Softpay.io tech and security
SoftPay.io is a mobile application that allows merchants to turn a regular phone into a contactless payment terminal, without any additional dedicated hardware.
The mobile application uses the built-in NFC reader of the phone to read payment card data – both from physical cards and from mobile wallets (i.e. ApplePay, Google Pay, Samsung Pay). And if necessary, the consumer will be prompted to enter the PIN on the Softpay.io device. Completely secure.
At Softpay.io, we take care of ensuring the solution is designed and updated according to the current standards and guidelines from EMV and PCI. We operate the solution 24/7 in a cloud-based infrastructure, that provides full redundancy and scalability. Our technology stack is Kotlin, Java and C.
Softpay.io consists of a secure mobile client and back-end, that together takes care of security, ensuring the consumer and merchants can trust the solution. The system will continuously get encrypted data from the mobile clients and monitor it in real-time, to detect any suspicious behaviour, which will then be blocked.
Consumers card and PIN data is handled separately, it is never stored in the client, and the back-end is designed according to the PCI DSS information security standard for handling payment data. Furthermore, the solution is certified by an independent laboratory, according to the card payment schemes Tap-to-Phone program, ensuring end-to-end security meets the highest requirements.