Meras
Get started
All products
Tap to PhoneNew

Any NFC Android phone is now a card terminal.

Stop sourcing hardware. Cybersource Acceptance Devices runs on the merchant's own Android phone — PCI MPoC certified, EMV-kernel approved, hardware-backed — and we wire it into the same PaymentIntent, ledger, and webhook surface as every other rail.

Get startedRead the docs

By the numbers

Setup time
< 90s
Hardware cost
0 DJF
Brands accepted
Visa · MC
Min Android
11 / NFC

Why this matters in Djibouti

The biggest barrier to physical-acceptance penetration is not interchange or fraud — it is the cost and logistics of putting a card terminal on every counter. Tap-to-Phone solves it overnight.

No hardware to source

The merchant's own NFC-capable Android phone is the terminal. We bypass the cost, lead time, key-injection ceremony, and breakage cycle of dedicated EMV devices.

EMV L1/L2 equivalence via Cybersource SoftPOS

PIN-on-Glass + contactless kernel, attested at app startup, with hardware-backed key storage on the device. Same scheme certifications as a physical terminal.

PCI MPoC compliant

Cybersource Acceptance Devices is certified to PCI MPoC (Mobile Payments on COTS). Our app inherits that posture; merchant PCI scope stays at SAQ-A-EP.

Activation in under 90 seconds

Merchant scans a 6-digit activation code from their portal, the device registers with Cybersource DMS, and the first sale fires immediately after.

Same ledger, same webhooks

A Tap-to-Phone sale is just a PaymentIntent under the hood. Same idempotency, same webhook signing, same disputes pipeline as every other rail.

Works alongside QR + card-present POS

A merchant can run Tap-to-Phone on their cashier's phone and a card-present TopWise terminal on the counter — single dashboard, single settlement.

From zero to first sale in four steps

Same flow whether you onboard the first device or the thousandth.

  1. 1

    Enable Tap-to-Phone

    In merchant portal → Terminals → Enable Tap to Phone. We flip merchants.tap_to_phone_enabled and provision a Cybersource Acceptance Devices entitlement against the merchant's acquirer profile.

  2. 2

    Generate an activation code

    Portal mints a one-time 6-digit code via POST /v1/merchant/terminals (device_type=tap_to_phone). Code expires in 15 minutes; hash and expiry live on merchant_terminals.

  3. 3

    Install + activate the app

    Merchant installs Cybersource Acceptance Devices from the link in their portal (the package is distributed by Cybersource through Business Center after acquirer activation — not public on Play Store). They enter the 6-digit code; the app registers a device serial with Cybersource DMS.

  4. 4

    Accept payments

    Cashier opens the app, taps Sell, enters the amount in DJF. Customer taps their contactless card or phone wallet. Confirmation prints to receipt; webhook fires within 800ms.

The activation API

One PATCH to enable the feature, one POST to mint an activation code, one app install and 6-digit entry on the merchant's phone. Codes are SHA-256-hashed at rest and expire after 15 minutes.

http
# 1. Enable the feature on the merchant
PATCH /v1/merchants/me HTTP/1.1
Authorization: Bearer sk_live_...
Content-Type: application/json

{ "tap_to_phone_enabled": true }

# 2. Mint a one-time activation code for a new device
POST /v1/merchant/terminals HTTP/1.1
Authorization: Bearer sk_live_...
Content-Type: application/json

{
  "device_type": "tap_to_phone",
  "label":       "Cashier 1 — iPhone of Hassan"
}

# Response
{
  "id":                "term_01HZF9X3K4Q...",
  "device_type":       "tap_to_phone",
  "activation_code":   "8Q4F2P",
  "activation_expires_at": "2026-05-25T14:35:00Z",
  "status":            "pending_activation"
}

Frequently asked

Which devices are supported?

Any Android 11+ with NFC, a fingerprint or biometric prompt, and Google Play Protect attestation. iPhone Tap-to-Pay is a separate Apple-controlled program; we ship Android first and roll iOS in once Apple's Acceptance enablement for our acquirer profile completes.

Why don't we just build our own app?

PCI MPoC certification is a 12-18 month engagement and requires re-cert every change. We use Cybersource Acceptance Devices because their app already carries MPoC certification, kernel certification, and scheme listings. Our value is the rest of the stack — orchestration, ledger, settlement, webhooks — which we already own.

Where does the Cybersource Acceptance Devices app come from?

It is distributed by Cybersource through the Business Center after the merchant's acquirer (us) enables tap-to-phone on the merchant profile. Merchants do not download it from Play Store — they receive a managed install link from their portal after activation.

What is the customer experience?

They tap their contactless card, phone, or watch on the cashier's phone screen. For transactions above the contactless CVM limit (typically 25,000 DJF, configurable per acquirer), the customer enters their PIN directly on the cashier's phone — that's PIN-on-Glass and is hardware-backed against tampering.

Can I run Tap-to-Phone in sandbox?

Yes — the simulator returns Cybersource-shaped responses for every standard scenario (approved, decline_61_call_issuer, decline_05_do_not_honor, terminal_busy, kernel_aborted, contactless_failed, etc.). No physical card or phone needed.

Ready to integrate?

Get a sandbox account in minutes. Production goes live after a brief KYB review.

Get a sandbox accountBrowse the API reference →