Work in progress. Not ready for evaluation!
This documentation is part of Adyen's solution for mobile payments on iOS Commercial Off-The-Shelf (COTS) devices:
our iOS mobile payments solution.
This documentation demonstrates that our solution conforms to:
- Module 2 of Payment Card Industry (PCI) Software-based PIN Entry on COTS (SPoC)™ - Security Requirements Version 1.1.
- Mastercard Embedded Contactless Reading with Optional Online PIN Support for MPOS Pilot Programs - Draft Security Principles Version 0.0.2
- Visa Ready Tap to Phone Solution Requirements - Version 1.8.1.
We will show how our solution provides adequate security mechanisms, controls, and mitigations to protect the consumer’s PIN and cardholder data as well as other assets (such as cryptographic keys) from unauthorized disclosure, modification, or misuse.
We will discuss the following topics:
Core requirements
- Architecture of the Android mobile payments solution.
- Data flows: mutual authentication, remote key loading, and transactions.
- Cryptography: details of all the keys used in the solution.
Third-party libraries
- Third-party libraries integrated in the solution.
Security mechanisms
- List of assets.
- Security mechanisms that are implemented in the solution.
- Secure procedures.
Monitoring and attestation
- The design of our monitoring and attestation (M&A) system.
- The automated response to detected threats.
- How we respond to any incidents.
Reporting and management of security flaws
- An overview of Adyen's Responsible disclosure policy.
- An overview of Adyen's vulnerability management policy.
Integration guidance
- Integration and security guidance for integrators.
Document changes
| Date | Version | Description |
|---|---|---|
| 2024 | 0.1 | Work in progress |