Abstract: In an example, a method can include receiving, at a merchant-facing portion of a payment system, data from a customer-facing portion of the payment system indicating a payment transaction between a merchant and a customer, wherein there is a physical connection between the portions; determining that the payment system is unable to access a remote payment service system via an external network; determining that the payment transaction is not preapproved for payment by the remote payment service system; storing the payment transaction on the merchant-facing portion even though the payment transaction is not preapproved; determining that the payment system is able to access the remote payment service system via the external network; and transmitting transaction information including the stored payment transaction to the remote payment service system, via the external network, for processing the stored payment transaction.

Abstract: Techniques are described for securely updating a point-of-sale (POS) system that includes a merchant-facing device and a buyer-facing device. For instance, the merchant-facing device may execute first software that provides first POS functionality and the buyer-facing device may execute second software that provides second POS functionality. To update both devices, the merchant-facing device may receive a software update from a payment service via a network connection, and update the first software using the software update. The merchant-facing device can then cause, via a physical connection, the buyer-facing device to reboot in an update mode and send the software update to the buyer-facing device. In response, the buyer-facing device can update the second software using the software update and then reboot in a payments mode. In some instances, the buyer-facing device can then update a secure enclave on the buyer-facing device using the software update.

Abstract: Techniques associated with a customer-facing device and a merchant-facing device are described herein. In an example, a system can include a customer-facing device configured with a customer application that is executable on an operating system of the customer-facing device to (i) display information to a customer and (ii) receive input from the customer, wherein the customer-facing device includes a payment reader to read payment data from a payment instrument in association with a payment transaction between the customer and a merchant, and a merchant-facing device configured with a merchant application that is executable on an operating system of the merchant-facing device to (i) display information to the merchant and (ii) receive input from the merchant. In at least one example, the customer-facing device and the merchant-facing device can communicate to process, at least in part, the payment transaction associated with the payment instrument via a remote payment service system.

Abstract: Disclosed is a technique for verifying the validity of security certificates received by a mobile device. The technique can involve diverting a security certificate into a secure environment, such as a payment application, by modifying an import address table (e.g., implementing a “hook”) that is accessed by the security layer of the mobile device. Once diverted, the payment application can create a copy of the security certificate. The copy may be stored in a list of security certificates that is subsequently uploaded to a payment processing system for authentication. In some embodiments, a checksum is generated for the import address table using a cryptographic hash function. The checksum allows the payment application or the payment processing system to determine whether an unauthorized modification of the import address table is present.

Abstract: Techniques associated with a customer-facing device and a merchant-facing device are described herein. In an example, a system can include a customer-facing device configured with a customer application that is executable on an operating system of the customer-facing device to (i) display information to a customer and (ii) receive input from the customer, wherein the customer-facing device includes a payment reader to read payment data from a payment instrument in association with a payment transaction between the customer and a merchant, and a merchant-facing device configured with a merchant application that is executable on an operating system of the merchant-facing device to (i) display information to the merchant and (ii) receive input from the merchant. In at least one example, the customer-facing device and the merchant-facing device can communicate to process, at least in part, the payment transaction associated with the payment instrument via a remote payment service system.

Abstract: Techniques associated with a customer-facing device and a merchant-facing device are described herein. In an example, a system can include a customer-facing device configured with a customer application that is executable on an operating system of the customer-facing device to (i) display information to a customer and (ii) receive input from the customer, wherein the customer-facing device includes a payment reader to read payment data from a payment instrument in association with a payment transaction between the customer and a merchant, and a merchant-facing device configured with a merchant application that is executable on an operating system of the merchant-facing device to (i) display information to the merchant and (ii) receive input from the merchant. In at least one example, the customer-facing device and the merchant-facing device can communicate to process, at least in part, the payment transaction associated with the payment instrument via a remote payment service system.

Abstract: This disclosure describes, in part, techniques for securely updating a point-of-sale (POS) system that includes a merchant-facing device and a buyer-facing device. For instance, the merchant-facing device may execute first software that provides first POS functionality and the buyer-facing device may execute second software that provides second POS functionality. To update both devices, the merchant-facing device may receive a software update from a payment service via a network connection, and update the first software using the software update. The merchant-facing device can then cause, via a physical connection, the buyer-facing device to reboot in an update mode and send the software update to the buyer-facing device. In response, the buyer-facing device can update the second software using the software update and then reboot in a payments mode. In some instances, the buyer-facing device can then update a secure enclave on the buyer-facing device using the software update.

Abstract: Techniques for securely updating a point-of-sale (POS) system that includes a merchant-facing device and a buyer-facing device are described. For instance, the merchant-facing device may execute first software that provides first POS functionality and the buyer-facing device may execute second software that provides second POS functionality. To update both devices, the merchant-facing device may receive a software update from a payment service via a network connection, and update the first software using the software update. The merchant-facing device can then cause, via a physical connection, the buyer-facing device to reboot in an update mode and send the software update to the buyer-facing device. In response, the buyer-facing device can update the second software using the software update and then reboot in a payments mode. In some instances, the buyer-facing device can then update a secure enclave on the buyer-facing device using the software update.

Abstract: Techniques associated with a customer-facing device and a merchant-facing device are described herein. In an example, a system can include a customer-facing device configured with a customer application that is executable on an operating system of the customer-facing device to (i) display information to a customer and (ii) receive input from the customer, wherein the customer-facing device includes a payment reader to read payment data from a payment instrument in association with a payment transaction between the customer and a merchant, and a merchant-facing device configured with a merchant application that is executable on an operating system of the merchant-facing device to (i) display information to the merchant and (ii) receive input from the merchant. In at least one example, the customer-facing device and the merchant-facing device can communicate to process, at least in part, the payment transaction associated with the payment instrument via a remote payment service system.

Abstract: Method, systems, and apparatus for a method of processing a payment transaction using a mobile device of a merchant. In one aspect, determining the mobile device does not have a connection to an external network; receiving data indicating a payment transaction between a customer and the merchant; determining whether the payment transaction should be stored, where the determining is based on a risk heuristic model that considers one or more of the following: a number of already stored transactions, a value of the payment transaction, a total value, where the total value is a sum of the value of the payment transaction and values of one or more already stored transactions, and risk factors associated with the customer; and based at least on the determination, storing the payment transaction on the mobile device for future processing.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing a plurality of stored fingerprints, wherein each of the stored fingerprints is associated with a respective software environment and a respective mobile device; receiving from a first mobile device a first fingerprint of a first software environment in the first mobile device; determining whether the stored fingerprints include less than a threshold amount of fingerprints identical to the first fingerprint; based on a determination that the stored fingerprints include less than the threshold amount of fingerprints identical to the first fingerprint, determining that the first software environment is a compromised software environment; and performing a corrective measure.

Abstract: This disclosure describes, in part, techniques for securely updating a point-of-sale (POS) system that includes a merchant-facing device and a buyer-facing device. For instance, the merchant-facing device may execute first software that provides first POS functionality and the buyer-facing device may execute second software that provides second POS functionality. To update both devices, the merchant-facing device may receive a software update from a payment service via a network connection, and update the first software using the software update. The merchant-facing device can then cause, via a physical connection, the buyer-facing device to reboot in an update mode and send the software update to the buyer-facing device. In response, the buyer-facing device can update the second software using the software update and then reboot in a payments mode. In some instances, the buyer-facing device can then update a secure enclave on the buyer-facing device using the software update.

Abstract: Some examples include sending, to a secure environment, coordinates for certain touch events made to a touchscreen of an electronic device. As one example, an import address table that is accessed by an event loop of the electronic device may be modified. For instance, only those touch events that are performed within the bounds of a user interface area may be diverted to the secure environment, and all touch events outside that area may continue to be identified, such as by using operating system libraries of the electronic device. In some cases, a checksum may be generated for the import address table using a cryptographic hash function. The checksum may allow a payment application and/or a payment processing system to determine whether an unauthorized modification of the import address table is present.

Abstract: Some examples include sending, to a secure environment, coordinates for certain touch events made to a touchscreen of an electronic device. As one example, an import address table that is accessed by an event loop of the electronic device may be modified. For instance, only those touch events that are performed within the bounds of a user interface area may be diverted to the secure environment, and all touch events outside that area may continue to be identified, such as by using operating system libraries of the electronic device. In some cases, a checksum may be generated for the import address table using a cryptographic hash function. The checksum may allow a payment application and/or a payment processing system to determine whether an unauthorized modification of the import address table is present.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for determining, at a remote computing device, whether a first security measure has been compromised, wherein the first security measure is executed on a mobile device; and based on a determination that the first security measure has been compromised, performing a corrective measure, wherein the corrective measure is performed after a delay.

Abstract: Disclosed is a technique for identifying touch events performed on a mobile device within a secure environment. The technique can involve diverting coordinates for certain touch events to a secure environment in a payment application, for example, by modifying an import address table (e.g., implementing a “hook”) that is accessed by an event loop of the mobile device. Generally, only those touch events that are performed within the bounds of a user interface area are diverted to the secure environment, and all touch events outside that area continue to be identified using the operating system libraries of the mobile device. A checksum may be generated for the import address table using a cryptographic hash function. The checksum allows the payment application or a payment processing system to determine whether an unauthorized modification of the import address table is present.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for determining, at a remote computing device, whether a first security measure has been compromised, wherein the first security measure is executed on a mobile device; and based on a determination that the first security measure has been compromised, performing a corrective measure, wherein the corrective measure is performed after a delay.

Abstract: A method of establishing secure communication between a first mobile computing device and a second mobile computing device includes generating a first self-signed key at the first mobile computing device, pairing the first device with a second device, the pairing including receiving user input of a passcode and after receiving the user input sending the first public key to the second mobile computing device and receiving a second public key from the second mobile computing device, storing the second public key in a database of trusted devices, the database of trusted devices being stored in the first mobile computing device, receiving in the first mobile computing device a list of mobile computing devices connected to a mobile network, matching the list of mobile computing device against the database of trusted devices, and establishing secure communication between the first mobile computing device and the second mobile computing device.

Abstract: Method, systems, and apparatus for a method of processing a payment transaction using a mobile device of a merchant. In one aspect, determining the mobile device does not have a connection to an external network; receiving data indicating a payment transaction between a customer and the merchant; determining whether the payment transaction should be stored, where the determining is based on a risk heuristic model that considers one or more of the following: a number of already stored transactions, a value of the payment transaction, a total value, where the total value is a sum of the value of the payment transaction and values of one or more already stored transactions, and risk factors associated with the customer; and based at least on the determination, storing the payment transaction on the mobile device for future processing.

Abstract: A method of establishing secure communication between a first mobile computing device and a second mobile computing device includes generating a first self-signed key at the first mobile computing device, pairing the first device with a second device, the pairing including receiving user input of a passcode and after receiving the user input sending the first public key to the second mobile computing device and receiving a second public key from the second mobile computing device, storing the second public key in a database of trusted devices, the database of trusted devices being stored in the first mobile computing device, receiving in the first mobile computing device a list of mobile computing devices connected to a mobile network, matching the list of mobile computing device against the database of trusted devices, and establishing secure communication between the first mobile computing device and the second mobile computing device.