Mobile payment solution with potential TWINT: Secure Payment by Smartphone

The media presented mobile payment solutions of different providers lately. One of them is TWINT, which currently runs a pilot at SV Group and Coop and will be available to the general public in autumn 2015. What does this payment solution offer, how does it work and what technologies are being used?

The potential of mobile payment includes a lot more than just contactless payment at a point of sale. That's why PostFinance's subsidiary TWINT offers its solution as an integrated payment and shopping app. With TWINT, the customer can pay at the point of sale (by beacon) or also in an online shop (by QR code or token). In the process, TWINT automatically takes account of his loyalty cards and digital coupons. Merchants, on the other hand, profit from mobile marketing functions because they can, e.g., promote their coupons and vouchers individually and targeted. With TWINT, in contrast to solutions of other vendors, the customer does neither need a bank account nor a credit nor a debit card. The solution works independently of any telecom provider (no special SIM necessary) and can be deployed on all common iOS and Android operating systems. You just need to register via mobile phone number to load a prepaid credit and start with the first payment.

Technology and infrastructure

The TWINT payment solution is based on BLE (Bluetooth Low Energy) and beacon technology. BLE is an extension of the industry standard Bluetooth. However, its power consumption is much lower and thus it enables an energy-saving operation mode in mobile devices. In contrast to NFC wireless technology, which other mobile payment providers count on, BLE has the advantage that the payment solution can also be used with iPhones, which are very popular in Switzerland. Similar to NFC credit cards, the payment process with TWINT takes just three to five seconds.

When paying, the point of sale does not communicate directly with the customer's smartphone. Connecting a point of sale system to TWINT is realized indirectly on the backend. Except for the beacon, which is connected via USB interface, no additional hardware needs to be installed at the point of sale. However, the point of sale needs to be connected to the merchant system by internet in order to be able to communicate with the TWINT server (encrypted). The server, in turn, communicates with the TWINT app on the customer's smartphone. If the customer's smartphone has no internet connection, the point of sale serves as communication channel between app and TWINT server.

Payment process: fast and well protected

The payment process at a point of sale via beacon can be roughly divided into two phases: the so-called pairing and the actual payment. Pairing gets the involved systems (customer smartphone, TWINT server and merchant point of sale system) to correctly identify "which customer is at which point of sale". To this purpose, the customer opens his TWINT app and places his smartphone briefly next to the beacon. This is typically done before totaling the amount. This early pairing, in which information about loyalty cards and coupons can already be transmitted, allows for a faster process in the second phase, the payment.

TWINT: System overview
TWINT: System overview

The beacon's transmitted advertisement packets, including the beacon ID, can be detected in up to two meters distance. However, the TWINT app's ranging is set so that the pairing takes place only when the smartphone is at close range (a few centimeters). Once the pairing is initiated, the beacon stops transmitting advertisement packets, i.e., no other smartphone can connect to the beacon. Thus, the point of sale can serve only one customer at a time during the payment process. In this way, the payment process is protected from being disturbed by other smartphones and their users or even from being abused.

The TWINT app transmits the received beacon ID to the TWINT server. The server identifies the point of sale and the customer can be assigned to it in the backend. Then, the server returns a confirmation message to the smartphone, which is shown in the app. At the same time, the point of sale learns from the beacon that a pairing takes place and requests the customer's loyalty information from the TWINT system.

TWINT: convenient payment
TWINT: convenient payment

After pairing, the pending payment is triggered by the merchant via TWINT. The objective of this payment phase is to transfer an amount from a customer's TWINT account to the merchant's TWINT account. A transaction starts when the merchant sends a payment request with the due amount and currency to the TWINT backend. Because of the existing pairing, the customer who must pay the due amount is known on the server side and a corresponding message is sent to the TWINT app. It shows the amount payable along with information about the merchant. Depending on the customer's security settings, the system directly authorizes the payment or the customer confirms the amount manually or by entering a PIN, and the TWINT app forwards this to the backend. The transaction is completed on the TWINT server, and the point of sale can query the status of the payment. In conclusion, both the point of sale and the TWINT app display a success or error message.

Secure architecture, smart beacons

The security in TWINT is ensured by means of the system's architecture and the special SmartBeacons used. The system is designed so that no sensitive data is exchanged via beacons. The beacon simply determines at which merchant and at which point of sale the customer wants to pay. All security-related transactions are carried out in the backend, which is protected according to banking standards.


The identity of a beacon (beacon ID), which is transmitted by the beacon in the advertisement packets, consists of a UUID, major and minor ID. With SmartBeacons you can configure this beacon ID. It is assigned to a point of sale upon registration and can be changed in consultation with the merchant at any time, e.g., in case of suspected circulation of a copy of the beacon. The beacon's memory contains a private key which is used for the beacon's secure identification. The identity is verified by means of a challenge response procedure. When a beacon gets stolen, the private key and the beacon ID are lost because the power supply via the USB port is interrupted. The loss is limited to the hardware without any system-relevant information.

Payment app with added value

TWINT positions its payment solution enriched with value-added services as a shopping app. With skillful use of new technologies TWINT allows safe, fast and convenient payment by smartphone.