Appearance

Virtual POS

What is a Virtual POS?

A virtual POS (Point of Sale) system is a software-based solution that allows businesses to process payments from customers without the need for physical hardware, such as card terminals. It operates entirely on computers or mobile devices, connecting to payment gateways to facilitate transactions securely over the internet. Virtual POS systems often offer features such as inventory management, sales reporting, and customer relationship management (CRM), providing businesses with comprehensive tools to manage their sales operations efficiently.

What is NFC ?

NFC (Near Field Communication) Is a wireless communication technology that allows devices to exchange data when they are in proximity, typically within a few centimeters. NFC is commonly used for contactless payments, data transfer between devices, and access control systems.

Architecture

The virtual POS system consists of the following components:

  1. Initiation of Payment Process: The journey begins when a user decides to make a payment. This decision is triggered by the user tapping on a specific option within their device's interface, labeled as "pay." This action is the catalyst for the entire payment process to unfold.

  2. NFC Reader Activation: Upon the user's tap, the device's NFC (Near Field Communication) reader is activated. The NFC reader is a crucial component of this process, designed to facilitate contactless transactions. The reader's activation is the first step in the process of reading payment card information.

  3. Checking NFC Reader Status: The NFC reader's status is immediately checked. It can either be powered off or powered on. If the reader is off, the process diverges to the device's settings, where the user is instructed to enable NFC. This step is crucial for ensuring that the device is capable of reading payment card information.

  4. Enabling NFC in Device Settings: If the NFC reader is found to be powered off, the user is guided to the device's settings. Here, the user is prompted to turn on NFC. This action is necessary for the NFC reader to function and read payment card information. Once NFC is enabled, the process returns to the NFC reader to attempt reading the tag information from the payment card again.

  5. Attempting to Read Payment Card Information: With the NFC reader now powered on, the device instructs the user to place their payment card behind the device. This action is essential for the NFC reader to read the tag information from the card. The tag information contains the necessary data for processing the payment.

  6. Verification of Tag Read Success: After the NFC reader attempts to read the tag information, the system checks if the tag was read successfully. This step is crucial for determining whether the payment card information was successfully captured. If the tag read is unsuccessful, the user is directed to retry placing the card behind the device. If the tag is read successfully, the process moves on to extracting the track data from the card.

  7. Extraction of Track Data: Once the tag is confirmed to be read successfully, the system proceeds to extract the track data from the card. The track data is a set of numbers that uniquely identify the payment card and are used in the transaction process.

  8. Prompt for PIN Entry: After extracting the track data, the system prompts the user to enter their PIN. The PIN is a security measure that verifies the user's identity and authorizes the transaction.

  9. Verification of PIN Correctness: After the user enters their PIN, the system checks if the PIN is correct. If the PIN is incorrect, the user is directed to retry entering the correct PIN. If the PIN is correct, the process proceeds to the next step, which is AES Encryption.

  10. AES Encryption of Data: The system encrypts the data extracted from the card using AES (Advanced Encryption Standard) encryption. This encryption is a security measure that protects the cardholder's information during transmission.

  11. Sending Encrypted Data to Server: The encrypted data is then sent to a server for processing. The server is responsible for charging the card and completing the transaction.

  12. Completion of Payment Process: Upon receiving the encrypted data, the server processes the payment, charges the card, and completes the transaction. This marks the end of the payment process.

In summary, this diagram outlines a process where a user initiates a payment by tapping on a pay option on their device. The device uses an NFC reader to read the tag information from a payment card, and the user is prompted to enter their PIN. The system then encrypts the card data and sends it to a server for charging.

Security Concerns

  • Rooted Devices: Rooted android devices could allow malicious apps to steal customer data. Rooting a device removes the restrictions imposed by the operating system, bypassing many of the built-in security features. This can make the device more vulnerable to malicious software or apps. Rooted devices cannot also easily install security patches or updates that the current version of the operating system may be susceptible to.
  • Malware Apps: Device user's personal mobile usage needs may lead to the installation of phishing, trojan or spyware apps which could run in the background and collect customer card data and other sensitive information since the user's mobile device has multiple purposes (being used as a POS and a Personal computing device).
  • Network Spoofing: Since the mobile device can be removed physically from the place of business, the user can unknowingly be connected to compromised or fake Wi-Fi networks. Which could lead to the theft of customer data.
  • Fraudulent Transactions: The ability to move the device physically from the place of business (with minimal restrictions), can lead to the use of the device to process and aid fraudulent transactions. The key issue here is the possible reputation damage to the company name and products. Implementation.

Implementation