The recent emergence of devices that can be attached to smartphones, turning the phones into mobile point-of-sale terminals, has raised concerns about whether innovation is being promoted at the cost of security standards.In March, PayPal launched PayPal Here, the first MPOS terminal in the local market. It combines a smartphone application and a small card reader that plugs into the phone.The set-up allows small merchants to process MasterCard and Visa debit and credit transactions through their smartphones.Earlier this month, Paymate launched a similar service called Paymate OnTheGo.And, this week, Commonwealth Bank launched an MPOS terminal, Leo, which also attaches to a smartphone. Leo will be able to read the EMV chips, magnetic stripes and the contactless systems embedded in credit and debit cards but the PayPal Here and Paymate OnTheGo MPOS terminals will only be able to read the magnetic stripes.This appears to be in breach of the Visa and MasterCard security standards.In 2009, Visa announced its seven-point plan to "crack down on card fraud". Part of the plan was that by April 2012 "all merchant acceptance terminals must be chip capable and activated".Visa said, in a media release: "From January 2010 all new Visa cards issued in Australia will feature secure embedded smart chips to give Australians a higher level of confidence in the security of their transactions."These initiatives are part of a comprehensive security upgrade aimed at providing cardholders with a higher level of confidence and significantly reducing all types of card fraud."A Visa spokesperson confirmed that the policy regarding merchant acceptance terminals was in force.In May this year, MasterCard issued a statement saying that it supported the use of mobile payment card readers as a way of extending card acceptance for small and micro-businesses.It issued best practice guidelines, which assume that devices that attach to smart phones will be able to read an EMV chip. In its description of an MPOS terminal, MasterCard says: "These accessories provide for magnetic stripe, EMV chip and contactless acceptance."In response to a question about whether it was in breach of industry accepted security standards, PayPal's director of product, strategy and new business, Andrew Rechtman, provided this written response: "Both Visa and MasterCard have a wide range of requirements for the processing of card transactions, one of which is a clear migration path for all POS terminals to be EMV compatible."We are working with industry players and our business partners to ensure that the PayPal Here service operates within relevant scheme rules."Andrew Pipolo, the head of e-commerce at FlexiGroup, which owns Paymate, said a transaction using the Paymate MPOS terminal would not breach the standard because, technically, it was a card-not-present transaction (which is subject to different rules).Pipolo said: "The magnetic stripe reader is reading the data as if you were putting it into the phone yourself."He said MPOS terminals would evolve and would be EMV-capable.Other financial institutions are unhappy that they have to compete in this emerging market with providers that justify their non-compliance by claiming they are working to a