Challenge Overview
Challenge Overview
This is an exploratory challenge to find out ways to store a Payment card number(PAN) number on an android device. We do require some PoC code to show the approach works.
Project Overview
The project objective is to build an SDK for the Loyalty Payment Card(LPC) for our client. This SDK will be used by LPC’s clients to build the LPC mobile app.
So the SDK will provide all required functionalities from authentication to payment processing, reward management, etc.
In the last challenge, we have verified that we can launch and interact with NFC on an android phone. Now, in order to process the payment from the app at the POS terminal, our app needs the card details. With this challenge, we would like to find the best way to store the card information within the app.
Essentially following this challenge, we want to create our own Digital Wallet on the Android device to make NFC payments. This Digital Wallet capability will ultimately be built into the LPC SDK.
Assets
A base source code from last PoC challenge is shared on the forum. Since this is a PoC It is optional to use this.
Technology Stack
- Android
Individual Requirement
We want to explore the tap to pay functionality for doing payments via NFC on Android.
There are two approaches to doing this:
1) Using Android Pay, in which case our clients would be limited to a set of Payment Service Providers (PSPs) supporting Google Pay.2) Finding out the current supported PSPs of the POS vendors our clients use and make our app accept all of them without interfacing with Google Pay.
We want to take the second approach for which we would need to store the credit card details securely on the device.
- Show the best way to store the PAN/Tokenized Card details on the phone.
- One approach for this is to store the card details on a host card emulator and We would need to store the card details on the host card emulator of the phone. In that case, show us, can we store the token or PAN on an Android device in the HCE (Host Card Emulator) using the Android SDK to make NFC payments without using Google Pay?
- If we cannot use the Android HCE without Google Pay, is it possible to create a software-based card emulator.
- Describe how your PoC is secure.
- Describe what should be done to retrieve the card details and transmit it, to be accepted at NFC terminal.
The PoC app should have the following features:
Final Submission Guidelines
Please submit the zip containing followings:
- A detailed Readme explaining the process, security model and libraries, if any, used for the PoC
- PoC code that will demo the approach
- A video of your PoC(video shouldn’t be public) including deployment and verification