HomeGuidesReference
Log In

POS Terminal SDK

Accept in-store EBT SNAP payments

Suggest Edits

With the Forage POS Terminal SDK, you can process in-store EBT SNAP payments.


Features

  • Native UI component for collecting a customer’s EBT Card PIN
  • EBT Card number validation
  • SDK methods for performing balance checks, and for immediately capturing a payment or processing a refund. In addition, there are SDK methods for deferring payment capture and refund processing to execution by a server.

Requirements

Before you can use the Forage POS Terminal SDK, make sure that you have:

  • Met the prerequisites for working with Forage.
  • Signed up for an account. Contact us if you don’t yet have one.
  • Tamper resistant Terminal devices (more on tamper resistance below).

Tamper resistance

The ANSI X9.24 spec outlines tamper resistance requirements for Secure Cryptographic Devices (SCDs), as defined in ISO 13491-1 and ISO 13491-2.

Tamper resistance provides passive physical protection against penetration, modification, monitoring, or substitution/removal attacks. The following sections summarize the requirements for each category. Consult the specs linked above or contact your Forage representative for more information.

Penetration

  • An SCD shall be protected against successful penetration by being tamper resistant to such a degree that its passive resistance is sufficient to make penetration impracticable in its intended environment.

Modification

  • An SCD shall be protected against successful modification by being tamper resistant to such a degree that its passive resistance is sufficient to make modification of an SCD (e.g. the implantation of a bug within the SCD) in its intended environment impracticable without rendering the SCD inoperable.
  • The unauthorized modification of any key or other sensitive data stored within the SCD shall cause damage such that the SCD is rendered inoperable.

Monitoring

  • The SCD shall not reveal secret or sensitive information (e.g. PINs or cryptographic keys) except
    • when enciphered with the appropriate legitimate key, or
    • in an authorized manner (e.g. PIN mailers).
  • The SCD shall protect against electromagnetic emissions such that no sensitive information could feasibly be disclosed by monitoring the device.
  • The SCD shall not display the digits of entered PINs in clear text.
  • Where parts of the device cannot be appropriately protected from monitoring, these parts of the device shall not display, store, transmit, or process secret or sensitive information.

Substitution/removal

  • In order to protect against substitution/removal, the device should be secured in such a manner that it is not practical to remove the device from its intended place of operation.

Next steps and resources

Updated 21 days ago