SoftPOS solutions harness untapped potential of smartphones and address a wide range of use cases that could change the retail game for merchants and consumers. But the success of this technology rests on more than the app. Merchants need the right foundation to do this properly, the right device.
This is where device manufacturers come in. OEMs are looking to capitalize on the rise of contactless and optimize their devices for this expanding use case on NFC-capable devices. With the convenience of this functionality on their devices, they can differentiate themselves from competitors and broaden their market value to businesses. So, what considerations do they need to make when creating devices intended to accept payments? You will note an absence of security discussed in this blog, this will be addressed in a later blog in the series.
The power of NFC
SoftPOS (Software Point of Sale) solutions transform a regular smartphone or tablet– known as a Commercial Off-The-Shelf (COTS) device – into a contactless payment terminal. These solutions utilize the device’s embedded Near Field Communication (NFC) capability. As the name indicates, it enables data transfer between two devices which are placed near to each other. As the technology behind contactless payments, NFC has soared in popularity over the past few years. In 2021, nearly all Android phones on the market have NFC functionality, enabling them to perform payments. NFC devices have the following functionalities:
Contactless reader mode – which allows the device to accept SoftPOS payments from wearables, cards and mobiles.
Contactless card emulation mode – which allows the device to behave as a contactless smartcard to make a payment.
Contactless peer-to-peer – which allows the device to communicate with another NFC device.
Designing a device which can perform all of these functionalities well is difficult because the device needs to meet multiple different requirements. One of the reasons it is difficult is that NFC devices are being developed and certified for card emulation mode, which has different requirements to reader mode. For example, in reader mode, the device has to generate the radio frequency field used to communicate with the payment card or device. It can be very challenging for COTS devices to match the performance of a traditional POS, meaning OEMs are playing catch up to compete with traditional POS vendors.
Where to tap?
As with traditional contactless payments, when making a SoftPOS payment the consumer must hold their card, smartphone or wearable near the antenna within the acceptance device. This enables the communication between the two devices. The antenna can be located either at the top, middle, or bottom of the rear side of the device, since it is ideally positioned for ‘card emulation’ mode to make mobile wallet payments. However, there is currently no standard spot for placements of antennas.
To help consumers find the antenna, some solutions show the contactless symbol on the screen of the device or on a sticker on the device which directs consumers where to place their card or device to make a payment.
A matter of centimeters = a big difference
Similarly, read ranges differ between SoftPOS and traditional POS terminals. Four centimeters is the maximum distance range defined by EMVCo to be able to read a card or mobile wallet for a legacy terminal, which is Level 1 certified. This can drop to only two centimeters on a mobile device.
These differences between legacy POS terminals and SoftPOS solutions could create confusion for consumers, who are now familiar with where to tap their card or device to make a payment. This could slow down the payment process and cause frustration during the customer’s purchase experience. It is fundamental that manufacturers design their devices with this in mind to make it simple for merchants to accept payments.
The compliance conundrum
As with all payment products, it is important that device manufacturers ensure their solution meets the relevant requirements to enable safe and secure transactions. For contactless payments, this means achieving Level 1 certification in line with the EMV® Contactless Communication Protocol Specification. Level 1 tests ensure that the contactless device can meet the analog and digital requirements like lower level electromagnetic field and communication protocols, including operating distance tests.
However, although Level 1 certification is important, the hoops you have to jump through to evaluate your device in line with the latest requirements differ between SoftPOS and traditional POS payments. Traditional POS payment terminals are certified in line with the EMV® Proximity Coupling Device (PCD) Level 1 requirements. This certification process does not currently apply to SoftPOS payments. Why? Because of the differences between COTS devices and payment terminals, the compliance process has not caught up yet – but this will soon change.
When you know. It is easy.
COTS providers can currently seek approval in line with EMVCo’s Early Adopter Programme instead. The pilot testing program evaluates COTS mobile devices with built-in contactless capability for contactless payment acceptance. The evaluation processes available through the program evaluate the performance of these devices, and their interoperability requirements related to read range and user experience needs. Within the Early Adopter Programme, there could be two possible paths:
An approval process which details the product’s performance in a formal Letter of Approval (LoA),
An evaluation process without a LoA, but with a scoring report about the Level 1 performance of the device, providing an indication of the expected user experience.
By completing this evaluation, manufacturers can ensure that their solution meets the relevant EMVCo Level 1 requirements. Unlike the EMVCo Level 1 evaluation for ‘card emulation’ mode, this process is not mandatory for SoftPOS solutions, so merchants should be cautious about which device they select to implement their solutions on. If they are not, they could make themselves vulnerable to loss of revenue and reputational damage. Insecure and malfunctioning payment devices could create extensive problems for big companies that equip their staff with payment acceptance devices, as it could temporarily shut down operations across the world. Merchants should note that as SoftPOS payments utilize a merchant-owned device, they are responsible if payment transactions can’t be made, rather than it being the fault of acquiring banks or terminal suppliers.
Putting the pieces together
Multiple factors need to be considered to enable COTS devices to accept payments in a seamless and safe way. From creating your device in line with the technical requirements through to evolving functional evaluation and security considerations. We are seeing an increased interest in SoftPOS solutions, with manufacturers looking for support in solving problems, training teams, tailoring tools and achieving certifications. This interest speaks to the wider momentum behind this technology, and we are excited to enable the industry to develop and deploy SoftPOS solutions swiftly to improve the customer experience.
Learn more about how we are helping to create and launch user-friendly, reliable and secure solutions.
Stay tuned for the next instalment in our SoftPOS blog series to learn more about the complexities of bringing SoftPOS solutions to market.
Read our chapter 1 | chapter 3 | chapter 4
* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.