SISA has become India’s first PCI-recognised laboratory authorised to conduct security evaluations under the MPoC standard, enabling testing and certification of mobile-based payment solutions such as SoftPOS and Tap-to-Phone apps amid rising adoption of smartphone-led payment acceptance.
Dharshan Shanthamurthy
Cybersecurity firm SISA has been approved by the PCI Security Standards Council (PCI SSC) as a recognised laboratory to conduct security evaluations of payment acceptance devices and solutions, becoming the first in India to receive authorisation under the Mobile Payments on Commercial Off-The-Shelf (MPoC) standard.
The recognition places SISA among a select group of global labs authorised to test and validate whether payment technologies meet stringent standards for protecting cardholder data. Notably, it enables the company to evaluate mobile-based payment solutions such as SoftPOS and Tap-to-Phone applications operating on smartphones and tablets.
The development comes at a time when mobile devices are increasingly being used as payment acceptance terminals, accelerating the need for robust security frameworks across the digital payments ecosystem.
“As mobile phones rapidly evolve into merchant acceptance terminals, the definition of trust in payments must evolve with them,” said Dharshan Shanthamurthy, Founder and CEO, SISA. “We are proud to support the global payments ecosystem in securing the next generation of mobile payment acceptance.”
Under the MPoC standard, companies must ensure that their applications meet strict security controls before being approved for deployment. SISA’s new capabilities will allow payment solution providers to undergo formal validation and certification, helping them comply with global security requirements.
The company said its MPoC services will span the full compliance lifecycle, including readiness assessments, gap analysis, SDK integration guidance, training, and end-to-end evaluation support.
SISA already holds multiple recognitions from PCI SSC across programmes such as Qualified Security Assessor (QSA), PCI Forensic Investigator (PFI), and Secure Software Assessor, enabling it to offer services ranging from compliance validation to breach investigation.
Welcoming the development, Deanne Zettler, Head of Product and Technology at PCI SSC, said the council is committed to maintaining high-quality laboratory programmes and expressed confidence in SISA’s ability to deliver robust security testing.
The milestone adds to SISA’s expanding presence in the cybersecurity space. The company has previously collaborated with CERT-In on India’s Digital Threat Report and is planning to set up a hardware security lab, “Cyber Nalanda”.
With digital payments and Tap-to-Phone solutions witnessing rapid adoption globally, industry experts say the presence of a domestic PCI-recognised lab could significantly strengthen India’s payment security infrastructure.
Empower your business. Get practical tips, market insights, and growth strategies delivered to your inbox
By continuing you agree to our Privacy Policy & Terms & Conditions
