CPoC stands for Contactless Payment on COTS ( where COTS means Customer Off-The-Shelf), and it is a term related to a new generation of merchant’s payment solutions deployed on open mobile devices (as of today, Android platforms). In that context, the contactless card processing functionality (Agnos framework) is exactly same as for conventional terminals, the payment functionality is very similar. The main change of paradigm is on the security side where there is a shift from the hardware to the software layer. Consequently, there is no dongle involved in this kind of payment architecture. The security is though supported through the combination of 2 features:
The protection of sensible data using different software mechanisms such as white boxing, binary protection, payment security scheme
The protection of the open mobile integrity, and execution context environment using Attestation and Monitoring mechanisms
...
This page proposes a reminder on payment architecture in the context of CPoC solutions. It presents how Agnos fits in that new merchant ecosystem.
| Table of Contents |
|---|
The integration of Agnos depends on decisions to be made by the integrators at the level of their payment application’s architecture. Since Agnos lies at the Android native level (NDK), there are 2 different ways to leverage on its L2 services:
...