Yes, but only if this Android POS is certified under PCI PTS, which is governed by PCI Security Standard Council https://www.pcisecuritystandards.org/, backed by all global payment card organizations. The primary goal of PCI SSC is to protect the Debit/Credit card data.
WizarPOS’s Q1 terminal is one of the world first PCI PTS certified Android POS.
Other than using PCI PTS certified Android POS, it is also doable for uses to develop the tap-on-phone payment application to accept NFC contactless bank cards on a regular off-the-shelf Android phone, if this payment application is compliant with PCI CPOC regulation and policy defined by card organizations regarding the transaction amount limitation. Please contact WizarPOS sales to learn more about our tap-on-phone solutions.
The Android POS terminals, built on the open Android platform, address completely different sets of security challenges in contrast with traditional POS with proprietary embedded OS.
First, Android is 100 times more complicated than traditional proprietary embedded OS which has been optimized and hardened by POS vendors and proven to be relatively secure over the past three to four decades. In fact, Android OS consists of 100 million lines of source code, resulting in the implausibility to evaluate all the pieces, harden them, and maintain its security status. Hence, it requires not only decades of know-how by a team of experts but also commitment and determination at the company‘s strategic level.
Second, Android is an open platform, which means applications could be loaded post-deployment over the air. Therefore, the platform is prone to risks unless a whole new security mechanism and infrastructure are enhanced. Even though Android has its built-in security mechanisms, it is designed for consumer products, not rigid nor comprehensive enough for enterprise products, especially for a payment device.
Third, Android offers powerful features, for instance, the UI, multi-tasking, mobile communications, and off-the-shelf plug-ins. All of them greatly improve application development efficiency, user experience, and innovations, but it brings more vulnerabilities at the same time. Android devices are usually connected to the network all the time, leading to its 24/7 exposure on the Internet as well as hackers all over the world.
Yes, PIN-on-glass is secure enough to protect the cardholder’s PIN as long as the device is certified under PCI PTS. The fraud liability will be shifted from merchants to card organizations in case there is any security breach.
Yes, all the WizarPOS devices support NFC contactless payments. These devices are certified by Visa payWave, MasterCard payPass, Amex expresspay, Discover D-PAS and JCB J-Speedy. They also support Apple Pay, Google Pay and Samsung Pay.
- Easier application development. As an open platform, Android is a developer-friendly platform. With numerous mature developers, resources, and off-the-shelf components available in the Android community, application development becomes 10 times easier than it was on Linux POS at a much lower cost.
- Quicker integration. Modern application framework and API make it super quick to integrate an payment application with other applications, such as inventory management, loyalty programs, or restaurant management software. The integration could just take days instead of months as it was.
- Independence of device vendors and more. Unlike the conventional proprietary POS devices, investing in payment applications is independent of what the hardware device was chosen. These intellectual property assets could be saved when a client switches to new devices.
- More features. WizarPOS Android POS offers more features as a smartphone does: it enables a much wider range of innovations. For example, the map and GPS function could replace the traditional taxi meter with a piece of software on the POS.
Yes, ISO/ISV will have the full control of the “App Store”. They can configure the application list, the black-list and white-list for terminals they own or manage. It is also doable for them to organize terminals into multiple groups or multiple levels of subgroups in which these lists could be customized for.
A retail POS is an ECR computer equipped with a touch screen, scanner, cash drawer, and a customer display. This computer typically comes with Windows OS and software to manage the inventory, pricing, sales, and customer data in store. If the store needs to accept bank cards, a payment device will be deployed as well.
A restaurant POS is an ECR computer equipped with a touch screen, cash drawer, printer, and a customer display. This computer typically comes with Windows OS and software to manage reservations, menus, tables, orders, and bills. In most cases, the restaurant will deploy a few handheld POS devices for servers to collect payments at the table.
An unattended or self-service POS accepts payments compliant with PCI, EMV, NAMA, or EVA in an outdoor setting without cashiers. It usually features rigid tamper-proof design under harsh environments. The WizarPOS unattended POS supports all forms of payments and QR code scanning powered by the Android platform, while quickly integrating with or remodeling the traditional point of sales systems. The unattended POS are widely used in vending machines, self-serving services, gas stations, parking lots, laundromats, and amusement parks.
- Save counter space. Compared with clunky traditional ECR computers, Android POS is highly integrated and slim. Hence, it helps keep the counter tidy.
- Intuitive user interface and over-the-air setup & troubleshooting dramatically reduce the burden of training and maintenance.
- Wireless connectivity, by their nature, supports cloud-based POS software-as-a-service.
- One single platform for both payment acceptance and POS software, so the user experiences of both clerks and customers are integrated and smooth.
- One single platform for both countertop and mobile devices, for instance, the same software can run on both WizarPOS D3 and Q2. It brings flexibility, for example, the line-busting at busy hours could be easily handled with a few extra handheld Android POS.
- More affordable, thanks to the advanced supply chain of the Android ecosystem. The Android POS is much more cost-effective than the traditional hardware.
Overall, the total cost of owning and running a retail Android POS system could be trivial while it opens up various innovative solutions, which makes lives much easier for merchants, no matter whether they are supermarkets, big chains, or just a small mom-and-pop shop.
In a restaurant, Android POS technology could be applied to both the ECR at the counter and the payment devices.
The countertop ECR could be replaced by Android tablets such as WizarPOS D3, which is much more affordable, has built-in wireless connectivity to eliminate the mess of cords, supports better touch panel experience, and more intuitive user interface as what a tablet/smartphone offers, and is more stylish and slimmer than the clunky traditional ECR.
The payment device could be replaced by Android POS such as Q1/Q2/Q3. Unlike the conventional POS to only perform payments, an Android terminal is an open platform connected to the network all the time, with the basic payment app and a simple customized application on it to talk to the restaurant software, a server can manage all workflow on one device, at the table.
Furthermore, thanks to the excellent wireless connectivity, Android POS, by its nature, supports cloud-based POS software-as-a-service, so a restaurant owner does not need to purchase or maintain expensive in-house ECR hardware. It is also much easier and faster to add new features or value-added applications, such as the loyalty program, to the POS system.
An Electronic Data Capture (EDC) terminal, also known as a payment terminal or card terminal, is a device used by businesses to accept electronic payments from customers. It plays a crucial role in modern payment processing, enabling transactions using various payment methods such as credit cards, debit cards, contactless payments, and sometimes even mobile wallets.
The WizarPOS team has been committed to the security of open platform POS for two decades. Before the foundation of WizarPOS, our team had been participating in Visa’s initiative of Smart POS, or GlobalPlatform, an open platform for POS, for 10 years. Its security architecture covers the application firewall, sandbox, key management, and dynamic application loading while satisfying the security requirements of the financial industry.
The product received the world’s 1st PCI PED certification for mobile POS in 2005. It was also the first device tested against the MasterCard PTS, whose open protocol section addresses the security requirements of communication over open networks, mostly the Internet.
At WizarPOS, the team decided to migrate our expertise to Android from day one. It is the 10th year of WizarPOS R&D on Android POS, and we have continuously worked on it beyond 1,000 improvements so far.
You will be assigned with an account as soon as you purchase terminals. With this account, you can configure the application list to be deployed in the Terminal Management System (TMS), as well as options of how you want to schedule downloads. The actual download will start as soon as devices are connected to the network.
If you don’t have your own application development resource, WizarPOS is willing to offer application development service. Please contact our sales team. WizarPOS payment expert team is delivering high-quality solutions to our clients worldwide quickly and professionally every week.
Usually, servers need to walk back and forth between tables and the cash register counter several times: take the order at the table, open the table and key in the order into the POS software at the counter, fetch the receipt when the customer asks for the bill, get the payment device from the counter to take payments at the table, and finally close the table in the POS software.
The essential workflow of a retail POS system is similar to a multi-lane supermarket or a mom-and-pop shop in the street. The computer scans merchandise barcodes, sums up prices based on the setting in the retail POS software, prints and shows the total amount of payments, then a cashier takes cash or accepts a bank card. A payment device is engaged in this case.
Depending on the magnitude of buying power a merchant has, its POS software or SI vendor might integrate the ECR computer with the payment device so that the transaction amount could be sent through a cable automatically, rather than manually input by the shopkeeper.
Prioritizing security is always the principle of our entire R&D efforts. For instance, when we develop the TMS, the team focused on the features of how to ensure the health of hardware and firmware, how to update the security patch on time, how to quarantine devices when it is at risk, and how to help ISOs with the full control of application loading and data packet granularity. Meanwhile, we disable features at the cost of user and developer experiences to not compromise security and do not introduce a flashy concept of an Android App Store as a priority.
The QR code scanning module in WizarPOS terminals features 100 frames per second (FPS) shots by a CMOS imaging sensor using a global shutter, hence delivering sharp images of fast-moving objects. In addition, the scanning module supports different types of QR and barcodes. Even better, WizarPOS offers custom solutions to tailor your needs.
The WizarPOS Smart EDC terminal in Indonesia is designed to support a wide range of payment methods, ensuring versatility and convenience for both businesses and customers. With the WizarPOS Smart EDC terminal, you can accept the following types of payments:
-QR code payments
-EMV chip cards
-Electronic funds transfer
-Gift cards & vouchers
It’s important to note that the specific types of payments accepted by the WizarPOS Smart EDC terminal may vary based on the terminal model, software configurations, and partnerships with local payment processors. Before using the terminal, it’s recommended to check with the manufacturer or distributor for detailed information about the supported payment methods and any necessary setup procedures.
Electronic Data Capture (EDC) terminals employ a range of security measures to prevent fraud and protect sensitive cardholder information during payment transactions. These measures are designed to adhere to industry standards and regulations, such as the Payment Card Industry PIN Transaction Security (PCI PTS). Here are some key security features and practices implemented in EDC terminals to prevent fraud:
- **Encryption**: EDC terminals use strong encryption algorithms to protect data transmitted between the terminal and the payment processor. This ensures that sensitive information, such as card numbers and PINs, remains unreadable and secure during transmission.
- **Tokenization**: Tokenization involves replacing card data with unique tokens. Even if intercepted, these tokens are meaningless and cannot be used to initiate fraudulent transactions. Tokenization adds an extra layer of security to cardholder data.
- **EMV Chip Technology**: EDC terminals equipped with EMV (Europay, Mastercard, Visa) chip technology enhance security by generating dynamic transaction data for each payment. This makes it difficult for attackers to clone or counterfeit chip cards.
- **Point-to-Point Encryption (P2PE)**: P2PE ensures that cardholder data is encrypted at the point of entry (card swipe or insert) and remains encrypted until it reaches the payment processor. This prevents unauthorized access to sensitive information at any point in the transaction process.
- **Secure PIN Entry**: EDC terminals provide secure PIN entry mechanisms, such as tamper-resistant PIN pads, to prevent unauthorized access to PINs during cardholder verification.
- **Tamper Detection**: Terminals are designed with physical tamper detection mechanisms that trigger alerts if the device is tampered with or manipulated, helping to prevent skimming or other attacks.
- **Regular Security Updates**: Manufacturers and service providers release regular software updates and patches to address known vulnerabilities and enhance the terminal’s security features.
- **Secure Boot**: EDC terminals use secure boot processes to ensure that only authorized and verified software can run on the device, preventing unauthorized modifications.
- **Authentication and Authorization**: EDC terminals authenticate themselves to the payment processor before initiating transactions, and transactions are authorized through multi-factor authentication processes.
- **Security Auditing and Monitoring**: EDC terminals are often equipped with auditing and monitoring capabilities to track and log all transactions and system activities, enabling swift identification and response to suspicious or unusual behavior.
- **Physical Security**: EDC terminals are built with physical security features to deter tampering or theft. This includes locks, alarms, and reinforced casing.
- **User Access Controls**: Access to the terminal’s settings and configuration is restricted through authentication, ensuring that only authorized personnel can make changes.
It’s important to note that maintaining security also involves best practices by merchants, such as regular staff training, proper physical placement of terminals, and complying with PCI PTS requirements. As the threat landscape evolves, EDC terminal security measures are continuously updated to stay ahead of potential risks and ensure the integrity of payment transactions.
The WizarPOS R&D team has spent decades hardening security of Android payment devices and achieving the world’s first PCI PTS-certified Android POS.