Additional Security for Pairing Semi-Integrated POS with Clover Devices – July 30th, 2018

At Clover, we are always looking to strengthen our security measures that may affect developers and merchants.

When a semi-integrated POS is paired with a Clover device using Secure Network Pay Display (SNPD) or Cloud Pay Display, the Remote Pay SDK is used to respond with a pairing code from the Clover device.

With the pairing code, it may be possible for a merchant site employee to pair the Clover device with an unauthorized device. To ensure that the Clover device is paired only with your authorized semi-integrated POS, we are introducing new employee permissions in our upcoming release.

Note

These permissions are currently not available in the Clover Sandbox and Production environments. We will follow-up when these permissions are available.

With the following employee management steps, you can ensure additional security:

  1. In the Employees app on the Clover device, set the Network Pay Display and Initiate Network Pairing permissions based on employee roles. By default, these options are enabled for all employees and managers.

  2. In the pairing process, employees are required to enter their device passcode before the Clover device responds with a pairing code.

  3. Once the passcode is validated, the Initiate Pairing button on the start page is available only for permitted employees.

Note

Pairing requests that include a token or that occur over USB will continue to function as expected without requiring additional device passcode authentication.

We highly recommend that you reach out to your merchants with information about these upcoming employee permissions. For questions and feedback, use https://community.clover.com.

To receive more 3rd party developers communication from Clover, sign up here.