Businesses often come to us with a requirement of extending the smooth online payment experience through Razorpay at their offline stores as well. We had plans around this but in an extended timeline. Then demonetisation came along and everything changed overnight, literally. Merchants reported dipped volume in online sales through Cash on Delivery, but the omnichannel partners were hit the hardest in offline stores due to customers being extra cautious with cash.

As a payment partner we decided to take the problem of cash crunch head on and our product team has been working tirelessly day and night to build a solution for our merchants. Last week, we came out with the Razorpay ePOS App, a smart way to accept online payments at time of purchase in the brick and mortar world. The aim was to provide a real alternative to cash and deliver a seamless user experience without compromising the user data.

There are several use cases of how a merchant can use this. Once registered with us as a seller, which can be done via the app, any merchant can create an order through the app and then accept payments through any non-cash modes like Credit / Debit Card, Netbanking, Online Wallets and UPI.

This is how it works for accepting Credit Card / Debit Card / Netbanking Payments:

pos_link_payments

This is how it works for accepting Digital Wallet Payments:

pos_wallet_payments

Not sure if you noticed, but in the wallet flow there is no need for any wallet login to be done by the customer, nor is there any internet connection required by him in the entire flow. Isn’t that magical?

This is how it works for accepting UPI Payments:

pos_upi_payments

Security Aspects

The easier way to make the product would have been to conduct the entire payment on the seller smartphone device only. But there are major security concerns here. If the customer has to carry out the transaction at the seller smartphone itself, then they need to input the card number, expiry date, CVV and the OTP / Second Factor Password to complete the transaction. All these details can be easily cloned (for eg using a keylogger, which are easily available on the Play Store) while being entered on the device for nefarious purposes.

Even if the customer chooses OTP as his second factor of authentication, they are still not safe as the combination of Card Number, Expiry date, and CVV is enough to transact on any international payment gateway. The threat is even larger when instead of an OTP, the customer is using a Mastercard Secure / Verified by Visa password in which the attacker can do any online transaction without any hassle. A few banks even use the ATM PIN as the Second Factor, which is equally scary. Similar is the case with Netbanking credentials which can be easily copied and reused to empty your bank account.

Empowering the seller cannot come at the cost of endangering the consumer. With this belief we decided to carry out Card / Netbanking transactions at the customer end. Even in the case of Wallets, the customer has to just share the OTP with the seller, which is a one time authentication factor. On entering the OTP, the transaction goes through seamlessly. With UPI, the customer has to convey the VPA (Virtual Payment Address) to the seller, but the MPIN must be entered on the customer’s device to authorize the payment.

A great by-product of demonetisation has been the push for digital payments. The current scenario will accelerate the vision of a Digital India and will incentivise merchants to go cashless. Razorpay ePOS is the tool that you need to do it the right way. The app is available here for offline merchants to download.