2019-09-16
Transenix: mobile POS in a smartphone

CTS offers a solution that allows a smartphone with NFC on OS Android to accept payments from contactless cards and digital wallets.

   The Transenix mobile application downloaded to the smartphone is used to make contactless payments and doesn’t require external hardware. Mobile POS solves the urgent task in the field of receiving and servicing payment cards, and it is used to build the infrastructure for receiving contactless cards and digital wallets with NFC support for small and medium-sized businesses. The Transenix mobile application uses the capabilities of the NFC controller in the merchant’s mobile device, reads data directly from a digital wallet or a customer’s payment card. The received data is processed and transmitted to the server of the acquiring bank. Transenix solution meets the security requirements of payment systems.

   Using Transenix greatly simplifies the process of merchant registration and allows us to start card-accepting as soon as possible. All that a merchant needs to get started is a smartphone with NFC-module and Transenix’s mobile application, which the merchant can install for free from Google PlayMarket. The Transenix system consists of two parts: a mobile application for Android OS (Merchant App.) and a server for managing mobile applications of merchants AMS (Application Management Server). The main tasks of AMS are registration and management of merchant applications, administration, and configuration of terminal’ parameters, ensuring the security of transaction execution, execution of purchase transactions, and other operations. AMS connects to the acquiring bank using the authorization POS-protocol.

Service Server Features (AMS):

● Integration with the merchant registration system and the card processing system in the acquiring bank.
● Generation of transaction statistics.
● Securing communication channels with the application.
● Monitoring threats on the merchant’s mobile device.
● Blocking the mobile application of one merchant or deactivating all (group, MCC, network).
● Ensuring a sustainable level of data processing security.
● Providing system health monitoring using Health Monitor.
● Support of several data exchange protocols with the acquiring bank.
● Queue management based on JMS Camel.
● Parallel processing of requests.
● Query sequences analysis.
● Support for the asynchronous operation of the system.
● Using HSM for all cryptographic operations.
● Ability to bind applications to geolocation.

   First of all, the merchant must conclude a legal contract with the bank to accept payment cards for goods and services. At the next stage, the bank registers the merchant in the merchant service system. The merchant can be registered remotely through the Transenix mobile application by downloading it from the Google PlayMarket, and immediately start accepting contactless cards for payment after registration.

Merchant Mobile App Features:

● Remote merchant registration (activation / de-activation) support.
● Transaction execution: Purchase, PAN Key Entry, Reversal, Refund.
● Collecting transaction statistics.
● Request transaction history.
● Providing a receipt for a transaction for the current day.
● Configuring application settings.
● Merchant authentication with a password (4-6 digits).
● Incomplete transaction monitoring.
● Operator action history audit.
● Support for multiple application languages.
● Sending an E-receipt to your phone, Email, QR link, or messengers.

   Using the Transenix application, you can accept contactless cards or digitized cards in various wearable devices via NFC to pay for goods and services. It is also possible to use QR-code payments (based on mVisa scheme), this option can be disabled on AMS. Changes or modifications of terminal configuration parameters performed on TMS can be applied to the merchant application immediately. Limits and rules related to payment methods and allowed operations can be applied both to one terminal and to a group of terminals.

An important part of Transenix solution is:

● the use of digital data transmission technologies through NFCs and modern remedies for the merchant's mobile application against active and proactive threats;
● the use of secure data channels; the use of encryption tools;
● ensuring that security parameters are monitored and that the merchant application complies with the security policy at the time of the operation.

   Mechanisms that evaluate the application for various security threats detect anomalies and transmit these evaluation parameters play an important role in preventing discreditable actions on the smartphone. The system responds to the transaction itself. The system may decide to disable a specific terminal if its parameters do not meet the requirements.

The Transenix system uses technologies that provide high security and application protection, namely:

● Proactive Defense and Threat Management
● Blocking attacks while using the application
● Root Detection - prevention of process bypassing security measures of the operating system.
● Repackaging Detection - check the integrity of the application.
● Code Injection Protection - control of application program code.
● Keylogger Protection - control of a trusted software keyboard.
● Screen Capture Protection - lock screenshot.
● Screen Reader Protection - locks the active screen scanner.
● Device Binding - creating links between the application and the device hardware.
● Obfuscation - obfuscating Java classes.

     Card Technologies and Systems (CTS Ltd.) offers banks Transenix solutions delivery services based on the company’s experience and competence.