The 70 million Point of Sale terminals sold annually are increasingly taking advantage of off-the-shelf technology to lower costs and widen adoption. The most common of these off-the-shelf devices is the "humble" smart phone.
Inside Secure Products and Support enable Point of Sale (POS) vendors to quickly deliver the market benefits of mobile technology to their customers; securely fulfilling the certification requirements of PCI and the payment Schemes alike.
mPOS, as the technology is termed, can be split into three groups:
- Peripheral based (e.g. the initial offerings from Square and iZettle);
- PIN-on-COTS (or PIN-on-Glass).
The initial mPOS solutions were all peripheral based. These rely on specialised hardware devices to provide security around the transaction. iZettle, for example, has a Bluetooth card reader and pin pad to accept EMV ("chip") transactions.
Tap-to-phone and PIN-on-COTS depend on software security for some or all of their processing.
Tap-to-phone streamlines the traditional POS mobile. It restricts the use case to just contactless payments and does not allow a PIN to be entered into the POS device. This allows a mobile phone with NFC antenna to accept card payments - with no other hardware required.
PIN-on-COTS is a new standard from PCI. It allows card reading and entry to be split. Card reading is still performed by dedicated secure hardware; but PIN entry can be made on the touchscreen being used for the wider purchasing interface. This reduces the cost of good for the POS; but also means that the user's interact isn't split between a touchscreen and POS device - this greatly improves the user journey.
Pioneers in the mPOS space quickly found that the more security they put into software, the less dependent they are on hardware, and so can reach a larger market more quickly and at lower cost.
Inside Secure’s application shielding technologies are the ideal fit for any developer working in the mPOS space. The tools allow the developer to migrate security sensitive processing into a purely software domain by providing the software hardening required by PCI, EMVCo and the payment schemes. With Inside Secure’s Whitebox Tool protecting cryptographic operations in an exposed environment, and the Code Protection Tool defending against reverse engineering and malicious tampering of the application, the whole app is protected, even in unknown devices not controlled by the mPOS vendor.
These tools are proven in the payment market; with a long history of protecting multiple certified mobile payment solutions – both cloud-based payment and mPOS.