Skip to content

switcloud overview

switcloud is a managed API platform for in-store EMV payment acceptance that enables product and engineering teams to easily add card-present payments to their applications — with full control of their L3 experience — while simplifying the EMV Level 2 and PCI MPoC certification process.

switcloud allows platforms to integrate with both Android COTS devices (Tap-to-Pay) and PCI-PTS terminals through a consistent architecture. It is designed for software-driven teams that want to “own” their in-store stack — without the complexity of managing kernels, certifications, or hardware lock-in.

EMV in payment applications today

For teams adding in-person payments, the traditional options are:

  • Use an off-the-shelf solution: Fast but expensive, inflexible, vendor-lockin — teams lose control over flow and user experience.
  • Build EMV L2 in-house: Requires deep EMV expertise, long certification cycles (12–18 months), and costly security/maintenance overhead.

switcloud offers a middle path:

  • Use an open, unified Payments API layer that handles the L2 stack, security, and compliance — while keeping the L3 app fully owned and controlled.
  • Compatible with both COTS (Tap-to-Pay) and existing PCI-PTS terminals — enabling BYOT and future-proofed architecture.

Key use cases for switcloud

switcloud is used to:

  • Add in-store payments to digital platforms (e.g. ecommerce, mobile-first, self-service platforms): Quickly add EMV card acceptance without complex terminal integrations
  • Expand Apple Tap-to-Pay applications to Android Tap-to-Pay: Avoid L2 certification and kernel management — integrate via switcloud Payments API
  • Deploy SoftPOS and ‘Bring your own Terminal’ offerings across mixed terminal environments: Use the same API for COTS and PCI-PTS devices
  • Support new payment applications building modern in-store flows (POS, kiosks, embedded commerce): Own the full customer experience without building an L2 team
  • Decouple payment application logic from terminal hardware — enabling "build once" and avoid vendor lock-in

How switcloud compares

Product benefits

  • Faster time to market: Skip 12–18 months of EMV L2 and MPoC certification effort
  • Full ownership of L3 application: Payment flow logic remains fully controlled by the platform
  • Unified API architecture: No separate flows or L3 variations across device types and COTS + PCI-PTS supported through a single integration
  • No terminal vendor lock-in: Enables hardware flexibility to choose, mix, and switch terminal hardware
  • Integrated testing: Use Swittest to validate L2 flows across all device types

Architectural benefits

Due to its hybrid architecture of cloud services + on-device installation, switcloud offers the following benefits in hardware flexibility.

  • Terminal flexibility- COTS + PCI-PTS supported through a single API
  • Kernel agnostic - Works with moka (included for COTS installations) or existing terminal kernels
  • Unified L3 app - One L3 logic base for all device types
  • Centralized management - Estate and EMV config fully cloud-driven
  • Offline support - Payments can be queued when offline
  • L2 certification simplification - NO L2 certification for COTS devices and no L2 re-certification required for existing terminals

How it Works

  1. Integrate switcloud client into the payment application (single L3 logic for COTS and PCI-PTS)
  2. Manage devices and merchants using cloud-based Estate API and UI
  3. Trigger and process EMV-compliant payments via unified Payments API and Client SDK
  4. Retrieve transaction data server-to-server for reconciliation and reporting

What's Included

Cloud services (APIs)

  • switcloud-bom → Business Object Model / Estate API
  • switcloud-config → EMV L2 Configuration API
  • switcloud-payment → Payment API (encrypted card data + orchestration)

Client SDK

  • switcloud-clt-kt → Simple payment orchestration interface (configure(), startPayment(), completePayment())
  • switcloud-api-kt → API wrapper (Kotlin)
  • switcloud-l2-kt → GLA adapter layer
  • pre-certified moka EMV L2 stack (automatically included on COTS)

Management UI

  • Estate management dashboard (Organizations, Merchants, Stores, POIs)
  • Centralized EMV Configuration UI (CAPKs, CRLs, BINs, EMVs)
  • Payment logs & transaction monitoring

Certification Support

Certification & Compliance Overview

switcloud is designed to simplify certification across both COTS and PCI-PTS devices:

PCI-PTS Terminals

Terminals that switcloud integrates with already include their own EMV Level 2 and PCI PTS security certifications. No additional certification steps are required when using these devices with switcloud.

COTS Devices (Android Tap-to-Pay)

EMV L2 Certification:

COTS integrations use Switstack’s pre-certified EMV L2 stack (moka), with Letters of Compliance (LoC) — removing the need for L2 certification.

PCI MPoC Certification:

Teams must complete MPoC certification for their final app. switcloud provides:

  • MPoC Software Component: Secure on-device Client/SDK
  • MPoC Service Component: Certified switcloud cloud services for Payments + Attestation & Monitoring (A&M)

Certification scope is limited to demonstrating correct integration of these components — streamlining the MPoC process.

Testing & Validation (PTS + COTS)

Swittest, a managed EMV test service included with switcloud, enables:

  • Early validation of L2 test cases
  • Custom scenario testing during development
  • Automated loopback testing for combination validation