Building a Secure Payment App Ecosystem for Smart Payment Terminals

Key Takeaways

• The new generation of intelligent payment terminals is increasingly becoming an intrinsic part of the business processes that create value-added applications in different commerce uses from traditional payment processing. Besides, merchants favor such devices owing to their multifunctional ability to operate and manage various functions such as catalog management, order processing, tracking sales, etc.
• The demand for multifunctional solutions is set to propel the smart payment terminal market into rapid growth and is on track to become a significant player in comprehensive commerce ecosystems.
• In addition, it is required to ensure the security of payment applications executed on smart terminals while supporting additional commerce functionalities. This includes integrating efficient security measures that will protect sensitive payment data and keep the solution compliant with both PCI and EMVCo standards.
• Some key strategies to secure these Smart Payment terminals would involve adhering to principles of open-source security. Such practices allow for the prevention of unauthorized access and the integrity of installed applications, thereby ensuring a strong security framework of the smart payment ecosystem.
• Developing advanced security capabilities within smart terminal ecosystems is integral to merchants' and consumers' value propositions, ensuring a more excellent commerce experience. Robust security frameworks will enable companies to provide seamless and secure transaction opportunities, advanced feature inventories, loyalty programs, and more.

Modern smart payment terminals have rapidly gained traction in today's market, often running on advanced operating systems like Android. Merchants now prefer these smart terminals to expand their business and access a wide range of commerce offerings. For example, a business owner running a coffee shop might use various applications on the terminal, such as catalog management, order management, and tools to track total sales, profits, and reporting. The era of generating revenue solely from payments is over—every major player is now focusing on expanding into broader commerce solutions.

According to the analysis here, the Smart Payment Terminals market, valued at USD 53.83 billion in 2023, is projected to grow at a robust CAGR of over 12.5% between 2024 and 2032; this growth reflects the increasing adoption of Smart Terminals by businesses seeking to enhance their operations with a wide range of commerce applications in addition to processing payments. As the demand for omnichannel commerce solutions continues to rise, Smart Terminals are expected to play a significant role in in-store payments.

Here are a few real-world examples of Multifunctional Smart Terminals,

Retail Example: POS Terminals in Big-Box Stores Large retail chains, such as Walmart or Target, use smart payment terminals for much more than simply processing payments. These terminals handle everything from inventory management and real-time sales analytics to integration with customer loyalty programs. For instance, an intelligent terminal would update the stock level for sold items, sync data back with the central inventory system, and, upon request, provide a customer with personalized discounts on certain merchandise based on previous buying history. Securing these terminals means sensitive sales data and customer information are well out of reach from unauthorized access.

Health Care Example: Patient Payment Solutions Smart terminals, for example, are being used to enable medical service payments and manage patient data in healthcare settings. A hospital might use a smart terminal to process the co-payment of their patients and store billing information about them in a secure way. Given the tremendous exchange of patient information within these systems, the importance of adhering to rigorous regulations regarding their security cannot be overstated. Advanced encryption and access control should be implemented to ensure this private medical and financial information remains safe, underscoring the seriousness of the issue.

However, this surge in adoption raises a crucial challenge: How can we ensure the security of core payment applications while allowing other commerce applications to coexist on the same terminal in a PCI- and EMVCo-compliant manner without compromising on security? This question becomes increasingly relevant as the need for secure, multi-functional smart payment terminals continues to grow alongside the expansion of omnichannel commerce.

My journey into this space began with a pivotal role at GoDaddy, where I contributed to developing and securing the World's first Smart Payment Terminal. By the end of 2023, GoDaddy's gross payments volume reached $1.7 billion, marking a 125% increase year-over-year (Source: GoDaddy Smart Terminal)). This success underscores the importance of secure and versatile payment solutions, a challenge I tackled by integrating robust security measures into our smart terminal ecosystem. With my extensive experience developing and securing smart payment terminals, I would like to share some general best practices for building a secure payment ecosystem. These open-sourced practices can offer valuable insights into ensuring the security and functionality of innovative payment solutions.

Below is a component diagram that represents the key components required for this discussion:

App Portal Server: This is a server that can manage app verification and distribution processes. It can host services that verify the authenticity of an APK that's allowed/disallowed to be installed on the Smart Terminal. App Portal Server can also have the scripts in place for app review processes.

Package Verifier Service: This is an android defined intent action that can be launched when android sends package verification-related events.

Android Operating System: This is the underlying Android-OS that supports Android Debug Bridge and various other underlying android frameworks.

Commerce Applications: General Commerce Apps that help simplify the merchants to run and grow their daily business.

Payment Application & Card Reader: This drives all the EMV payment application flows and is responsible for payments end to end.

Payments Server: Responsible for processing authorization, refunds, voids, and all payment-related operations with the acquirer.

Few approaches for Securing Smart Payment Terminals

Disabling ADB on Production Units

ADB is an Android Debug Bridge that lets any user sideload and install malicious applications on unapproved applications that could pose a considerable security threat to our payment application. This application can very well claim to be a hidden application that secretly intercepts payment-related information such as card data, encrypted PIN data, KSN, etc.

ADB should be fully disabled on Smart Terminals. The risk of a hacker getting access to this leads to substantial security violations.

OEM Lock

Factory locking the OEM bootloader ensures the hackers avoid flashing custom ROMs or rooting the device. OEMs can enforce bootloader locking in production by setting the ro.oem_unlock_supported build prop to 0.

App Review Process

• Consider conducting a robust app review process that scans for secrets and security risks. Several code scanner tools, such as Tartufo or Github secrets, can be used online.
• Ensure the application is not logging any secure user data or breaking PCI in any possible way.
• Ensure apps don't use unsecured network protocols that would lead to security breaches.

Device Attestation Service

It is an important security feature Android provides for smart payment terminals in the attestation. It ensures the hardware-software integrity of a device meets the required security standards before it is used to process sensitive transactions. It uses the Android hardware-backed security modules on the terminal, such as TEEs, to generate a cryptographic signature of its condition. The remote server then verifies the signature, preventing the execution of the payment operations on compromised or rooted Android devices. Embedding such a service means that the Android smart terminals remain in compliance with the relevant standards set forth by PCI-DSS and EMVCo while sensitive payment data remains secure from being compromised.

For more info on implementation, please refer to Google Play Integrity API

Package Verifier

Android AOSP offers Package Verifier Service that's triggered whenever a new application is sideloaded on the device. Package Verifier can be used to our advantage here whenever a new package is about to be added always,

• Ensure the app portal server has approved this package
• Use signature schemes to make sure the application follows Authenticity and Integrity.

Please find more info about Signature schemes here: https://source.android.com/docs/security/features/apksigning

public class PackageVerifierReceiver extends BroadcastReceiver {

    @Override
    public void onReceive(Context context, Intent intent) {
        // Check if the broadcast intent is requesting package verification
        if (intent.getAction().equals(“android.intent.action.PACKAGE_NEEDS_VERIFICATION”)) {
            // Add custom verification logic here
            // This is where the package signature scheme, certification check,
            // and any security steps would be executed before allowing installation.

        // Check if the package has been successfully verified
        } else if (intent.getAction().equals(“android.intent.action.PACKAGE_VERIFIED”)) {
            // Handle post-verification steps here
            // This can include logging success or proceeding with app installation.
        }
    }
}

References:

• Android Package Signing
• Android Intent Actions
• Android Intent Actions

Summary

As the landscape of Smart Payment Terminals evolves, integrating advanced commerce solutions with robust security measures has never been more crucial. Implementing the best practices discussed in this article is essential for developing a secure and effective commerce ecosystem. By addressing key security concepts and leveraging emerging technologies like AI and IoT, we can enhance customer experiences and merchant operations. These advancements safeguard payment applications and add significant value through seamless checkout experiences and improved management solutions, such as inventory control, order processing, and customer loyalty programs. Embracing these strategies will drive the future of smart payment terminals, ensuring they continue to meet the evolving needs of businesses and consumers alike.