Additional Security for Pairing Semi-Integrated POS with Clover Devices – July 30th, 2018

At Clover, we are always looking to strengthen our security measures that may affect developers and merchants.

When a semi-integrated POS is paired with a Clover device using Secure Network Pay Display (SNPD) or Cloud Pay Display, the Remote Pay SDK responds with a pairing code from the Clover device.

With a pairing code, it may be possible for a merchant site employee to pair the Clover device with an unauthorized device. To ensure that the Clover device is paired only with your authorized semi-integrated POS, we are introducing new employee permissions.

Use the following employee management steps for additional security:

  1. In the Employees app on the Clover device, set the Network Pay Display and Initiate Network Pairing permissions based on employee roles. By default, these options are enabled for all employees and managers.

  2. In the pairing process, employees are required to enter their device passcode before the Clover device responds with a pairing code.

  3. Once the passcode is validated, the Initiate Pairing button on the start page is available only for permitted employees.

Note

Pairing requests that include a token or that occur over USB will continue to function as expected without requiring additional device passcode authentication.

We highly recommend that you reach out to your merchants with information about these upcoming employee permissions. For questions and feedback, use https://community.clover.com.

To receive more 3rd party developers communication from Clover, sign up here.