By François Drouard, SLM Terminal & Mobile and Emmanuel Desdoigts, Project Manager at Fime
In today’s frequently changing payments landscape, stakeholders are embracing new technologies to reflect shifting consumer behaviors. One such technology is SoftPOS, a solution which uses Commercial Off-The-Shelf (COTS) devices to accept contactless payments. In fact, 41% of small business owners are investigating the possibility of accepting payments via mobile device.
The process of setting up these solutions for merchants is relatively simple – it is a case of buying a compatible device (or using the one they already have!), downloading an app and enrolling with the back-end system to obtain the valid account credentials. However, for those creating the software, it is not so simple. There is a variety of considerations that developers need to keep in mind when developing these solutions, ranging from the technical to the practical. This blog explores the technical complexities, compliance factors and functional challenges to overcome for those wanting to bring their SoftPOS solutions to market.
A solid foundation
SoftPOS solutions allow merchants to accept contactless payments directly on their smartphones or tablets. Today, these solutions can only be implemented on Android devices.
When developing a mobile payment acceptance solution, developers must effectively create two completely different systems that work seamlessly together. There is the back-end system, including the attestation and monitoring server as well as the payment gateway which handles the actual payment transaction. Next, there is the local component (mobile application) which contains the user interface and manages the connection to the backend.
There are multiple software components which must work together to create these systems. Firstly, the payment kernel provides all the necessary processing logic and data that are required to select and process a card application (using NFC technology). This can be included in a software development kit (SDK), which can be provided by a vendor or a payment scheme. There is also the merchant application which uses the card processing kernel/SDK API and the connection to the back-end system and terminal management system. Finally, there are multiple security modules to fulfil the requirements defined by PCI CPoC™, including the connection to the attestation and monitoring server in the back-end system.
For developers new to making payment acceptance apps, creating all of these different components and ensuring that they function effortlessly can create challenges. Difficulties could range from understanding the roles and responsibilities of all of the different actors in the payment ecosystem, to grasping all of the individual components of the transaction flow. Beyond this, there is the issue of anticipating potential problems that could interrupt a transaction. For many, this will be a whole new world of nuanced complexity.
Satisfying multiple requirements
To ensure that software used to accept SoftPOS payments is secure, functional and interoperable, there are a number of requirements that need to be met. Multiple components of the software for SoftPOS solutions need to be tested:
- The functionality of the app.
- The compatibility with the mobile device it is running on.
- The interoperability and performance.
- The terminal user interface.
Primarily, developers must ensure that it is compliant with the payment schemes’ Level 2 requirements. This certification is concerned with the validation of the software that implements the payment functionality and that runs on COTS devices (which can achieve optional EMV®* Level 1 certification) or in the cloud. This software is independent from the hardware and is referred to as a payment kernel for each payment scheme. This is the same certification process that legacy terminal vendors need to achieve, with the requirements that have been adapted to suit SoftPOS solutions.
Additionally, the solution must also achieve compliance with the PCI Contactless Payments on COTS (CPoC™) security and test requirements, which ensure that payment data is protected in both the software application which initiates the transaction, and the independent back-end system. This standard provides merchants with confidence in the security of their solution through a combination of security controls built into the merchant application and ongoing monitoring and integrity checks performed by the back-end systems.
One complicating factor is that each payment scheme has its own specific way of accepting and processing contactless transactions. Developers need to ensure that their apps and embedded kernels are compliant with multiple schemes.
Challenges to overcome
Getting the testing right to ensure that solutions are best-in-class is fundamental for many reasons. SoftPOS solution providers are not only competing with their peers, they also have to work commonly with the existing platforms and architectures in place for traditional POS providers. Recreating the quick and easy contactless experience that consumers are familiar with is the goal. One particular feature that can be vital to the success of a SoftPOS solution is the speed of transactions. If the payment cannot be made and authorized quickly, the benefits of contactless cannot be realized and ultimately the product will not live up to the merchant’s or the consumer’s expectations.
Another hurdle is that these solutions may not yet support PIN entry, so contactless payment caps can apply in each country or region.
The good news?
We anticipate that specifications to support PIN entry will be released in PCI CPoC™ in 2022. In the meantime, apps in development have to follow the security requirements defined by the schemes. So any apps in development now should have this in their roadmap if not yet implemented.
Finally, SoftPOS solutions without shielding application technologies are potentially vulnerable to attack, and payment processing data can be exposed. SoftPOS solutions cannot benefit from the hardware-backed security foundations that legacy POS devices can.
Therefore, strong security needs to be built in from the first stage of the design process to ensure safe transactions and inspire consumer trust. In the next instalment of this blog series, we will explore the different security options available to solution providers and OEMs wanting to launch their SoftPOS products.
You are not alone though.
With a number of factors to consider, it can be difficult to know where to start when bringing a SoftPOS application to market. Solution providers and app developers cannot be expected to know everything about the market, specifications and evolving requirements, and upskilling can require significant investment in time, headcount and money. You are not alone though. Our experts work daily to stay ahead of the market and have extensive technical expertise in defining, designing, delivering and testing solutions to take the complexity out of compliance.
OUTSOURCING YOUR IT SOLUTIONS CAN SAVE YOU FROM COSTLY DOWNTIME
Amir Hashmi, CEO and Founder of leading IT and Cloud services provider Zsah, discusses why you need full-time professionals if you want to avoid the money pits of IT downtime
A lot of wealthy business owners will uphold the following infamous statement – time is money. Many CEOs believe that it should be at the heart of your business strategy. They aren’t wrong, and it is no different when it comes to IT. Therefore, it is high-time that businesses consider the real risks and costs associated with IT downtime, and do all they can to avoid it
In the midst of a post-pandemic technological revolution, it’s now more important than ever to carefully consider who manages your technology. It is essentially the motor that drives productivity, efficiency and growth, and if therefore, if there isn’t a thorough and dedicated system in place, businesses risk system failure, which can risk everything.
Something so essential to a company deserves to be taken more seriously than just to deploy the services of an IT help desk when there’s a significant issue. The answer isn’t necessarily to consider ways in which you can fix a problem once it arises, but instead to ponder upon ways of preventing an issue from occurring in the first place. This is what leads us to managed IT support services: your personal, dedicated team of IT experts that not only fix issues when they occur, but that also constantly improve the software and hardware so there is less chance they ever take place.
The real cost of downtime
Whenever your IT isn’t functioning at its full capability, you are losing money. Even the shortest of gaps in service can severely impact the customers’ experience, your reputation, and the output and efficiency of your entire staff.
In 2017, ITIC sent out an independent survey to measure downtime costs. It found that 98% of organisations say that a single hour of downtime costs over USD $100,000, with 81% putting the figure at over $300,000. For 33% of businesses, 60 minutes of downtime would cost their firms between $1 million and £5 million.
Figures from Statista.com reveal 24% of organisations worldwide reporting average hourly downtime costs amounting to between USD 301,000 and USD 400,000, with 14% reporting greater than USD 5 million in costs.
Elsewhere, IHS Markit surveyed 400 companies and found downtime was costing them a collective USD 700 billion per year – 78% of which was from lost employee productivity during outages.
Managed IT solutions are the key
Though we may never know the full cost of downtime, it is evident that it costs individuals and businesses a large amount of money. Don’t wait until your next emergency to remedy a problem; get the professionals in now to prepare for the future, rather than just fix problems in the present.
When you work with a managed technology services provider, your network and infrastructure are supervised 24 hours a day, all year round. As with any IT service, this means that issues will be fixed – however the real advantage is more long-term. As technology service providers perform regular proactive upkeep, there will be a reduced chance of suffering from issues in the first instance, and when (or if) they do occur, it will be far simpler to recover data thanks to full cloud integration.
HOW TRADITIONAL INSURERS CAN USE TECHNOLOGY TO IMPROVE THEIR RELATIONSHIP WITH CUSTOMERS
The customer experience with insurance is anomalous, in that one is only required to engage with their insurer if things are going wrong for them. To add value to the relationship, new technology and methods should be adopted, in turn driving loyalty and business growth, writes Oliver Werneyer, CEO and Co-founder of Imburse
Insurance is one of the oldest industries in the world and it is still, to this day, considered a grudge purchase. Looking back, insurance has a history of having a challenging relationship with its customers. According to an IBM study, in 2008, only 39% of consumers trusted the insurance industry. This percentage has stayed largely similar over the years, having reached only 42% in 2020. For any business with growth ambitions, good customer relationships are crucial.
I believe that now more than ever, the insurance industry not only needs to continue investing in improving relationships with customers, but to really think about new ways of doing so. At a basic level, the moment of truth for an insurance customer is when either they need to pay or are getting paid. Insurers can have the best policy wording, quick claims processes, apps and advisors, but if the experience to pay premiums or to receive a claim is bad, the customer immediately loses trust.
The pandemic has exposed this tenuous relationship between insurers and its customers. The need to move everything online and provide personalised services has exposed significant shortcomings in the service insurers provide. The industry has been too slow to adopt newer technologies and move engagements closer to the customer (self-service and empowered). This is largely due to the legacy systems and processes that insurers failed to modernise over previous years.
This means that the better-positioned incumbents have stronger customer relationships and benefit disproportionately from the pandemic, as they are able to win more new customers and convert customers from other insurers. They also benefit from significantly lower customer acquisition costs and much better growth, as illustrated in this McKinsey report. Even new entrants or InsurTechs are benefitting massively by focusing on improved customer experience and customer relationships.
However, it is never too late for insurers to build better relationships with customers. The main way to build a good relationship with a client is to make life easier, live up to promises and add value through the relationship with them. By working on these key elements, insurers can start building strong relationships with their customers, and, through the right partners, deliver this in a timely and non-disruptive manner.
Insurance products often get a bad reputation because they cost money, but the benefits might only come much later, or never. Customers don’t get to experience a positive relationship with insurance products, either because they never claim and feel like they lost out, or they claim and they’re in a bad situation. By either embedding other services into the insurance experience to deliver a more transactional engagement, or embedding insurance products into general customer experiences such as online shopping or rewards, insurers can enrich customer relationships to generate value.
This way, insurers become a value-adding part of the customers’ everyday activities and not just a product that they have to pay for and may never get anything back from. One example is to embed micro-savings capabilities, often found in banking, into pension savings and insurance products. This can allow customers to save more for pension, attract younger customers and build a portfolio of fiscally disciplined customers.
Tailored journeys and personalisation
Customers have come to expect personalised journeys and engagements from product providers. Streaming services, social media, e-commerce or mobility services have shaped the customer expectations. Now, customers are also expecting personalisation for insurers.
Insurers need to invest very heavily in delivering personalisation and customisation to customers as they engage with their products. Failure to deliver this puts renewed strain on the value perceived by the customer and their relationship with the insurer. This applies not only to customer interfaces, but to aspects such as payments. Insurers should make it easy and pleasant for customers to pay and get paid. As the main moment of truth, payment experiences need to work optimally.
Perceived customer value metrics and delivery
The value customers derive from insurance products is, generally, monetary. Therefore, insurers must invest in product enhancement to increase its perceived value. Perceived value is not tied to a monetary value. By being able to choose between multiple payment options, such as a $300 pay-out to a bank account or a $320 Amazon voucher, the customer has a higher perceived value of the payment. This can be achieved by leveraging non-insurance products that can be purchased at a discounted price, exclusive access that the customer would otherwise not have or conversion into a form that is more useful to the customer.
Payments, for collection and pay-out, are at the core of delivering this value. An excellent payment experience immediately influences the customer to be positively inclined toward a product (PwC report). In order to offer this, insurers need to leverage multiple technologies and providers, offer any speed of transaction in any market, and deliver faster automation and better risk control. The key is to transform insurance products into transactional value-adds to customers’ lives and use this opportunity to continuously build on relationships with customers.
The main roadblock for insurers is still the operational implications of these activities and the costs that arise. In looking to build a better customer relationship, insurers need to look at partners that are operational enablers to deliver this. Partners that can solve the integration and speed-to-market problem so that insurers are enabled to deliver new capabilities, not bombard them with new ideas and no path to delivery.
Imburse, for instance, enables insurers to access all the global payment providers and technologies available in any market. Through a single connection, insurers can deploy any payment capability into any channel, for collection and pay-outs, without ever again needing to build a direct operational integration to the providers. This gives them full freedom to leverage payments as a key value driver and customer experience enhancer.
Building a better relationship with insurance customers is key for the insurance industry to close the protection gap. Incumbents are in the prime position to look at Insurtech and Fintech partners to rapidly and significantly modernise, digitalise and transform their own capabilities to deliver major enhanced value to their customers.
Imburse is an advanced universal payment connector that enables businesses to gain cost-effective access to complete global payments technology, regardless of the service provider. To learn more, please visit www.imbursepayments.com.
OUTSOURCING YOUR IT SOLUTIONS CAN SAVE YOU FROM COSTLY DOWNTIME
Amir Hashmi, CEO and Founder of leading IT and Cloud services provider Zsah, discusses why you need full-time professionals if...
HOW TRADITIONAL INSURERS CAN USE TECHNOLOGY TO IMPROVE THEIR RELATIONSHIP WITH CUSTOMERS
The customer experience with insurance is anomalous, in that one is only required to engage with their insurer if things...
THE FUTURE OF CLOUD: HOW TO KEEP YOUR DATA SAFE
By Pete Braithwaite, COO of KIT Online Cloud services are inherently scalable, responsive and flexible. They offer huge flexibility –...
ETRADING SOFTWARE AND ARTIS HOLDINGS LOANS ELECTRONIC PLATFORM OPEN FOR BUSINESS
The Bids Wanted in Competition (BWIC) process completes on the WIC trading platform Etrading Software, the independent, global provider...
AIRBANK SELECTS YAPILY TO BUILD A FINANCIAL MANAGEMENT SOLUTION FOR SMBS
Airbank, a financial management solution for European startups and SMBs, has selected open banking infrastructure provider Yapily to help its...
COULD YOU PROVIDE US WITH SOME BACKGROUND ON YOUR CURRENT ROLE WITHIN THE FINANCIAL SERVICES SECTOR?
– Shanker Ramamurthy, Global Managing Partner – Banking at IBM, BIAN Executive Board Member I lead the banking consulting...
IT COST MANAGEMENT: 10 STEPS BUSINESSES CAN’T IGNORE
By Matt Dando, Director, Strategic Business Value Consulting at Serviceware In today’s ever-accelerating digital era, and as we recover...
UNCHARTED TERRITORY: HOW OPEN BANKING CAN HELP BANKS NAVIGATE COVID CHALLENGES
Opinion from Rafa Plantier, Head of UK and Ireland at Tink The last year has propelled banks, businesses and consumers...
AI AND HOW IT’S LEADING THE FIGHT AGAINST FRAUD IN THE FINANCIAL SECTOR
Geoff Clark, Managing Director, Aerospike EMEA Much like many other sectors financial institutions have accelerated their digital transformation projects since...
HOW DIGITAL IS MAKING THE ‘IMPOSSIBLE’ POSSIBLE FOR FINANCIAL FIRMS
By Lavanya Kaul, Head of Customer Success, BFSI, UK&I, LTI Article synopsis: Focused on the digital transformation of the...
DANSKE BANK TO BRING DOMESTIC SCHEME, DANKORT, TO APPLE PAY
Danske Bank, Denmark’s leading bank, supported by Nets, will bring Dankort to Apple Pay Dankort is the preferred means of payment...
TACKLING THE FORGOTTEN PLASTIC PANDEMIC: CLIMATE CHANGE
By Mark Taylor, Group CCO, Waterlogic Last year the COVID-19 pandemic was, quite rightfully, at the forefront of all...
CROWN AGENTS BANK ACCELERATES GLOBAL GROWTH AND EXPANDS INTO NEW MARKETS WITH MULESOFT
MuleSoft, provider of the world’s #1 integration and API platform, today announced that Crown Agents Bank (https://www.crownagentsbank.com) is using MuleSoft to digitally...
THE IMPORTANCE OF ACCURATE AND TRUSTED TIMESTAMPING IN FINANCIAL SERVICES
Richard Hoptroff, CTO, Hoptroff Recent global financial regulations such as MiFID II require that all stock exchanges, credit institutions,...
HOW OPEN DATA CAN HELP FIGHT CLIMATE CHANGE
David Lais, Co-Founder and CPO at Ecolytiq – providing banks and financial institutions with the digital infrastructure for green finance....
NOW’S THE TIME FOR THE INFRASTRUCTURE SECTOR TO GET IR35 RIGHT
Matt Fryer, Head of Legal Services at Brookson Legal The Government’s recently announced £650bn programme of infrastructure works is...
MAKING THE MOST OF RPA TO ENHANCE THE CUSTOMER EXPERIENCE
Standfirst: Capturing and analysing business processes should be a prerequisite for any implementation of robotic process automation, argues Dr Gero...
FINTECHS AND BANKING POST-COVID
COVID-19 has forced businesses and society to adapt to new realities. From big-name Wall Street banks to up-and-coming financial technology...
WHY AGILE TECHNOLOGY PLATFORMS ARE THE KEY TO EFFECTIVE INNOVATION
Sujit Unni,CTO, Paysafe A main reason why platform technology can prove to be so effective for a business is...
DIGITAL TOKEN IDENTIFIER REGISTRATION OPENS WITH ETRADING SOFTWARE
Top 100 cryptocurrencies can now be tracked authoritatively using new ISO standard Etrading Software, through its non-profit division the...