I am asked to develop a mobile POS android application which will read the Chip Card Data from device (like Square) which can be connected to the audio jack of cellphone. Till now I have successfully done the following:
(1) Detected the device on the audio jack.
(2) Read all the data that is there in the Chip.
(3) Read the tags data/ public keys and certificates which are required for transaction processing.
(I am aware that it is not right/illegal to read this user data - I am not going to store any of this on my device)
I know that the next step would be to integrate my application with a payment gateway.
Working on this, I successfully integrated PAYU Money (a Payemt Gateway) with my android application. It directs me to a "form" where the cardholder needs to fill his information such as NAME, CARD NUMBER, EXPIRY DATE etc.
I have already extracted this data from the EMV chip. But I am unable to send it on THAT form. I don't want my clients to fill any of the data except PIN number to complete the transaction.
I tried to look for other Payment gateways which could directly take the data from my app (Point to Point) but haven't found yet.
Now, I am stuck at what do I do now ? Where do i go from here ? What steps do i follow to get this project done ?
I am also wondering if I am headed to right direction ?
All help or guidance would be highly appreciated. Thank you
K,
You may not be able to do it this way. There are two ways to complete a transaction online :
using a webform where you fill in data printed on the credit card : card number, expiration date, cardholder name (which are also accessible by reading the card chip/magnetic track) AND cvv number written behind the card (which is NOT available in the chip).
using a POS application, which will complete an EMV dialog with your card in order to get it to sign and approve the transaction.
It seems you're trying to achieve option 1. Unless someone manually inputs the cvv code, you won't be able to complete the transaction.
However, the mention of a PIN number implies that you want to do an EMV transaction (there's no PIN for webform based transactions). This is a painful process, which will require to use a certified EMV kernel (or a couple of years to code your own), and to get a certification for your application. Most likely not what you're trying to do.
Last option, use the Square Connect API, whil will take care of the payment processing for you. Unfortunately, you would have to switch to iOS, since it's not supported on Android.
Related
I was reading this article about NFC and Kotlin and tried to implement the Code in my App. I want to send a string from one device (from the customer) to the receiving device (supplier) for a faster checking - in (for example if you have booked a table, the device reads the booking-id from the customer-app and displays the regarding information on the supplier-device.
The problem is that:
this.nfcAdapter?.setOnNdefPushCompleteCallback(outcomingNfcCallback, this)
this.nfcAdapter?.setNdefPushMessageCallback(outcomingNfcCallback, this)
both Callbacks from the NFC Adapter are deprecated since API 29.
So is there any other way left to do this?
Google's documentation mentions the following concerning the deprecation:
File sharing can work using other technology like Bluetooth.
Indicating the feature was originally intended for file sharing,
not the sending of short strings.
Two solutions come to mind:
On the customer's device you generate a QR code containing the string you want to send over. With the supplier's device you scan the QR code. This way is often used for mobile payment and customer reward/discount apps.
A web service where the customer sends over their ID and then information is returned from a database.
You can also combine these approaches by for example letting the customer scan a static printed QR code containing the supplier ID. With the supplier ID your app could then submit the customer's booking ID and the supplier ID to your web service after which booking info is returned.
I am running following commands in android using JNI.
select command: 00A4040006454D5600000100(based on relavant AId)
GPO: 80A80000(modifying based on pdol)
read record : 00B2010C(Based on number of AFLs, SFI available)
after this I wanted to show pin pad if the card supports pin.
I am getting following CVM list
4203 Encrypted PIN online, If terminal supports CVM, next
1E03 Signature, If terminal supports CVM, FAIL
1F03 No CVM
how to understand these tags in android/ java. Are there any APDU commands for this? How to process/perform cvm rules?
All suggestions would be appreciated.
As I understand you have some form of native EMV kernel that you call from your Android application. As a first suggestion, you should see whether such function isn't already exposed.
CVM List is simply one of the objects (with identifier 0x8E) that you read with Read Record commands. The definition of what means what can be found in EMV Book 3 (look at chapter 10.5 and Annex C3) available at www.emvco.com
Since Cardholder verification in EMV is performed sequentially (going through the list checking conditions apply to your transaction) it is difficult to say whether PIN will be used or not (regardless of the fact that card may support it - quite frankly it is mandated by the payment schemes for issuers to support PIN method for most of the card products). Some conditions may depend on the execution status of previous method (when b7 is set on CVM Rule Byte 1).
Regarding commands, you may expect that offline PIN will require sending Get Data command requesting 0x9F17 which is Offline PIN try counter. Offline PIN will, of course, require sending Verify command presenting the PIN to be validated by th ICC.
I am working on a review submission project on Tendermint in Windows.
I want to submit a tamper-proof review about a organisation and hence want to create a private block-chain network with no validators and say 5 users, who submit their review via android app through abci-cli to the private blockchain.
Can anyone guide me how to proceed with this. I am new to this whole topic and very confused about where to start.
I got this How to create a Tendermint local network with same ip
but want to run say 5 user accounts from different mobiles and Tendermint on 1 laptop(to create Blockchain). What I want to build is possible?
Any help is appreciated.
First of all, if you want to create a tamper-proof review system, you'll need as many validators as you can have, not just one. You need them because it's straightforward to hack one validator and exploit your system. But if you have many validators, it's not so easy (given they are independent - different data centers, racks, ..). The whole power of blockchains emerges from having a large number of separate machines which can't easily be hacked.
Second, you can have as many users as you want (of course, there is an upper limit on how many txs per second Tendermint can process).
Third, it's better if you use native Android API to send transactions. Tendermint has 3 HTTP endpoints for transactions (https://tendermint.github.io/slate/#broadcasttxsync).
Is this possible to achieve on iOS and Android with the least manual operation?
The user visit the web page W and W stores data D somewhere (in the device or the server).
The user install app A and A get D (from the device or the server).
I can only think two ways to indirectly achieve the same result:
W asks the user to copy D into the device's clipboard, and then A asks the user to paste D in the app.
W asks the user to write some random string X (and save the mapping from X to D), and then B asks the user to type X (and get D by sending X to backend).
Btw, after googling a while, it looks like current mobile browsers cannot access the clipboard, and W3C is just writing the draft of clipboard API (2014/09/18 http://www.w3.org/TR/clipboard-apis/ ), so using clipboard as a "hack" to pass data automatically is not possible currently.
We also struggled with this when we built our last mobile app, Kindred Photobooks. We actually created a native library for iOS and Android to do just this - give you the ability to pass data past install. The best way we found is to basically bundle that information in the link and use fingerprinting to make that data available after install, which is working really well.
You can try to build fingerprinting in in house as well - basically create an outstanding device fingerprint once someone clicks on the link and match it to the fingerprint that you create once a user
We automated everything and made sure all the edge cases work on both Android and iOS. Check us out at branch.io and if you are curious on how our links work, you can read more here.
I don't exactly what you want to do, but, you can for example, on the web page, ask the user to enter some info, and then you send to his email a code, then he can share that code with other people, and inside the application, you create a section, so user can enter a code. Using that code, the app makes an HTTP call to the server, and the response can be the info entered by the first user. Of course you are going to need a database.
The app that I'm developing allows the user to enter in a zip code, then the app displays my local businesses that are closest to them. So if someone entered in a New York zip code, all of my franchises located in NY would show up.
It would be ideal if I could see what zip codes are most popular with the usage of this app, and which states receive the most traffic.
Is there a way to record/analyze the entered in zip codes of my users, and have that data sent back to me? Will this become a privacy issue if I gather this data?
Thanks
EDIT
The zip code the user will enter is simply in an EditText.
What you want to do is certainly possible. Since you're posing this question at all, I'm guessing you're app has the available franchises stored locally as opposed to retrieving them from a server.
Where is the data supposed to be sent to? If you have a server, you can use an HttpsURLConnection and POST the requested zipcode to your server when the user presses calculate or however else calculation is kicked off in your app. You will need the internet permission for this to work.
As a word of caution, you should be very up front about that you're doing this to the user, and also give them an option to turn it off, or even have it turned off per default. Personally, this would be the kind of thing that would bother me a great deal if I were to use your app. (Actually, if I couldn't turn it off, I probably wouldn't use it.)
EDIT
I'm not an expert on U.S. privacy laws but I imagine you probably need a formal privacy statement, as well. You certainly do if your app is also available in the European Union (regardless of whether it's useful there or not - whether or not it's available is enough.)
Yes you can easily collect this data and return it to a server. This will require an additional permission for your application 'android.permission.INTERNET' (If not already included.)
Not a lawyer and didn't stay in a Holiday Inn... but I don't see a privacy concern if you're using anonymous data... if you're packaging up user information (Name, Phone #, etc.) and sending it back I would think you'd want to include a "privacy policy" in your app's terms of service.