Fime opens Melbourne lab to bolster SoftPOS security

Fime has opened a software security laboratory in Melbourne focused on PCI Mobile Payments on COTS (MPoC), a standard for software-based payment acceptance on consumer devices.

The lab expands Fime's payments testing and certification work as more merchants and service providers adopt SoftPOS products. These systems use NFC-enabled smartphones and tablets to accept contactless card payments instead of dedicated terminals.

Forecasts cited by Fime project SoftPOS will grow rapidly, with global transaction value projected to reach $540 billion by 2030, up from $23.9 billion in 2025. As payment acceptance shifts to general-purpose devices and mobile operating systems, software security faces greater scrutiny than it does on locked-down point-of-sale hardware.

What MPoC Covers

PCI MPoC is part of a broader set of payment security programmes designed to reduce fraud and data compromise. In the SoftPOS model, the payment acceptance software is a critical control point. MPoC certification typically assesses how an application protects sensitive data, responds to tampering, and interacts with other components such as back-end systems and payment kernels.

The Melbourne laboratory will provide MPoC software security testing and certification services, extending Fime's role beyond functional verification. Functional testing checks whether a payment product behaves as required by card schemes and specifications. Security evaluation assesses whether the software is resistant to attacks and meets relevant requirements.

Lifecycle Testing

Fime said the facility will support the full MPoC certification lifecycle, from pre-assessment and formal evaluation to ongoing activities, including annual checkpoints and revalidation. These steps often form part of continuing compliance, particularly when vendors release new versions, change device support, or update software components.

Fime also tied the expansion to its existing Level 2 and Level 3 services, common industry terms for terminal and kernel testing. They cover different aspects of contactless and EMV behaviour. With a dedicated software security lab, Fime can combine functional and security assessment in one place.

SoftPOS vendors often undergo multiple rounds of testing across disciplines and must manage integration among mobile applications, secure components, and payment processing services. Consolidating some of that work with a single provider can reduce administrative overhead, while still requiring compliance with the underlying standards and scheme rules.

Noël Catherine, SVP Services at Fime, positioned the laboratory as part of a broader shift in the company's service mix.

"Opening our Melbourne software security lab is a major step in Fime's evolution as a trusted testing partner. By adding a highly experienced and reputable local team grounded in decades of evolved security testing, Fime enhances its established L2 and L3 functional testing capabilities, enabling customers to benefit from full lifecycle support in a single, streamlined, end-to-end process," said Catherine.

Why Melbourne

Fime did not disclose the size of the Melbourne team or the investment behind the lab. The move places software security expertise in a market with widespread adoption of contactless payments, where banks, acquirers, fintechs, and payment service providers have promoted mobile-first offerings.

For global suppliers, an Australian lab can also support organisations operating across the Asia-Pacific. SoftPOS adoption varies by country and sector, with use cases ranging from small merchants and pop-up retailers to field services and transport settings where a mobile device can be more practical than a countertop terminal.

The broader trend is a shift from hardware-centric payment acceptance to software-first approaches, bringing different operational risks. General-purpose devices receive frequent operating system updates, run many applications, and operate in environments with weaker physical controls than a fixed retail lane.

These factors have increased the need for software assurance and repeatable security testing, particularly as payment acceptance moves to devices not designed solely for card transactions. Vendors also face pressure to keep pace with changes in mobile platforms while maintaining compliance.

Fime combines consulting with functional and security testing, and operates globally with a consulting division under the Consult Hyperion brand. The Melbourne facility adds a dedicated MPoC security-testing capability as payment acceptance continues to shift to NFC-enabled consumer hardware.