Hi Ofer, PCI compliance is not as much an issue as EMV compliance. This is a dense topic but I’ll do my best to explain. PCI is more focused on the processing and storage of sensitive customer information post interaction point. The interaction point is when a customer presents their payment credential at a point of sale, for instance. EMV is focused on how the payment credential exchanges sensitive data with the point of sale. EMV evolved from the smart card, where a chip is able to carry out the same cryptographic functions that make the internet secure (SSL, TLS, etc). The NFC function on the Nexus 7, while compatible with EMV contactless protocols, is tough to get certified as a payment point of sale. The reason is because the Android OS isn’t free of vulnerabilities. Certified POS hardware needs to meet strict guidelines, known as EMV L1 specs, in order to guarantee to the payment processor that sensitive customer information hasn’t been sniffed at the point of interaction.
There are companies that are working on creating Trusted Execution Environments (TEE) for mobile devices to achieve EMV L1 certification. However, the EMV specs are still catching up to these innovations so I haven’t seen any independent labs offering these testing services yet. Once this is possible there will be an opportunity to use Flomio’s products to create EMV contactless POSs out of mobile devices.
EMV based payments are those that will work with Chip+Pin cards as well as tap-to-pay solutions like Apple Pay and Android Pay (formerly Google Wallet). You can still roll your own payment solution (know as closed loop system) that works by way of NFC. This gets you around the EMV certification requirement but forces you to have to distribute and manage the NFC credentials. It’s hard to beat Mastercard, Visa, etc. at that game but if you have a controlled environment like a music festival or event, definitely possible.
hope that helps… let me know if you have more questions.
Richard
