Yes, but only if this Android POS is certified under PCI PTS, which is governed by PCI Security Standard Council https://www.pcisecuritystandards.org/, backed by all global payment card organizations. The primary goal of PCI SSC is to protect the Debit/Credit card data.
WizarPOS’s Q1 terminal is one of the world first PCI PTS certified Android POS.
Other than using PCI PTS certified Android POS, it is also doable for uses to develop the tap-on-phone payment application to accept NFC contactless bank cards on a regular off-the-shelf Android phone, if this payment application is compliant with PCI CPOC regulation and policy defined by card organizations regarding the transaction amount limitation. Please contact WizarPOS sales to learn more about our tap-on-phone solutions.
The Android POS terminals, built on the open Android platform, address completely different sets of security challenges in contrast with traditional POS with proprietary embedded OS.
First, Android is 100 times more complicated than traditional proprietary embedded OS which has been optimized and hardened by POS vendors and proven to be relatively secure over the past three to four decades. In fact, Android OS consists of 100 million lines of source code, resulting in the implausibility to evaluate all the pieces, harden them, and maintain its security status. Hence, it requires not only decades of know-how by a team of experts but also commitment and determination at the company‘s strategic level.
Second, Android is an open platform, which means applications could be loaded post-deployment over the air. Therefore, the platform is prone to risks unless a whole new security mechanism and infrastructure are enhanced. Even though Android has its built-in security mechanisms, it is designed for consumer products, not rigid nor comprehensive enough for enterprise products, especially for a payment device.
Third, Android offers powerful features, for instance, the UI, multi-tasking, mobile communications, and off-the-shelf plug-ins. All of them greatly improve application development efficiency, user experience, and innovations, but it brings more vulnerabilities at the same time. Android devices are usually connected to the network all the time, leading to its 24/7 exposure on the Internet as well as hackers all over the world.
Yes, PIN-on-glass is secure enough to protect the cardholder’s PIN as long as the device is certified under PCI PTS. The fraud liability will be shifted from merchants to card organizations in case there is any security breach.
Yes, all the WizarPOS devices support NFC contactless payments. These devices are certified by Visa payWave, MasterCard payPass, Amex expresspay, Discover D-PAS and JCB J-Speedy. They also support Apple Pay, Google Pay and Samsung Pay.
- Easier application development. As an open platform, Android is a developer-friendly platform. With numerous mature developers, resources, and off-the-shelf components available in the Android community, application development becomes 10 times easier than it was on Linux POS at a much lower cost.
- Quicker integration. Modern application framework and API make it super quick to integrate an payment application with other applications, such as inventory management, loyalty programs, or restaurant management software. The integration could just take days instead of months as it was.
- Independence of device vendors and more. Unlike the conventional proprietary POS devices, investing in payment applications is independent of what the hardware device was chosen. These intellectual property assets could be saved when a client switches to new devices.
- More features. WizarPOS Android POS offers more features as a smartphone does: it enables a much wider range of innovations. For example, the map and GPS function could replace the traditional taxi meter with a piece of software on the POS.
Yes, ISO/ISV will have the full control of the “App Store”. They can configure the application list, the black-list and white-list for terminals they own or manage. It is also doable for them to organize terminals into multiple groups or multiple levels of subgroups in which these lists could be customized for.
A retail POS is an ECR computer equipped with a touch screen, scanner, cash drawer, and a customer display. This computer typically comes with Windows OS and software to manage the inventory, pricing, sales, and customer data in store. If the store needs to accept bank cards, a payment device will be deployed as well.
A restaurant POS is an ECR computer equipped with a touch screen, cash drawer, printer, and a customer display. This computer typically comes with Windows OS and software to manage reservations, menus, tables, orders, and bills. In most cases, the restaurant will deploy a few handheld POS devices for servers to collect payments at the table.
- Save counter space. Compared with clunky traditional ECR computers, Android POS is highly integrated and slim. Hence, it helps keep the counter tidy.
- Intuitive user interface and over-the-air setup & troubleshooting dramatically reduce the burden of training and maintenance.
- Wireless connectivity, by their nature, supports cloud-based POS software-as-a-service.
- One single platform for both payment acceptance and POS software, so the user experiences of both clerks and customers are integrated and smooth.
- One single platform for both countertop and mobile devices, for instance, the same software can run on both WizarPOS D3 and Q2. It brings flexibility, for example, the line-busting at busy hours could be easily handled with a few extra handheld Android POS.
- More affordable, thanks to the advanced supply chain of the Android ecosystem. The Android POS is much more cost-effective than the traditional hardware.
Overall, the total cost of owning and running a retail Android POS system could be trivial while it opens up various innovative solutions, which makes lives much easier for merchants, no matter whether they are supermarkets, big chains, or just a small mom-and-pop shop.
In a restaurant, Android POS technology could be applied to both the ECR at the counter and the payment devices.
The countertop ECR could be replaced by Android tablets such as WizarPOS D3, which is much more affordable, has built-in wireless connectivity to eliminate the mess of cords, supports better touch panel experience, and more intuitive user interface as what a tablet/smartphone offers, and is more stylish and slimmer than the clunky traditional ECR.
The payment device could be replaced by Android POS such as Q1/Q2/Q3. Unlike the conventional POS to only perform payments, an Android terminal is an open platform connected to the network all the time, with the basic payment app and a simple customized application on it to talk to the restaurant software, a server can manage all workflow on one device, at the table.
Furthermore, thanks to the excellent wireless connectivity, Android POS, by its nature, supports cloud-based POS software-as-a-service, so a restaurant owner does not need to purchase or maintain expensive in-house ECR hardware. It is also much easier and faster to add new features or value-added applications, such as the loyalty program, to the POS system.
The WizarPOS team has been committed to the security of open platform POS for two decades. Before the foundation of WizarPOS, our team had been participating in Visa’s initiative of Smart POS, or GlobalPlatform, an open platform for POS, for 10 years. Its security architecture covers the application firewall, sandbox, key management, and dynamic application loading while satisfying the security requirements of the financial industry.
The product received the world’s 1st PCI PED certification for mobile POS in 2005. It was also the first device tested against the MasterCard PTS, whose open protocol section addresses the security requirements of communication over open networks, mostly the Internet.
At WizarPOS, the team decided to migrate our expertise to Android from day one. It is the 10th year of WizarPOS R&D on Android POS, and we have continuously worked on it beyond 1,000 improvements so far.
You will be assigned with an account as soon as you purchase terminals. With this account, you can configure the application list to be deployed in the Terminal Management System (TMS), as well as options of how you want to schedule downloads. The actual download will start as soon as devices are connected to the network.
If you don’t have your own application development resource, WizarPOS is willing to offer application development service. Please contact our sales team. WizarPOS payment expert team is delivering high-quality solutions to our clients worldwide quickly and professionally every week.
Usually, servers need to walk back and forth between tables and the cash register counter several times: take the order at the table, open the table and key in the order into the POS software at the counter, fetch the receipt when the customer asks for the bill, get the payment device from the counter to take payments at the table, and finally close the table in the POS software.
The essential workflow of a retail POS system is similar to a multi-lane supermarket or a mom-and-pop shop in the street. The computer scans merchandise barcodes, sums up prices based on the setting in the retail POS software, prints and shows the total amount of payments, then a cashier takes cash or accepts a bank card. A payment device is engaged in this case.
Depending on the magnitude of buying power a merchant has, its POS software or SI vendor might integrate the ECR computer with the payment device so that the transaction amount could be sent through a cable automatically, rather than manually input by the shopkeeper.
Prioritizing security is always the principle of our entire R&D efforts. For instance, when we develop the TMS, the team focused on the features of how to ensure the health of hardware and firmware, how to update the security patch on time, how to quarantine devices when it is at risk, and how to help ISOs with the full control of application loading and data packet granularity. Meanwhile, we disable features at the cost of user and developer experiences to not compromise security and do not introduce a flashy concept of an Android App Store as a priority.