Key Questions for Customer Onboarding
This contains a list of questions that is important to be asked about the App usage
Below is a list of essential questions that should be discussed with the client during the onboarding and credentialing process. These questions help establish a clear understanding of the project requirements before development begins, making them an excellent starting point for aligning expectations and defining the development scope:
Question: What is the operating system and the minimum Android version supported by your TTP application?
The security certifications of the devices, in compliance with card networks and PCI regulatory bodies, certify the SDK to operate only on Android versions 10 or higher.
Question: Do the devices have an NFC chip?
To use applications that enable contactless payments, the mobile device must support NFC Technology. This technology allows communication between the device and credit/debit cards or digital wallets that also have NFC capabilities.
To check if a mobile device has NFC functionality, refer to the technical specifications on the manufacturer’s website or the product manual. If you have the device in hand, go to the Settings app and search for "NFC." If the option appears, the feature is installed and ready for use.
Question: Does the App require physical reading of the card's chip or magstripe?
This SDK reads data exclusively via contactless (NFC) and is not compatible with chip or magnetic stripe reading. For these functionalities, you can combine this SDK with other payment industry SDKs that integrate with Android, such as those from TecToy or Gertec. In this case, the external SDK is responsible for handling communication with the chip or magstripe.
Question: What type of network connectivity is available in the region where these applications will be used? (Wi-Fi/Cellular)
Although Android manages both Wi-Fi and mobile data connections, this SDK has been designed and tested for 3G or higher networks. Performance on slower networks (2G/EDGE) should be evaluated and tested by the developer based on the application's requirements.
Question: What programming language is used in the app that will integrate the TTP SDK?
The SDK was developed in Java/Kotlin but is also compatible with hybrid languages like React Native, which, through a feature called 'bridge,' allows communication with code written in other languages. It is important to note that using languages without this 'bridge' functionality or newly released ones, such as .NET MAUI, may lead to unexpected behavior in the SDK. We recommend informing the client about this potential issue at the beginning of the negotiation.
To facilitate integration, we provide example applications that demonstrate how the SDK works in different scenarios. These examples are available at the start of the onboarding process, along with implementation guidelines.
Question: Will the application run on devices with root access, alongside apps installed from external sources (outside Google Play), or with apps in debugger mode?
To ensure transaction security, the SDK will not function on smartphones that:
Have Jailbreak/Root access enabled: This compromises system security and increases the risk of malicious apps gaining access.
Have developer tools enabled: Debug mode can expose the device to vulnerabilities.
Have malicious apps installed: Such apps may interfere with the SDK’s operation and attempt to steal data.
Have any debugger connected: Debuggers can be used to manipulate the application and the SDK.
Have manually set date and time: Correct date and time settings are crucial for transaction validation.
Have the app installed or downloaded from sources outside Google Play: Apps from external sources may not be secure.
In these cases, the SDK will not be activated, as the device integrity verification process will detect security risks.
Question: Which card brand will you process? What payment methods will be accepted?
The SDK processes credit (single payment and installments) and debit transactions for Visa, Mastercard, and Elo card networks. Transactions via digital wallets (Google Pay, Apple Pay, and Samsung Pay) are also supported, as long as the linked cards belong to these networks.
To integrate Pix and other payment methods (such as bank slips and wire transfers), use the acquirer’s API. This direct integration provides greater flexibility for implementation and allows the acquirer to customize payment flows.
Question: Does the app have any restrictions regarding being instantiated from the Application class in Android?
Following MPOC security standards (PCI regulation for this product), the SDK cannot be integrated with other applications or SDKs—it must remain isolated.
This restriction prevents unauthorized instantiation, ensuring that other classes cannot initialize the SDK partially, incompletely, or without authorization. This maintains the principle of isolation, prevents security vulnerabilities, and preserves the product's existing certification (ensuring compliance with the certified flow).
By being instantiated in the main application class, the SDK benefits from a longer lifecycle compared to other Activities and Fragments. This guarantees that initialization occurs only once, encryption processes are not lost between screens or activities, and application integrity monitoring covers the entire application scope.
Last updated