Think about a merchant who wants to use various devices to take the payment. For example, merchant may want to use mobile phone, tablet, desktop PC or a stand-alone POS terminal to take payment. And merchant wants to have the same user experience across all these devices. And merchant wants to be able to monitor the transactions from a central platform regardless of which device is used to take the payment.
Think about some merchant clerks use their mobile phones on the fly to take a payment without any other device. Some other merchant clerks use a merchant application on a stand-alone tablet and want to take payment through the tablet without needing any other hardware ? Is this possible ?
We will discuss in this blog how can we achieve a cross-platform payment solution, cost effectively and with minimum effort using Cloud Kernel.
EMV Level 2 kernel software is the core and most significant component for a card-present transaction. The payment devices today have the kernel running in a secure processor of the payment device, tightly dependent on the hardware platform. To run the kernel in a different device, kernel needs to be run on another device. This requires a porting process of the software to a different hardware and full cycle of EMV Level 2 and Level 3 certifications. This process takes years and huge amount of the certification costs.
Today, running a software on different platforms agnostic from the hardware is very crucial. With the technological advancements such as advanced cloud technologies and high speed of networks, it is possible to run the kernel on the cloud with a simple integration to any device with no(or minimum) certification cost and in very short time.
How can we achieve this ?
The solution to address this is Cloud Kernel. Cloud Kernel means EMV Level 2 kernel software which is not running on the hardware platform but running on the cloud. Of course we still need a device to take the payment. But with Cloud Kernel, this device turns into a cheap and small device only used for user interface to get the amount and PIN and to read the card data.
Having the kernel in the cloud almost removes the dependency to the hardware completely. This enables any device (mobile phone, tablet, etc.) to take the payment by using Cloud Kernel APIs.
How secure the transaction with Cloud Kernel ?
The device and Cloud communicates in a secure way and all the data goes as encrypted. Card data, Track 2 and all other sensitive data is protected with encryption.
PIN process may be performed in different ways.
- If a secure hardware is used to get the PIN, then PIN entry process is protected by the secure processor.
- If the PIN entry is performed on a device like smart phone and tablet, then software-based technologies like White Box Cryptography is used as defined by PCI sPoC specs.
In the meantime, with the increasing rate of usage of mobile phones, PIN entry is not needed on the device. With CD-CVM method defined by EMV, user authentication is performed on the consumer device with passcode or biometry.