SoftPOS : Most Important 87 Questions

Merchant-focused FAQs

What is SoftPOS?

SoftPOS is a technology enabling mobile phones and any connected NFC-enabled device to accept card-present EMV contactless payment transactions.

Why SoftPOS?

SoftPOS is quick, simple, and secure. It’s an ideal payment method for customers when they just need to pay and go. As a merchant, you can transform any enabled mobile device into a payment terminal. Each SoftPOS transaction is protected through the same technology as dipped card transactions but provides a faster and, therefore, more pleasant customer experience. You can find more information in this Fairbit blog.

How is SoftPOS different from other POS solutions on the market?

Current solutions require additional hardware to accept payment transactions. SoftPOS enables merchants to accept contactless payments using the Android device they already own.

What are the benefits of SoftPOS?

SoftPOS technology brings a lot of benefits to clients, merchants, acquirers, payfacs, and ISVs. Some of these benefits are listed below :

• A cost-effective POS solution
• Mobility to take payments (i.e curbside or in-aisle)
• Take payments on-the-go
• Speed up lines
• Support payment on delivery
• Empower small businesses with an easy way of accepting payment

You can find more information in this Fairbit blog.

What is the difference between SoftPOS and mPOS?

In mPOS(mobile POS) technology, you need to use an external card reader connected to the mobile phone (ie through Bluetooth) to perform a payment transaction. In SoftPOS technology, there is no need for an external reader. It uses an embedded NFC interface of the mobile phone to read the card data and perform a payment transaction.

Is SoftPOS a secure technology?

SoftPOS technology is regulated by card brands and PCI. These institutions work in cooperation to bring the most secure technology. SoftPOS technology uses EMV security methods in a software environment and provides maximum security.

Which devices are eligible to run SoftPOS?

Any device with an embedded NFC antenna that allows read/write functionality (e.g. Android operating systems).

Can I run the SoftPOS app on an Android mobile phone?

Yes. Android devices allow read/write functionality through embedded NFC antenna.

Can I run the SoftPOS app on an Apple mobile phone?

No. Currently, Apple devices don’t allow read/write functionality through embedded NFC antenna.

Does Apple have any plan for SoftPOS?

Apple hasn’t announced any plan to open NFC read/write functionality to third parties yet. However, they acquired Mobeewave in 2020, a start-up with technology that could transform iPhones into mobile payment terminals. With this acquisition, Apple took a step in the SoftPOS world. However, it is still not clear whether they allow third-party SoftPOS applications running on the Apple platform.

Where does the customer tap his/her card on the mobile phone?

The customer should take out their NFC card or mobile phone and tap it on the NFC antenna and hold it in proximity until the payment has been accepted. SoftPOS app should include an image or a sticker on the mobile device showing the location of the antenna to help customers to know where to tap.

How do I know if a customer can pay via SoftPOS?

If the customer has a contactless card, then they need to look for the contactless indicator on the card – it may be on the front or back of your card. The card should have the image of waves. If the customer has a mobile wallet (like Apple Pay, Samsung Pay, Google Pay), they can use their mobile phone if they have previously loaded their card into their mobile wallet.

How can I download the SoftPOS app on my Android mobile phone?

You can get it from Google Playstore. Ask your SoftPOS provider the name of the app.

Can I run SoftPOS on a tablet?

You can run SoftPOS on a tablet or on any COTS device as far as the device has an NFC protocol and Android operating system.

How can I be sure that I have a trusted SoftPOS app on my phone?

Your SoftPOS solution provider verifies your credentials to enable you to download the app from the app store. During app installation to your device, you get a one-time password as an email or SMS message. This process ensures that you will have a trusted app.

Can anybody use the SoftPOS app if I lose my mobile phone?

The SoftPOS app doesn’t allow to be activated unless you enter your user name and password. The app also requires you to sign in again for certain periods. When you lose your mobile phone, you need to contact your merchant service provider or acquirer to inactivate the app on your phone. SoftPOS service providers should provide an attestation and monitoring system to remotely block the SoftPOS app on a mobile phone.

How can I do settlements for SoftPOS transactions on my mobile phone?

The settlement process is the same between traditional POS systems and SoftPOS. SoftPOS app provides you a user interface to perform settlement. The settlement process is conducted based on Visa, MasterCard, and other brands’ rules.

How much transaction fee do I need to pay to my acquirer for a SoftPOS transaction?

SoftPOS technology reduces the cost of hardware, maintenance, and operations of POS systems. It is expected transaction fees to go down. However, acquirers or payfacs give pricing decisions on the transaction fee.

What happens if the SoftPOS app is compromised?

As per PCI regulations, SoftPOS solution providers must provide a monitoring/attestation service to monitor mobile phone activities to figure out if there is an attacker trying to compromise your mobile phone. If any such fraud or suspicious activities are detected, the app is automatically inactivated on your mobile phone.

Which Android operating systems do SoftPOS solutions support?

Android 5.0 and above is required for solutions without a PIN. Android 8.0 and above is required for solutions with a PIN.

Which card brands are supported on a SoftPOS device?

Ideally, the SoftPOS device can support payment transactions from all of the existing EMV contactless including mobile wallets like Apple Pay and Android Pay. However, it depends on SoftPOS solution capabilities in regards to supported EMV L2 certifications. Your acquirer/processor also needs to complete EMV L3 brand certifications. Some of the existing card brands are as follows:

• Amex
• Discover
• Interac
• JCB
• MasterCard
• Pagobancomat
• Union Pay
• Visa

Can I see SoftPOS transaction details on my mobile phone?

Due to PCI security rules, transaction data can’t be stored on the mobile phone. However, you can use the web portal or app provided by your solution provider to see transaction data.

Can clients enter debit or credit card PIN on a SoftPOS enabled mobile phone?

PCI CPOC standards currently don’t allow to enter a PIN on a SoftPOS enabled mobile phone. However, card brands like Visa and MasterCard allow this for pilot projects for vendors complying with Visa and MasterCard security evaluations (see Visa’s Tap to Phone Solution Requirements with Optional PIN Capture). PCI has announced a new CPOC standard to enable PIN entry on SoftPOS enabled mobile phones. This new CPOC specification is expected to be launched in 2022.

Can clients use their ApplePay or SamsungPay wallets on a SoftPOS device?

Clients can use any contactless payment form factors(contactless cards, mobile devices, ApplePay, AndroidPay, SamsungPay, wearables, etc. ) to perform a payment transaction on a SoftPOS device.

Can I perform a manual PAN entry transaction with the SoftPOS app?

It is conditionally yes. Manual PAN entry transactions, where card number is manually entered on the mobile phone, is accepted only in certain conditions where SoftPOS contactless Card-Present transaction cannot be completed. Following are 2 use cases where a manual entry transaction is allowed :

• The SoftPOS app is only configured to perform a low-value payment but the transaction is a high-value payment
• The cardholder presents a non-contactless card for payment, such as an EMV contact or MSR card.

Acquirer, Payfac, and ISV-focused FAQs

I am planning to implement a SoftPOS solution. What alternatives do I have?

There are 2 alternatives as defined below for entities planning to implement a SoftPOS solution:

1. PCI-Compliant Commercial Solution [SoftPOS without PIN: PCI CPoC]: Integrate your POS app with a SoftPOS solution and certify the solution against published PCI CPoC standard. This alternative is for the U.S and other markets not requiring PIN entry on payment transactions.
2. Pilot [SoftPOS with PIN]: Integrate your POS app with a SoftPOS solution and certify the solution against MasterCard and Visa Security standards. In this case, the solution doesn’t require a PCI CPoC certification. This alternative is for Europe and other markets mandating PIN entry on payment transactions.

Once I have chosen one of the implementation alternatives above, how can I get started with SoftPOS?

If you are a POS System provider, you need to select a SoftPOS solution provider and integrate their SoftPOS SDK into your POS System. If you are a merchant or ISO, you need to ask your ISV, acquirer, or POS vendor to provide a SoftPOS solution.

You can find high-level implementation steps below :

• Find a SoftPOS solution provider
• Integrate their SDK to your POS system
• Build/customize your POS app
• Engage with Visa, MasterCard, and other brands approval services and perform required testing
• Receive program approval decision (i.e pilot with limited devices or full launch)
• Certify your solution from payment brands and/or PCI CPOC
• Proof of concept
• Pilot
• Launch

What are typical certification steps for SoftPOS?

Typical certification steps for SoftPOS are :

• EMV L2 tests
• Security tests (CPOC or card brand)
• Branding approval
• Acquirer integration and EMV L3 tests

Is Regulatory Framework ready for SoftPOS?

Yes, it is. Payment brands(MasterCard, Visa, Discover, and others) defined their SoftPOS specs and approval processes. PCI defined security standards and approval processes as well.

Is Technology Framework ready for SoftPOS?

Yes, it is. Almost all Android phones in the market have an NFC interface and security infrastructure. 80% of U.S cards are expected to be contactless-enabled in 2022. Having phones and cards ready, there is no any technological blocker to implement a SoftPOS solution.

Can I route SoftPOS transactions to U.S debit networks to pay less interchange fee?

Acquirers can route SoftPOS transactions to U.S debit networks like in traditional POS systems. You need to check with the SoftPOS solution provider that SoftPOS solution supports U.S Common Debit prioritization over global AIDs.

SoftPOS market-related FAQs

Which merchants/markets are eligible for SoftPOS?

Payment brands define various rules to allow SoftPOS implementations. These rules generally fall into the following categories :

• Markets with a high percentage of contactless cards
• Merchants with low international spend (as international tourists may not have contactless cards)
• Merchants with visibility to report SoftPOS transaction reports
• Merchants meeting existing payment brand requirements from risk, fraud, chargeback & brand perspective

How did technology evolve to SoftPOS in the historical path?

By increasing complexity and cost of POS terminals, there has been a demand for SoftPOS technology especially after 2010. However, the real effect occurred when contactless penetration increased and the regulatory framework became ready starting from 2018. As of 2020, the market is completely ready to implement SoftPOS solutions. You can find more info in Fairbit blog.

Which markets are best to deploy a SoftPOS solution?

Markets with the following conditions are best for SoftPOS :

• High smartphone penetration
• High contactless card and device penetration

Is the U.S a good market for SoftPOS?

As of 2021, U.S is a good market for SoftPOS. The pandemic helped consumer behavioral shift to leverage contactless products. More than half of Americans now use contactless payments, according to a Mastercard poll as of the end of 2020. This number is expected to grow fast in the coming years. 40% of Americans use Android phones so U.S merchants with Android phones can run the SoftPOS app on their mobile phones.

Is Europe a good market for SoftPOS?

Europe is a good market for SoftPOS due to the early penetration and adoption of contactless payments. Especially, some European countries like U.K and Poland have more than 90% of payment transactions as contactless. However, due to PSD2 SCA regulations by European Union, the PIN is a mandatory 2-factor authentication method for contactless transactions requiring SoftPOS solutions to support PIN in the European market.

Which merchants are best for SoftPOS?

SMB (Small and medium businesses) market is the best for SoftPOS due to the cost benefit and operational benefits of SoftPOS technology.

What is the size of the target market for SoftPOS?

There are 16.5 million SMBs(1-4 employees) in the U.S. Most of these merchants don’t have any payment acceptance solution yet. SoftPOS offers great opportunities for these merchants.

What problems of small merchants do SoftPOS address?

SoftPOS addresses 3 main problems of small merchants :

• High cost for ownership of a POS terminal
• Poor operating experience of hardware-based POS terminals
• Onboarding, installation, and maintenance issues

Regulation and Certification related FAQs

Which entities do govern SoftPOS deployments

Deployment of SoftPOS solutions is governed by payment schemes and PCI. You need to contact local or global teams of Visa, MasterCard, and other payment schemes. The solution should be approved by payment schemes.

What is Visa Tap to Phone?

Visa Tap to Phone is Visa’s SoftPOS specifications to make it easier for sellers to use their smartphones to accept payments. As part of this initiative, Visa is helping drive these innovations through the Tap to Phone program which enables sellers to turn their NFC-enabled mobile devices into contactless POS terminals with no additional hardware required.

What is MasterCard Tap on Phone?

MasterCard Tap on Phone (ToP) is MasterCard’s SoftPOS specifications which is a contactless acceptance solution that is low cost, low maintenance, and peripheral-free for merchants. Tap on Phone can support NFC-enabled mobile devices to function as point-of-sale devices that accept contactless electronic payments (i.e. contactless cards, mobile wallets, wearables).

Which EMV L2 certifications are required for SoftPOS?

Payment brands have their own EMV L2 kernel specifications customized for SoftPOS. A few of them are listed below :

• AMEX Expresspay
• Discover D-PAS Tap-on-mobile
• MasterCard Tap on Phone
• UnionPay Soft POS
• Visa Tap to Phone

What is COTS?

A Commercial-Off-The-Shelf (COTS) mobile device is a mobile device directly accessible to the public, which has not been specifically designed or modified to host a payment acceptance solution. At a minimum, it should support NFC protocol and have direct or indirect access to the Internet via a mobile network like Wi-Fi® or a cellular data network.

Which security certifications are required for SoftPOS?

• PCI CPoC or payment brands’ security evaluation (if PIN entry is required on a mobile phone)
• PCI P2PE
• Optionally PCI PIN (if PIN entry is required on a mobile phone)
• PCI DSS

Can I deploy SoftPOS in PSD 2 regulated markets?

Payment System Directive 2 (PSD 2) is regulation for the European market mandating Strong Customer Authentication (SCA) for EMV contactless transactions. SoftPOS can be deployed in these markets. However, a CVM limit should be defined to ensure that the terminal asks for a CVM. The PIN should be supported as a CVM method in these markets.

What is Visa Tap to Phone Solution Requirements with Optional PIN Capture

Visa Tap to Phone Solution Requirements with Optional PIN Capture is Visa’s brand security requirements describing security and testing procedures for securing contactless transactions on COTS, however with a difference to PCI’s CPoC Standard in that solutions approved by Visa may opt-in to include software PIN capture under Visa’s Tap to Phone with Optional PIN Capture Security Guidelines.

Which security certification do I need to get: CPOC or payment brands’ security evaluation

It depends. If you want to deploy your solution in PIN markets, then you should go through payment brands’ security evaluation which is exempt from obtaining CPOC certification. Once CPOC publishes new specs with PIN support, then you need to go through CPOC certification.

If you want to deploy your solution in non-PIN markets, then you should go through CPOC certification.

What is PCI CPoC ?

The PCI Contactless Payments in COTS (CPoC) is designed to help vendors develop solutions that protect the confidentiality and integrity of payment account data through a combination of the payment application on the COTS(Commercial off-the-shelf) device and the back-end systems. PCI CPoC approval is independent of the card brands. Most of the card brands accept PCI CPoC approval as sufficient for security review.

What is PCI CPoC with PIN?

PCI is planning to issue a new version of CPoC specs at the end of 2021 or so. These new specs are announced to be supporting PIN entry on the COTS devices (mobile phones, tablets, etc.)

Is PCI CPoC mandatory for SoftPOS?

It is mandatory if you want to have a full commercial launch without a PIN. Following the publication of the PCI CPoC standard by the PCI Council in December 2019, all solution providers of SoftPOS Solutions are required to submit their solutions to a PCI recognized CPoC security laboratory for evaluation per the PCI CPoC standard.

PCI CPOC certification is not mandatory for pilot projects with PIN. Payment brands are supporting SoftPOS with PIN pilots and brand-approved laboratories will continue evaluating any SoftPOS with PIN solution under the Security Principles documents of brands.

Which application is subject to PCI CPoC certification?

PCI CPoC currently applies to only full solutions, which include an app downloadable from the Play Store, a live attestation system, and a known transaction processing system. SDK/AAR files are not suitable for approval, although they can be used as part of a complete solution. PCI is looking at having component approvals, but there is no known date for when this may occur.

Do I need to repeat PCI CPoC when a new L2 kernel is added into SoftPOS?

PCI CPoC requires the lab to do some limited tests on the L2 kernels, including checking that they use appropriate random numbers and have been certified by the appropriate brands. There are no limits on the number of L2 kernels you can include in an initial CPoC evaluation. Adding kernels to a previously approved solution will require a delta assessment.

What is Monitoring / Attestation?

Monitoring/Attestation is a PCI-defined requirement that must be present in a SoftPOS solution. Monitoring/Attestation may come as part of a SoftPOS solution, or alternatively, it may be provided as a service by another provider. The main goal of Monitoring/Attestation is to assure that components in the SoftPOS solution are in a secure state. These components are the device operating system, contactless kernel, POS application, and backend systems. If any of these components are comprised or attacked, this creates a risk for the security. The ability to react and address anomalies is fundamental to the overall security of the SoftPOS solution.

What is PCI PIN on glass?

PIN on glass refers to PIN entry on an integrated touchscreen of a PCI-approved smart terminal. In this case, a physical PIN pad is not present on the card machine, so the touchscreen displays a virtual PIN pad when prompted to enter the code.

What is PCI Point-to-Point Encryption (P2PE)?

Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Payment solutions that offer similar encryption but do not meet the P2PE standard are referred to as end-to-end encryption (E2Ee) solutions. The objective of P2PE and E2Ee is to provide a payment security solution that instantaneously converts confidential payment card (credit and debit card) data and information into indecipherable code at the time the card is swiped to prevent hacking and fraud. It is designed to maximize the security of payment card transactions in an increasingly complex regulatory environment.

Does SoftPOS app store any sensitive data on mobile phones?

SoftPOS app doesn’t store any sensitive data on the mobile phone. The card number, PIN, track 2 data, and other critical and sensitive payment and card data are encrypted immediately when they are entered or read. This data remains always encrypted.

How is the card number protected with SoftPOS?

SoftPOS technology uses software-hardened cryptography to protect customer account data. This includes white-box-cryptography and mobile software protection tools. Customer account data is encrypted immediately when it enters from the NFC interface and it remains always encrypted. The PCI Contactless Payments in COTS (CPoC) and PCI Point-to-point encryption (P2PE) standards define and ensure the security of the customer account data. PCI CPOC also mandates to put attestation and monitoring system into place to monitor attacks and fraud cases on SoftPOS enabled mobile phones. This ensures to inactivate and block the SoftPOS app if there is any compromise or suspicious activity on the mobile phone.

Can I use captured payment credentials for e-commerce transactions?

SoftPOS transactions should be card-present transactions. It is not allowed to use the NFC antenna of mobile phones to capture payment credentials to perform e-commerce or another type of card-not-present transactions.

Do I need to get all certifications if I select a third-party SoftPOS solution provider?

If you will use the third party SoftPOS solution without any change, then you can bypass the first 3 steps :

• EMV L2 tests
• Security tests
• Branding approval

However, you should perform acquirer integration and EMV L3 tests.

Which certifications do I need to get if I want to build my own SoftPOS?

If you buy SoftPOS EMV L2 kernel from a third-party vendor, you don’t need to go through EMV L2 certification. So, in this case, you should go through the following certification steps :

• Security tests
• Branding approval
• Integration and EMV L3 tests

What is white-box-cryptography?

White-box cryptography is software-centric cryptography combining methods of encryption and obfuscation to embed secret keys within software application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment.

Is white-box-cryptography as secure as hardware-centric cryptography?

Hardware-centric cryptography is more secure than white-box cryptography. Hardware-based security technologies are more secure than software-based ones. However, software-centric algorithms have been more trustable and secure day by day with complex software technologies implemented for cryptography.

Do I need to get EMV L1 Certification for SoftPOS?

Payment brands do not require EMV L1 certification today for mobile devices or tablets running a SoftPOS application. However, EMVCo recently launched an optional program : EMVCo’s Early Adopter Programme.

What is EMVCo’s Early Adopter Program?

It is an optional program to test EMV L1 functions of smartphones and tablets. EMVCo defines it as follows: “the functional evaluation processes available through the Early Adopter Programme will evaluate the performance of COTS consumer mobile devices with built-in contactless capability (with no additional hardware needed) based on current interoperability requirements related to reading range and user experience needs, as outlined in the EMV® Level 1 Specifications for Payment Systems-EMV® Contactless Interface Specification, v3.0.”

To learn more and participate in EMVCo’s Early Adopter Program, please visit: www.EMVCo.com or contact [email protected].

Do I need to get EMV L2 Certification for SoftPOS?

Yes. Payment brands have SoftPOS specific EMV L2 kernel specifications and they define the certification process. If the SoftPOS solution provider you selected already has EMV L2 certifications, it is not necessary to go through L2 certifications again.

Do I need to get EMV L3 Certification for SoftPOS?

Yes. Brands have defined updated EMV L3 certification guidelines for SoftPOS. The L3 certification process is a little bit different than the one defined for traditional POS terminals. There are additional SoftPOS related test cases and additional data going to the acquirer.

Are EMV L2 and L3 test tools different for SoftPOS and traditional EMV kernels?

Yes, they are. As payment brands have defined new EMV specs for SoftPOS, testing requirements have changed. You need to contact your EMV L2 and L3 tool vendors to get the SoftPOS test tools.

Do I need to get a new EMV L2 Certification to run SoftPOS on different Operating Systems?

If EMV L2 kernel is received for the whole operating system, such as Android, then you can run the SoftPOS app on all Android phones. If certification is received for a subset of the operating system, such as for Android 8.0 and above, then you can not run the app on Android operating systems below 8.0.

When do I need to repeat EMV L3 Certification for SoftPOS?

EMV L3 certification should be repeated in the following cases :

• Payment application changes that affect chip processing or EMV Kernel
• EMV Kernel changes defined as “major” by EMVCo
• A new acquirer integration
• Acquirer host protocol changes
• A new major feature added to the SoftPOS app such as SCA authentication or Cash-back

Do I need to upgrade my acquirer integration for SoftPOS?

Yes, there are additional SoftPOS specific data going in the authorization message. You need to contact your acquirer to get their latest host specs enabled with SoftPOS.

How can I find PCI-approved CPOC laboratories?

For a list of PCI-recognized labs, please visit the PCI website.

Is there a contactless transaction limit for SoftPOS?

There isn’t a daily limit for contactless payments. However, there is a limit for a single transaction if the transaction is performed without a PIN or signature. The same transaction limits apply to both SoftPOS and traditional POS terminals. Payment brands define different transaction limits for different markets. In the U.S, due to the COVID-19 pandemic, MasterCard, Visa, and American Express increased their limits.

Does the contactless transaction limit apply to contactless mobile wallet payments (like ApplePay)

No. Contactless limits apply to contactless cards only. Mobile wallet payments like Apple Pay and Google Pay support any transaction amount. This is because a consumer card verification with passcode or fingerprint is performed in mobile wallet transactions increasing the security level of the payment transaction.

How can I perform a transaction over the CVM limit in offline PIN markets (Canada, UK, Israel, France, and Ireland)

POS terminals in offline PIN markets force transactions to the EMV contact interface if the transaction amount is over the CVM limit. As there is no way to perform an EMV contact transaction with SoftPOS, manual PAN entry transactions are allowed for transactions above the CVM limit.

FAQs for SoftPOS Solution Capabilities

How can I select the best SoftPOS solution provider?

SoftPOS technology brings enormous opportunities in the payment business, but it may be a big failure if not planned and executed well. SoftPOS solution provider selection is one of the most critical success factors, but it is not the only one. There are many factors, including well-defined project goals, process management, payment scheme relationships, well-defined project plan, and risk management. You can find more information in the Fairbit blog : 17 key factors to consider when developing SoftPOS.

What are the minimum modules should the SoftPOS solution include?

SoftPOS solution should include the following modules at a minimum. These modules are core mandatory components defined by payment schemes and PCI.

• EMV L2 Contactless Kernels and EMV parameter management module.
• Security module including white-box cryptography or a Trusted Execution Environment (TEE)
• Device registration modules.
• Attestation and monitoring module.

Which SoftPOS modules are better to work on Cloud?

EMV L2 Contactless kernel module: it may work on the device or on the cloud. However, having this module on the cloud offers significant advantages. You can find more information about the EMV cloud kernel in the Fairbit EMV-kernel-on-the-cloud.

Security module: it works partly on the cloud(ie encryption with acquirer keys) and partly on the device (ie encryption with WBC keys).

Attestation and monitoring module: it should be a cloud-based module and there should be an attestation component running on the device.

What value-added modules may a SoftPOS solution provider offer?

SoftPOS solution providers may offer additional services to complement their core services. These services may include the following :

• PIN CVM to enable optional PIN entry on smartphones
• Web-based EMV parameter management
• EMV transaction monitoring and reporting
• Fraud management

What are the main differences between SoftPOS kernel and EMV contactless kernel?

Payment brands customized their EMV specification to bring the best user experience and performance for SoftPOS technology. SoftPOS solution should include these new SoftPOS EMV Level 2 kernels. SoftPOS kernels have the following differences from traditional EMV kernels running on a hardware device.

• SoftPOS kernel doesn’t support offline transactions
• SoftPOS kernel doesn’t support EMV contact and MSR interfaces
• SoftPOS kernel doesn’t support issuer script processing
• SoftPOS kernel doesn’t support switching to contact interface for transactions above Contactless Transaction Limit
• SoftPOS kernel is contactless-only and online-only, hence pre-processing checks to determine whether the transaction is allowed over the contactless interface or whether the transaction requires online authorization are unnecessary
• Offline data authentication is not supported as all transactions are authorized online
• Offline controls like expiration date, terminal risk management is not supported
• The floor limit is always 0 to ensure an online transaction

What performance is required in a SoftPOS transaction?

Payment schemes require the same performance for SoftPOS with traditional POS terminals: Total transaction time between card and terminal should not exceed 500 milliseconds.

Is a Cloud EMV L2 Kernel needed for SoftPOS?

Cloud EMV L2 kernel is an EMV kernel application running on the cloud, rather than on the mobile phone. You can get more information about this on Fairbit website. Cloud kernel is not mandatory with SoftPOS, but it offers great advantages. It eliminates the need of downloading the kernel and EMV terminal parameters on mobile phones and simplifies the maintenance and deployment.

How can I prevent fraud transactions with SoftPOS?

Suspicious activity associated with SoftPOS transactions can be monitored, detected and prevented by a fraud solution. This solution may be offered by a SoftPOS solution provider or another fraud vendor.

Does SoftPOS support offline transactions?

No. All transactions should be authorized online with SoftPOS. Offline-authorized transactions are not supported.

Which CVMs (Cardholder Verification Methods) does SoftPOS technology support?

It depends on the deployment market and SoftPOS solution’s capabilities. Typically, the following CVMs may be supported :

• Online PIN (if PIN CVM application is implemented)
• Signature
• CD CVM

Which transaction types does SoftPOS support?

It depends on your POS System provider’s solution. Typically, all transaction types supported in a traditional POS system are supported in SoftPOS too. A few of these transaction types are as below :

• Sales
• Refund
• Cashback
• Manual Cash
• Other transactions types

Can I get a receipt with SoftPOS?

SoftPOS solutions must allow a merchant to provide the cardholder with an electronic format receipt immediately upon completion of a transaction. Card brands have separate electronic receipt requirements for acceptance devices. Depending on your POS system’s capabilities, you may get the receipt with a Bluetooth printer connected to your mobile phone or you can get an e-receipt as an SMS or email message.