Security and protection contactless payment or via mobile phone with nfc chip. Vector

2021 Time Capsule: A Year of Attaining Certifications

20 Dec, 2021

If we had to choose one takeaway from 2021 to pen down for posterity (from the many), it would be diving into the world of certifications so our solutions meet the highest security standards and give clients (and their customers) peace of mind.

SmartPesa’s payment solutions are PCI DSS Level 1, CPoC and PIN-on-Glass certified with SPoC nearing completion. To be able to make this claim, our team of mobile and server-side engineers worked tirelessly to overcome a multitude of technical challenges with careful design and implementation.

Our resident go-to guy for certifications — Senior Developer Tâm Huỳnh — shares his experience, “We’ve had to jump through hoops to satisfy the certification standards, but it has also been gratifying to tackle these challenges and make security practicable. Knowing this security protects small merchants and users in the last mile also gives me immense satisfaction!”

PCI Contactless Payments on COTS (CPoC) Certification

Completion of the PCI CPoC certification process in late 2020 put SmartPesa onto a rapid growth path for 2021. We went on to work with leading banks and acquirers like Hello Group, Izipay, Mastercard, Nedbank and Paymob to enable last-mile inclusion for merchants with our SoftPOS technology.

It was also one of the most technically difficult certificates to obtain with over 600 requirements and months of detailed scrutiny by an independent lab.

PIN on Glass Certification by Mastercard and Visa

Following PCI CPoC certification, our team identified a shortcoming of the CPoC standard, namely the lack of PIN support for transactions over CVM limits. In order to solve this problem for users with a seamless customer experience in mind, we again spent many months “in the lab” certifying our SoftPOS-with-PIN with Mastercard and Visa.

With PCI CPoC and PIN on Glass under our belt, we were able to bring our tech rapidly to markets, increasing our global reach to 11 markets across three continents.

Payment Card Industry Data Security Standard (PCI DSS) Level 1 Certification

On the backend, obtaining Level 1 PCI DSS certification has allowed SmartPesa to provide managed services to top-tier banks. By ensuring a secure environment for the processing, storage and transmission of credit card information, we are able to avoid the complexity of on-premise deployments.

PCI Software-Based PIN Entry on COTS (SPoC) Certification

Rounding up the certifications for 2021 is our SPoC certification. This enables SmartPesa to provide low-cost mPOS-type devices at a fraction of the cost of other mPOS units, with the added benefit of handling PIN entry on Android phones.

Compliance with Local Payment Systems

We also broadened our support for local schemes, for example, certifying with major Indian-based payment system RuPay so our payment solutions can accept all standard and popular forms of payment.

“Looking ahead to 2022, SmartPesa has built the technical and managerial foundations needed to assist clients through a rapidly changing payments landscape and to meet the challenges of all new and existing PCI or scheme certifications,” shares Barry Levett, founder and executive chairman.

We’re excited to see where this journey takes us!