A Point-of-Sale (POS) system is the starting point of nearly every electronic payment. Although it looks simple to the end user — tap a card, enter a PIN, get a receipt — a POS is actually a secure, certifiable embedded system that sits at the front line of the payment ecosystem.
In functional terms, a POS system allows a merchant to accept payments.
In architectural terms, it is a security-critical endpoint in a much larger network that includes acquirers, card schemes, issuers, payment gateways, and certification bodies.
Why POS Systems Matter
A POS device or application must:
- Capture card data securely
- Apply EMV logic (terminal risk checks, data authentication, CVM processing)
- Protect sensitive key material
- Generate secure cryptograms
- Communicate with the acquirer using ISO 8583 or host APIs
- Maintain auditability, integrity, and compliance
This requires a blend of:
- Embedded development
- Cryptography
- Secure key management
- Payment certification processes
- Real-time, reliable networking
Types of POS Systems
- Traditional POS terminals
- SmartPOS (Android-based)
- SoftPOS (Tap-to-Phone / COTS devices)
- mPOS / PIN-on-Glass
- Virtual POS for in-app payments
Each introduces different security models, key management needs, and certification requirements.
POS as Part of a Larger Architecture
A POS system is not standalone. It participates in:
- EMV transaction flows
- Acquirer host communication
- Risk management
- Scheme compliance
- Merchant reporting
- Device lifecycle management (TMS/MDM)
Understanding this broader context is crucial for building secure, certifiable systems — and is the foundation of the content shared here on Corebaseit.