mPOS Security (Mobile Point of Sale)

Thales hardware security modules (HSMs) are already helping PSPs to deliver secure mobile point-of-sale (mPOS) solutions to large numbers of merchants, some accepting card payments for the first time


Mobile point-of-sale (mPOS) is a flexible, low cost method of expanding card acceptance in face-to-face environments by using hardware encryption technology to facilitate the use of untrusted devices across untrusted networks. A summary of the role of Thales HSMs in the mPOS ecosystem can be found below.

Many transactions involving small (or micro) merchants, often outside a physical retail store, do not involve a mPOS solution. Instead, these transactions still take place using cash rather than credit or debit cards. For traditional bank acquirers and payment service providers (PSPs) this is a very large market to address with card-based acceptance solutions.

However it is not an easy task since there are two potentially competing elements involved: low cost required by the merchants and high security required by the payment systems.

For many years traditional point-of-sale (POS) terminals have been rejected by micro merchants on the basis of their high cost, long term contractual commitments, restrictive user interfaces and PCI DSS compliance requirements. Today there is a clear move in the payments industry to adopt mobile point-of-sale (mPOS) technology to either replace or complement traditional POS terminals.

  • Challenges
  • Solutions
  • Benefits

mPOS Card Payments: Today’s Challenge

  • Ensuring that the smart phone or tablet cannot access sensitive payment data to eliminate the need for the device to undergo stringent security certifications
  • Protecting the card data from the point of capture through to the payment gateway to ensure the merchants stay out of scope for PCI DSS compliance
  • Enabling card acceptance to take place securely in locations outside a retail store where there is no fixed network connectivity, providing merchants maximum flexibility
  • Lowering the cost of supply and configuration of the card acceptance equipment, without compromising the expected physical security, to make it an attractive proposition for merchants with low transaction volumes

mPOS Security: Thales Solutions

Thales payShield hardware security modules (HSMs) are already helping PSPs to deliver secure mobile point-of-sale (mPOS) solutions to large numbers of merchants, some accepting card payments for the first time. The HSM performs three critical functions for PSPs – managing keys for the card readers, decrypting the encrypted transaction data received from the merchants and translating the PIN blocks for online PIN-based transactions. payShield HSMs meets all the relevant payment security certification standards (FIPS 140-2 Level 3 and PCI HSM) in addition to supporting various algorithms and key management methods used in mPOS transactions – with the ability to add custom functions to meet individual PSP requirements if necessary. Working in conjunction with numerous partners in the mPOS ecosystem, Thales enables all PSPs to choose from a wide range of card readers, providing fast, efficient and proven secure mPOS solutions with minimum integration risk.

Securing mPOS with Thales HSMs

  • Use the HSM to manage the mPOS card reader keys to suit the particular payment gateway requirements – secure generation and loading at the factory or via remote key injection after shipment to the merchant
  • Take advantage of the pre-integration with a wide range of leading mPOS card readers, enabling more choices for merchants
  • Comply with PCI HSM and PCI P2PE requirements out-of-the box with a hardware/software combination specifically designed for mPOS which simplifies PCI DSS compliance for both merchants and PSPs
  • Reduce time to integrate the HSM with the mPOS payment gateway by using Thales sample code and online test environment – ideal for PSPs new to HSMs and/or point-to-point encryption
  • Implement highly resilient hardware with full remote management flexibility – keeping all keys secure and providing ability to upgrade performance in line with mPOS transaction volume growth