Contactless Payments on COTS (CPoC)


Contactless Payments on COTS (CPoC)

This standard offers security requirements for solutions that enable a merchant’s commercial off-the-shelf (COTS) device (for example, phone or tablet) to accept contactless payments without the need for an external contactless reader by leveraging the native NFC capabilities inherent to a COTS device. This includes specific criteria for how solution providers protect payment data within their offerings, as well as the test requirements for laboratories to demonstrate the effectiveness of that security. 

Entities interested in the PCI CPoC standard may also consider the more recent PCI MPoC standard.

Important Information


Intended Audience

Entities developing, deploying, or managing solutions which accept contactless card entry on COTS devices.


CPoC Documents

Find all of the related documents in the PCI SSC Document Library.


Listings & Professionals

PCI SSC encourages merchants and their acquirers to use the PCI SSC listing in selecting a PCI-listed CPoC Solution that meets their needs.

Independent PCI-Recognized CPoC Laboratories evaluate CPoC solutions and related CPoC applications against the requirements of the PCI CPoC Standard and in accordance with the PCI CPoC Program Guide.


Training Information

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.