menu

Payment API

What's on this page

In-person Payments / SoftPOS / General / Device Requirements

Device Requirements

The CPOC and MPOC specifications (PCI standards for SoftPOS solutions) allow to use SoftPOS on “COTS devices” & “Enterprise devices”.

  • COTS devices: meaning “commercial-off-the-shelf devices”. These include smartphones and tablets typically used in consumer environments.
  • Enterprise devices: typically used in professional environments – sometimes also called handheld devices, Android mini-computers, ruggedized devices, or courier devices. For more information on when SoftPOS is allowed on enterprise devices, please scroll further down on this page.

Requirements for Android COTS devices

  • Device is NFC-enabled
    Recommendation:The device’s NFC chip should be EMV Level 1 certified (as specified by EMVCo)
    More information can be found via Requirements for Enterprise Devices

  • Minimum Android 10 OS version
    Recommendation: Android 11 OS version or higher.
    Recommendation: Perform security updates regularly.
    How to Check? Via Android Version & via Security Updates on your device (If the last update is more than a year old, your device may no longer be supported).

  • The device has a hardware backed keystore
    More information at Android - Hardware-backed keystore

  • The device passes Google’s security tests by using the Play Integrity API and must be Google Mobile Service (GMS) Certified by Google
    This confirms that the device is not rooted, tampered with, or running on an emulator, and meets Google’s security and compatibility requirements for the Play Store and payment apps.
    More information at Play Integrity API
    Android 12 or later: Device integrity is required
    Android 13 or later: Strong integrity is required
    How to Check? Follow this Android Guide

  • The CCV SoftPOS application must be installed via the Google Play Store

Requirements for Enterprise Devices

The same requirements apply for Enterprise Devices as for COTS devices - with the following additions:

  • We recommend the Enterprise devices must be rated to “EMV contactless level 1”.
    This is not yet a strict requirement, but at CCV we anticipate that it will become mandatory in the future.
    How to Check? Contact your device manufacturer or supplier

  • Visa/Mastercard strongly recommend that the CCV SoftPOS solution be thoroughly tested on the specific hardware device before starting a roll-out.
    CCV can either provide a test installation for you to conduct the tests, or you can send a sample device to CCV (please notify us in advance), and we will conduct the tests for you.

How to ensure your device stays compliant?

  • Choose a device from a trusted manufacturer that provides long-term software support.
  • Choose a device with a recent Android version.
  • Regularly check for software updates in the device settings.
  • Do not use rooted or uncertified devices, as these will fail Google Play Integrity checks.