Poseidon's EMV QR Challenge

Challenge Overview

In this challenge, we are trying to research, define and demo the POS interaction experience for the clients who would be using the Poseidon-LPC’s SDK to build a mobile application. 

Project Overview

The project objective is to build an SDK for the Loyalty Payment Card(LPC) for our client. This SDK will be used by LPC’s clients to build the LPC mobile app. So the SDK will provide all required functionalities from authentication to payment processing, reward management, etc.

In this challenge, we want to focus on the user’s experience of showing the QR Code to a POS Terminal. 

Assets

• We want to conform to the Research EMV Consumer Presented Specification available here: EMVCo-Consumer-Presented-QR-Specification-v1-1.pdf
• Since this is a PoC you can create your own codebase 

Technology Stack

Either Android or iOS 

Individual Requirement

The users of the app will present a QR code at the POS/POI Terminal and the merchant will scan the QR Code to charge the card accordingly similar to Alipay. Here we are assuming that the user will not always have internet connectivity and the POS terminal will always be online. 

We want to know:

• How to conform to the EMV Consumer Presented Specification, what details are needed for it (like Card No, PAN, Tokenised card no, etc) and which of them are optional/mandatory.
• What are the standards used for encoding and decoding the QR Code?
• The best methods of storing the said details needed for rendering the QR Code on the device. 
• if the spec supports encoding the details in an encrypted format or if there are other ways of ensuring security while showing the QR Code. 
• How does the spec prevent replay attacks i.e. an attacker obtaining a screenshot of the QR code and reusing it? 
• How does the security model work? 

Create a sample iOS or Android with following:

1. Simple page to add card info required by above specification
2. Save it in the industry secured way
3. Create a button called “show QR code”
4. Clicking on that button generate and show the QR code
5. QR code generated above should be accepted by a POS scanner. For demo you can show the detail of QR code by another scanner but the content of QR code should be based on the above specification so that it will work under real POS.

Glossary:

POS - Point of Sale

POI - Point of Interaction

Final Submission Guidelines

Please submit the zip containing followings:

1. A detailed Readme explaining the process, security model and libraries, if any, used for the PoC
2. PoC code that will demo the approach
3. scanner. For demo, you can show the detail of QR code by another scanner but the content of QR code should be based on the above specification so that it will work under real POS.
4. A video of your PoC(video shouldn’t be public) including deployment and verification