If you are one of the many companies looking to launch your own Soft POS product, there are a few important steps and considerations to keep in mind to keep your costs low and fast track your time to market.
There are a handful of SDKs out there that give you the tools to get started, but not all SDKs are made the same. There are many hoops to jump through before you get your product in the hands of your merchants.
As with any project, you will need to carefully evaluate your ‘build vs buy’ decision options at the outset and carefully cross-check off all the payment industry requirements – a complex challenge that requires a significant compliance requirement and development effort to make it work seamlessly.
Trust us. We’ve been there. We’ve built it. We know.
So, what’s it take to launch your own Soft POS?
1. Soft POS Security Requirements
The card schemes have established a unique set of security requirements for accepting contactless payments on mobile devices. Previously this was handled under a pilot framework, but all future solutions will need to satisfy PCI MPOC requirements. Soft POS vendors are required to have multiple layers of encryption, code protection, isolated channels of communication, PIN security, and attestation and monitoring capability, just to name a few.
If you chose to use an existing SDK, you will need to carefully consider what security approval it has. Many SDK vendors, only partially satisfy the card brand security requirements, leaving you exposed to further development and compliance headaches.
2. EMV Level 2 Certification
What contactless payment types do you want to accept in your application?
If you decide to build your own contactless EMV L2 kernels, then you’ll have to learn the ins and outs of card processing and certification. Each kernel has its own specifications and testing procedures, involving thousands of tests and many months or years of development.
If you want to use an SDK off the shelf, then you will need to consider which card brands are supported. It’s common that only a few card brands are supported, which ultimately limits your potential transaction volume.
Of course, let’s not forget about support for mobile wallets too!
- Felix.Cloud EMV Level 2 certified with American Express
- Visa certifies the Felix market leading EMV cloud kernel
- Cloud EMV kernel certified by Mastercard
3. EMV Level 3 Certification
Most Tap to Phone SDK vendors offer stand-alone solutions, in that they do not have the back-end host connections included as part of their overall service offering. This means you will need to build the connection to the payment processor and perform an EMV L3 certification in conjunction with the processor’s certification team – a stringent process which can take anywhere from 4 months to 18 months per acquirer. But once completed, you will finally be able to process transactions.
Each EMV L3 certification involves thousands of tests and hundreds of hours in testing and debugging. As with any certification, you can expect to have delays that are outside of your control, which can push timelines out.
If you want to be a multi-acquirer solution, then you’re looking at years in development, not to mention ongoing maintenance.
- Felix L3 certification with Chase
- Felix L3 certification with Elavon
- Felix L3 certification with Heartland
Accelerate time to market with Felix
Felix’s Tap to Pay SDK is simple and powerful— the only 100% cloud-based payment acceptance platform in North America has a full SDK with L2 and L3 certification and all the security requirements checked off.
As a turn-key framework for Soft POS commercialization, Felix Tap to Pay SDK helps organizations save on development costs, fast-track time to market and build innovative solutions to transform the payment acceptance experience for merchants and customers.
With one SDK you get your security needs covered off, support for major contactless payment methods and connectivity to leading merchant acquirers.
If you’d like to learn more about your Soft POS integrations with Felix, don’t hesitate to get in touch.