Is Android POS secure enough to accept card payments?
Yes, but only if this Android POS is certified under PCI PTS, which is governed by PCI Security Standard Council https://www.pcisecuritystandards.org/, backed by all global payment card organizations. The primary goal of PCI SSC is to protect the Debit/Credit card data.
WizarPOS’s Q1 terminal is one of the world first PCI PTS certified Android POS.
Other than using PCI PTS certified Android POS, it is also doable for uses to develop the tap-on-phone payment application to accept NFC contactless bank cards on a regular off-the-shelf Android phone, if this payment application is compliant with PCI CPOC regulation and policy defined by card organizations regarding the transaction amount limitation. Please contact WizarPOS sales to learn more about our tap-on-phone solutions.
Security of Android POS vs. Traditional POS
The Android POS terminals, built on the open Android platform, address completely different sets of security challenges in contrast with traditional POS with proprietary embedded OS.
First, Android is 100 times more complicated than traditional proprietary embedded OS which has been optimized and hardened by POS vendors and proven to be relatively secure over the past three to four decades. In fact, Android OS consists of 100 million lines of source code, resulting in the implausibility to evaluate all the pieces, harden them, and maintain its security status. Hence, it requires not only decades of know-how by a team of experts but also commitment and determination at the company‘s strategic level.
Second, Android is an open platform, which means applications could be loaded post-deployment over the air. Therefore, the platform is prone to risks unless a whole new security mechanism and infrastructure are enhanced. Even though Android has its built-in security mechanisms, it is designed for consumer products, not rigid nor comprehensive enough for enterprise products, especially for a payment device.
Third, Android offers powerful features, for instance, the UI, multi-tasking, mobile communications, and off-the-shelf plug-ins. All of them greatly improve application development efficiency, user experience, and innovations, but it brings more vulnerabilities at the same time. Android devices are usually connected to the network all the time, leading to its 24/7 exposure on the Internet as well as hackers all over the world.
Is it safe to enter my PIN on the touch screen?
Yes, PIN-on-glass is secure enough to protect the cardholder’s PIN as long as the device is certified under PCI PTS. The fraud liability will be shifted from merchants to card organizations in case there is any security breach.
Do WizarPOS devices support NFC payments?
Yes, all the WizarPOS devices support NFC contactless payments. These devices are certified by Visa payWave, MasterCard payPass, Amex expresspay, Discover D-PAS and JCB J-Speedy. They also support Apple Pay, Google Pay and Samsung Pay.
What are the advantages of Android POS over conventional EFT POS?
- Easier application development. As an open platform, Android is a developer-friendly platform. With numerous mature developers, resources, and off-the-shelf components available in the Android community, application development becomes 10 times easier than it was on Linux POS at a much lower cost.
- Quicker integration. Modern application framework and API make it super quick to integrate an payment application with other applications, such as inventory management, loyalty programs, or restaurant management software. The integration could just take days instead of months as it was.
- Independence of device vendors and more. Unlike the conventional proprietary POS devices, investing in payment applications is independent of what the hardware device was chosen. These intellectual property assets could be saved when a client switches to new devices.
- More features. WizarPOS Android POS offers more features as a smartphone does: it enables a much wider range of innovations. For example, the map and GPS function could replace the traditional taxi meter with a piece of software on the POS.
Can ISO/ISV have the full control of the “App Store” for their Android POS terminals?
Yes, ISO/ISV will have the full control of the “App Store”. They can configure the application list, the black-list and white-list for terminals they own or manage. It is also doable for them to organize terminals into multiple groups or multiple levels of subgroups in which these lists could be customized for.
What is a retail POS system?
A retail POS is an ECR computer equipped with a touch screen, scanner, cash drawer, and a customer display. This computer typically comes with Windows OS and software to manage the inventory, pricing, sales, and customer data in store. If the store needs to accept bank cards, a payment device will be deployed as well.
What is a restaurant POS system?
A restaurant POS is an ECR computer equipped with a touch screen, cash drawer, printer, and a customer display. This computer typically comes with Windows OS and software to manage reservations, menus, tables, orders, and bills. In most cases, the restaurant will deploy a few handheld POS devices for servers to collect payments at the table.
What is an unattended POS system?
An unattended or self-service POS accepts payments compliant with PCI, EMV, NAMA, or EVA in an outdoor setting without cashiers. It usually features rigid tamper-proof design under harsh environments. The WizarPOS unattended POS supports all forms of payments and QR code scanning powered by the Android platform, while quickly integrating with or remodeling the traditional point of sales systems. The unattended POS are widely used in vending machines, self-serving services, gas stations, parking lots, laundromats, and amusement parks.
How does Android POS technology improve the retail POS system?
- Save counter space. Compared with clunky traditional ECR computers, Android POS is highly integrated and slim. Hence, it helps keep the counter tidy.
- Intuitive user interface and over-the-air setup & troubleshooting dramatically reduce the burden of training and maintenance.
- Wireless connectivity, by their nature, supports cloud-based POS software-as-a-service.
- One single platform for both payment acceptance and POS software, so the user experiences of both clerks and customers are integrated and smooth.
- One single platform for both countertop and mobile devices, for instance, the same software can run on both WizarPOS D3 and Q2. It brings flexibility, for example, the line-busting at busy hours could be easily handled with a few extra handheld Android POS.
- More affordable, thanks to the advanced supply chain of the Android ecosystem. The Android POS is much more cost-effective than the traditional hardware.
Overall, the total cost of owning and running a retail Android POS system could be trivial while it opens up various innovative solutions, which makes lives much easier for merchants, no matter whether they are supermarkets, big chains, or just a small mom-and-pop shop.
How does Android POS technology improve the restaurant POS system?
In a restaurant, Android POS technology could be applied to both the ECR at the counter and the payment devices.
The countertop ECR could be replaced by Android tablets such as WizarPOS D3, which is much more affordable, has built-in wireless connectivity to eliminate the mess of cords, supports better touch panel experience, and more intuitive user interface as what a tablet/smartphone offers, and is more stylish and slimmer than the clunky traditional ECR.
The payment device could be replaced by Android POS such as Q1/Q2/Q3. Unlike the conventional POS to only perform payments, an Android terminal is an open platform connected to the network all the time, with the basic payment app and a simple customized application on it to talk to the restaurant software, a server can manage all workflow on one device, at the table.
Furthermore, thanks to the excellent wireless connectivity, Android POS, by its nature, supports cloud-based POS software-as-a-service, so a restaurant owner does not need to purchase or maintain expensive in-house ECR hardware. It is also much easier and faster to add new features or value-added applications, such as the loyalty program, to the POS system.
What sets WizarPOS apart from other POS terminal providers?
The WizarPOS team has been committed to the security of open platform POS for two decades. Before the foundation of WizarPOS, our team had been participating in Visa’s initiative of Smart POS, or GlobalPlatform, an open platform for POS, for 10 years. Its security architecture covers the application firewall, sandbox, key management, and dynamic application loading while satisfying the security requirements of the financial industry.
The product received the world’s 1st PCI PED certification for mobile POS in 2005. It was also the first device tested against the MasterCard PTS, whose open protocol section addresses the security requirements of communication over open networks, mostly the Internet.
At WizarPOS, the team decided to migrate our expertise to Android from day one. It is the 10th year of WizarPOS R&D on Android POS, and we have continuously worked on it beyond 1,000 improvements so far.
How to develop your own application on Android POS?
Please go to the Developer page or contact WizarPOS sales to retrieve our SDK. You would be able to start programming your application in minutes if you have Android’s ADK experience.
How does a value-added application interact with the payment application?
How to deploy the applications over the air (OTA)?
You will be assigned with an account as soon as you purchase terminals. With this account, you can configure the application list to be deployed in the Terminal Management System (TMS), as well as options of how you want to schedule downloads. The actual download will start as soon as devices are connected to the network.
How to build a PCI-compliant payment solution based on Android?
If you don’t have your own application development resource, WizarPOS is willing to offer application development service. Please contact our sales team. WizarPOS payment expert team is delivering high-quality solutions to our clients worldwide quickly and professionally every week.
How does a restaurant POS system operate?
Usually, servers need to walk back and forth between tables and the cash register counter several times: take the order at the table, open the table and key in the order into the POS software at the counter, fetch the receipt when the customer asks for the bill, get the payment device from the counter to take payments at the table, and finally close the table in the POS software.
How does a retail POS system work?
The essential workflow of a retail POS system is similar to a multi-lane supermarket or a mom-and-pop shop in the street. The computer scans merchandise barcodes, sums up prices based on the setting in the retail POS software, prints and shows the total amount of payments, then a cashier takes cash or accepts a bank card. A payment device is engaged in this case.
Depending on the magnitude of buying power a merchant has, its POS software or SI vendor might integrate the ECR computer with the payment device so that the transaction amount could be sent through a cable automatically, rather than manually input by the shopkeeper.
How different is the WizarPOS Terminal Management System (TMS) from others in the market?
Prioritizing security is always the principle of our entire R&D efforts. For instance, when we develop the TMS, the team focused on the features of how to ensure the health of hardware and firmware, how to update the security patch on time, how to quarantine devices when it is at risk, and how to help ISOs with the full control of application loading and data packet granularity. Meanwhile, we disable features at the cost of user and developer experiences to not compromise security and do not introduce a flashy concept of an Android App Store as a priority.
What differentiates the QR code scanning of WizarPOS terminals from other brands?
The QR code scanning module in WizarPOS terminals features 100 frames per second (FPS) shots by a CMOS imaging sensor using a global shutter, hence delivering sharp images of fast-moving objects. In addition, the scanning module supports different types of QR and barcodes. Even better, WizarPOS offers custom solutions to tailor your needs.