> In January 2020, Visa first showcased the power of “Tap to Phone,” an industry-first solution that transforms current generation Android smartphones and tablets into contactless point of sale terminals. Tap to Phone was Visa’s first offering that let sellers accept payments on the devices they already own, just by downloading an app. As of December 2021, there were more than 300,000 devices across 54 countries using Tap to Phone.
I'm curious how the overall transaction/security flow works, broadly speaking.
It sounds to me like you managed to figure out a solution that satisfies the security posture of the ordinary app sandbox (ie without requiring any entitlements on iOS, or priv-app partnerships on Android). That's kind of incredible IMO. Are you using the Secure Enclave on iOS, and if you are, what are you actually storing in there? I'm curious if Android gets to play too given that it doesn't have the same sort of security guarantees, and if so, how.
I also get the impression the actual validation/verification (including steps that I would assume would typically happen on a payment terminal) has been moved to the cloud somehow. I'm very curious how that works too.
Presumably you would've also needed to design something capable of withstanding absolute worst-case scenarios like memory inspection on a rooted phone, or NFC sniffing/proxying/emulation.
Maybe you're just sending all the card data straight back to the cloud? That would pretty much solve everything :)
Also... while engineers are always going to gravitate towards balanced analyses of benefits and tradeoffs, the questions above are not coming from that perspective :) I'm very happy to hear whatever you can share about the security of the platform. (I'm just a random consumer who occasionally boggles at JavaCard when I pay for stuff lol)
I completely understand. Kudos to you and everyone who got it all working on Android, given its ridiculous fragmentation *before* you even start talking about NFC and reasoning about about device security :) - I'm guessing the chances are you're probably streaming/proxying the crypto I/O straight from the card into the cloud, thin-client style - basically taking what happens over NFC (which is man-in-the-middle resistant), sending that to the cloud directly without modification, then sending whatever comes back straight into the card. That approach could resonate with a shifting of work from payment terminals to the cloud.
Probably the most interesting story I read about the payment terminal space was about someone who happened to be working on an application/middleware integration and had figured out a cute way to use coroutines in C to (presumably/extrapolating a bit) multiplex the payment-online step while simultaneously settling the payment-offline step, so both could move forward simultaneously and the receipt could print almost immediately (in an era of dialup and maybe ISDN). The auditor who came out to validate and approve the middleware had a brain-BSOD and loudly protested that what he was seeing with his own eyes was not possible, and had to be convinced that the solution wasn't playing fast and loose with the spec requirements to do its thing :D
The payment terminal space seems like it was (and will probably remain for some time) an interesting engineering niche to work in (in terms of crazy application integration and whatnot). Been curious about it for a while with all the janky flickering I see on the screen when the receptionist swipes my healthcare card at the doctor's office (which can process both bank cards and healthcare cards though what looks like a custom application). It'll be very interesting to see how the banking space moves to the cloud and off-the-shelf consumer devices start to replace proprietary terminals and whatnot (and then other industries slowly follow suit, maybe, in a decade or so). I note the press release mentions this infrastructure is available in Australia, but I incidentally haven't seen this in person yet (two years on). Will definitely be keeping an eye out now, and I obviously need to start shopping at more interesting places :P
How on earth was what amounted to a userspace app able to talk to the NFC hardware to the extent necessary to process payments?!
Presumably the app received the relevant entitlements to be able to do this...?
How on earth was it done securely, within the Mobeewave app?