top of page
Do you have any question?
Download our latest collaterals here to learn more about MineSec's solution.
You can also request access to our SDK APIs description.
Last update : 20/03/2021
Does SoftPOS support software-based PIN entry transactions ?Yes, PIN entry transaction is an optional configuration of SoftPOS. If PIN entry is supported, a PIN CVM App is required as part of the SoftPOS solution. Please note that SoftPOS with PIN entry is now currently managed separately by the schemes as pilots, separate approval is required.
Does SoftPOS support iOS ?No, Standard SoftPOS supports Android only now. iOS cannot be supported as the NFC interface on iPhone is not opened yet as NFC reading device.
What are the certification requirements of a Softpos implementation ?PCI CPoC is now the certification program for SoftPOS. For all new SoftPOS implementations, the SoftPOS product used has to be evaluated and certified against the PCI CPoC security requirements. The PCI CPoC evaluation is performed by any accredited PCI CPoC laboratory. The contactless kernels used in a SoftPOS solution will need to have Contactless L2 certifications as well. L3 certification would be the last step before roll-out. L3 is an end-to-end testing, it is similar to the existing L3 testing for traditional POS. At the moment, EMV L1 certification is not required for softpos product.
Is the back-end Attestation and Monitoring server required to be hosted together with the transaction server ?No. It is not necessary to have the back-end attestation & monitoring server hosted together with the transaction server. Most of the time, there are separated indeed. The back-end attestation & montoring server is used to monitor the health status of the softpos application and the device. It won’t touch the card data and transaction information, payment processing will still be the job of the transaction server. As such, it is not required to host the A&M Server together with the transaction server. In some countries, it is regulated that the transaction information has to stay within the countries and thus the transaction server has to be hosted locally. Since the A&M server doesn’t store and handle any transaction information data, the local hosting regulation doesn’t apply generally.
Does the back-end A&M server possess any card holder and transaction data ?No. The A&M server possess the COTS and Application health data only. No card holder and transaction data should be transmitted to the A&M Server.
What is the impact if the phone OS gets updated ?If the phone OS is updated, the impact will depend on if the update will affect the security features of the SoftPOS. If it leads to the changes of the SoftPOS security features, the SoftPOS will be required to have a PCI CPoC delta evaluation or full re-evaluation. Therefore, it is wise to select a SoftPOS SDK solution where its security features are immune to the update of OS.
bottom of page