Key concepts
switcloud provides a modular, API-driven architecture for managing in-store EMV transactions. This section introduces key concepts relevant to building and operating a payment application with switcloud.
π§Ύ Payments & payment flow
A payment flow begins when a card is tapped or inserted. The terminal must initiate an EMV-compliant transaction, apply brand-specific logic, and generate structured results. In most systems, this logic is tightly embedded within the terminal.
switcloud separates the application from the EMV processing logic. Payments are initiated via API, while EMV L2 processing is handled by a pre-certified backend. This allows the developer to maintain control over the application flow and user experience, without managing EMV stack internals.
π¬ Estate Management (Organizations, Merchants, Stores, POIs)
In switcloud, devices (POIs) are organized hierarchically under stores, merchants, and organizations. This structure enables multi-tenant use cases such as payment facilitators or enterprise fleets.
The estate can be managed through an administrative UI or via API. Devices can be registered, configured, and grouped without relying on a traditional terminal management system (TMS). This provides flexibility to update terminal behavior or investigate issues centrally, rather than through device-specific workflows.
βοΈ EMV & Configuration Management
EMV configurations include data such as public keys (CAPKs), BIN tables, and kernel parameters that must be kept up-to-date for compliance. In most environments, these configurations are statically defined and pushed to devices during provisioning.
With switcloud, configurations are defined centrally and fetched by devices at runtime. This makes it possible to manage configuration versions, apply changes without firmware updates, and maintain consistency across COTS and PCI-PTS terminals. APIs are provided to manage configuration elements programmatically.
π Transaction Data & Logs
Access to transaction data and logs is necessary for troubleshooting, reconciliation, and integration with back-office systems. In embedded solutions, this often requires custom logging mechanisms or remote log access tools.
switcloud stores transaction data in a secure backend, with UI and API access for querying and filtering logs. This enables teams to search for specific transactions by ID, merchant, or terminal, and to review EMV-level logs for debugging or reporting purposes.
π Certification & Security Lifecycle
Developing a certified in-store payment solution typically requires EMV L2 and L3 certification, along with compliance with PCI MPoC for COTS devices. These processes involve coordination with accredited labs, implementation of cryptographic key management, and system-wide security reviews.
switcloud includes a pre-certified EMV L2 stack and backend components that meet MPoC architectural requirements. Development teams complete MPoC integration testing to certify their final application. This reduces the scope of compliance without removing the teamβs control over the product architecture.