they may still need a traditional payment terminal as a backup to support transactions above that threshold. Unless something fundamentally changes, the UK is unlikely to become a robust SoftPOS market.

I'm aware that some companies are exploring an approach that combines a SoftPOS solution with a Secure Card Reader for PIN (SCRP), like those used for SPoC (Software PIN on COTS). An SCRP is a secure card reader that connects to a mobile device via Bluetooth, enabling physical contact transactions and facilitating high-value payments. However, in my opinion, this approach undermines the primary advantage of MPoC SoftPOS solutions, which is the elimination of additional hardware. With SoftPOS, a simple phone can be used for card reading and PIN entry. Having to keep track of an occasional-use card reader and ensuring it remains charged can be quite challenging. Fortunately, most countries do not face this offline PIN restriction. Offline PIN transactions in Europe are limited to the UK and France, and France has sensibly started transitioning to an online PIN model.

Over the past few weeks, Apple has started announcing real partnerships and deployments for its SoftPOS solution, Tap to Pay on iPhone, with releases in the US, Taiwan and now Australia announced. What’s interesting is that they are deploying a CPoC rather than MPoC solution, no PIN entry supported They have also managed to negotiate a revenue share business model, taking a slice of the transaction fees, which is not something many SoftPOS solution providers can demand! To date there has been no news about deployments in Europe, but it's likely that Apple is quietly establishing acquirer relationships, obtaining MPoC certification, and preparing for a significant market entry. But, as with everything else in SoftPOS, we'll just have to wait and see.