Skip to content

FAQ

Certification & Compliance

Do I need to certify EMV Level 2 if I use Switcloud?

PCI-PTS Terminals:

No. EMV L2 certification is handled by the terminal vendor. Switcloud integrates with the existing certified kernel(s).

COTS Devices (e.g., Android Tap-to-Pay):

No full L2 certification is required. Switcloud includes moka, a pre-certified EMV Level 2 stack with Letters of Compliance (LoC).

Note

Some limited additional testing may be required with certain COTS devices (hardware integration & combination).

Does Switcloud support PCI MPoC certification?

Yes — for COTS devices.

Switcloud includes:

  • MPoC Software Component (on-device SDK)
  • MPoC Service Component (cloud-based orchestration + Attestation & Monitoring)

Integrators still need to complete final MPoC certification for their payment app, using these pre-certified components.

For PCI-PTS devices, MPoC is not required; terminal security is handled by the vendor.

What is a Letter of Compliance (LoC), and why does it matter?

An LoC is issued after passing EMV Level 2 brand certification testing.

It confirms the kernel is compliant with major schemes (Visa, Mastercard, etc.).

Switcloud includes LoCs for moka (the L2 stack used for COTS devices), so teams do not need to repeat L2 certification.

How long does MPoC certification take?

With Switcloud’s certified components, MPoC certification can be completed in weeks, assuming development and documentation are in good shape.

Without pre-certified components, MPoC can take 6–12+ months and require a dedicated security and engineering team.

How does P2PE (Point-to-Point Encryption) work with Switcloud?

  • PCI-PTS devices: P2PE is device-specific and supported natively through the terminal integration.
  • COTS devices: P2PE is not currently well supported across the COTS ecosystem; this is a SoftPOS market limitation.

Architecture & Hardware

Are payment applications dependent on Switstack to build all hardware connectors?

No. Switcloud is modular and connector-driven:

  • Switstack provides connectors (switcloud-l2-kt) for supported terminals/SDKs.
  • Teams may build and maintain their own connectors if desired.
  • Building a new connector typically takes 1–4 weeks.
  • Switstack publishes a connector roadmap and can add new ones (~6 months lead time if required).

Can I use my own EMV Level 2 kernel?

Yes. Switcloud is L2-agnostic:

  • Works with any GLA-compliant kernel natively.
  • For non-GLA kernels, an adapter layer (switcloud-l2) can be used to bridge compatibility.

What is required to enable Switcloud for international markets?

  • Kernel support: moka + Switcloud config supports global + regional kernels (Visa, MC, Girocard, Interac, etc.).
  • New kernels only need to be implemented once in Switcloud.
  • L3 certification must still be completed per market, processor, and hardware combination.

A current list of supported devices/kernels will be maintained in the docs.

Does Switcloud work on operating systems other than Android?

Yes:

  • COTS: Android focus (SoftPOS ecosystem).
  • PCI-PTS: Supports Windows, Linux, and other OSes via C++ libraries and language bindings.

Does Switcloud work in offline mode?

Yes — offline mode is fully supported:

  • Transactions can be processed offline.
  • Data is queued securely and uploaded when connectivity is restored.
  • Matches behavior of traditional payment terminals.

Can Switcloud support Apple Tap to Pay?

Not at this time. Apple’s NFC APIs are currently closed to third-party payment apps.

If Apple opens these APIs, Switcloud will support this use case.