How to implement NFC payments?

Question

I want to add NFC payment to an Android application I'm working on to allow the users to pay directly to a POS. I'm interested in supporting as much POS as possible.

I was wondering if it's really possible or it depends on propietary protocols/hardware.

I have found information (and code samples) about reading the contacless card info but I can't find any library or code about the payment itself.

I know about the EMV Specification but it looks pretty long and technical and I would like to know if it's really possible before diving into it.

We cannot use Google Wallet because I am not in the United States.

Answer 1

You won't be able to support NFC payment in your application, unless you are a bank with a Visa/Mastercard/etc agreement, and have access to a certificate to sign your EMV transactions.

Contactless EMV transactions are not encrypted. That is why you can easily sniff a contactless transaction, or read a contactless payment card info.

Transactions are still secured because of a certificate embedded in the card, specific to the card issuer (ex : Visa, mastercard). This certificate is protected (can't be read). It is used to sign the transaction details (amount, date, random identifier, etc.), so that the POS and transaction processor (on the bank side) can authenticate and validate the transaction. Without a valid signature, your transaction will be rejected.

However, since all major card issuers added mobile payment support to their latest specification (ex : mastercard PayPass 3.0, Visa PayWave 2.1). They may eventually offer API for other apps on the phone to initiate tranasctions. Still, my understanding is that phones will need some specific hardware (ex : a cryptoprocessor) to process transactions.