An article by
Cashless payments in shops (Point of Sale Payments, POS Payments) are nowadays almost only carried out according to the so-called authorisation principle. Apparently, there is no alternative to this procedure and many companies want to earn money from it. However, since many customers now pay with a smartphone, a new possibility is opening up. The solution requires a complete rethink.
The Authorisation Principle
POS payments need to ensure a secure way of transferring funds from the customer’s account (6) to the merchant’s account (1). The authorisation principle requires the merchant to purchase a card terminal (3) that communicates with a background system (2) of the card scheme. The card terminal therefore requires not only a power connection but also an internet connection.
Authorisation is usually done by inserting (or holding) a card and entering a number (PIN) on the terminal. Legally, this entry is proof that the customer “wanted” the payment, i.e. authorised it.
If the customer has already stored his card data in his smartphone, the transaction can also be carried out with the smartphone (4): the card data are then transmitted wirelessly (NFC) to the card terminal. As soon as the background system has received a release for the amount from the card account (5), it reports the successful transaction back to the card terminal. The merchant can then hand over the goods. A card terminal and also the connection to the background system are elaborately secured to prevent manipulation or data theft.
It is convenient for the customer but expensive for the merchant. He is the only one of all parties involved who bears the costs of the POS payment.
Another disadvantage is the time delay caused by the card scheme. It takes some time for the money to be available in the merchant’s SEPA account. It is therefore not surprising if merchants, hoteliers and other business people are critical of the conventional processing of POS Payments.
The Attestation Principle for POS Payments
If one mentally separates oneself from the processes of the authorisation principle, what is important for the merchant is not the authorisation of a payment, but the confirmation of the payment itself. Provided this confirmation is fraud-proof, the merchant can hand over the goods.
The confirmation principle is therefore not about the authorisation, but about the confirmation of the successful payment. It is essential that the payment is final, i.e. that it cannot be subsequently cancelled. The confirmation principle uses the authorisation procedure that the customer knows: that of his bank. The customer therefore makes a normal credit transfer via a mobile app from his own smartphone. He does not disclose any card or bank details to the merchant. This is not only an additional protection against card fraud, but also against privacy data misuse.
The cost advantage of the confirmation principle comes from the use of the customer’s smartphone for authorisation and all other communication tasks. Neither card terminals nor their background systems are needed and are no longer a cost factor.
The merchant receives a tamper-proof confirmation that the payment has been made. The hardware required for this (Payment Attestation Device – PAD) costs less than 40 € to purchase and does not require any connections, i.e. neither a power socket nor the internet. It communicates with the smartphone via Bluetooth (LE) and not via NFC (important when using iPhones). The PAD has a crypto chip that prevents any manipulation.
The system is patented under EU law and is already in use with self-service devices. For further questions about the confirmation principle for POS payments, please use our contact form.