Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application’s integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows–Abadi–Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

Smart and Secure PoS (SSPoS); Smart Point of Sale (SPOS); Burrows–Abadi–Needham (BAN); POS Payment Application (PPA); Point-to-Point encryption (P2PE); Application hardening and Application wrapping