rl-docs-hub

Home · Apps · rl-bank-mvp

---

Physical payment terminal workstream

Status: Draft, docs-first plan for breadboard prototyping.

Why this workstream

The fake-bank experience is already credible on the customer, staff, and API sides, but it still lacks a believable physical acceptance surface. A compact countertop payment terminal closes that realism gap and creates a concrete bridge between:

• fake-bank customer accounts/cards
• fake-bank transaction and activity flows
• later fake-shop / merchant POS flows
• future device-management and fleet concepts if the project grows

This workstream is intentionally software-first + breadboard-friendly:

• controller: Raspberry Pi Pico 2 W
• firmware language: C++ using Pico SDK
• near-term goal: functional prototype, not industrial hardware
• later phases may move to custom PCB and printed enclosure

It now sits alongside the draft fake shop / merchant ecosystem planning set, which defines the merchant/POS layer this terminal is expected to support.

Product / feature scope

In scope for this phase

• compact handheld / stall-counter terminal concept
• local UI on a small color TFT/LCD
• physical keypad/button input
• NFC tap-read capability for fake-bank demo cards/tags/phones where supported
• Wi-Fi connectivity from Pico 2 W to backend services
• a terminal-side checkout flow that can:
  • start a payment intent
  • show amount + merchant label
  • wait for tap/confirm/cancel
  • submit authorization request to fake-bank backend
  • show approved / declined / error result
• docs for product design, business rules, APIs, firmware architecture, hardware shortlist, and staged implementation

Out of scope for this phase

• EMV certification or real-card acceptance
• PCI production hardening
• secure element / real PIN entry compliance
• custom PCB layout
• enclosure industrial design beyond light concept direction
• printer integration
• barcode scanner integration
• fleet-scale device provisioning backend

Product design

Experience shape

The device should feel like a small, believable shop/stall payment terminal:

• compact screen-forward design
• merchant-friendly amount and status visibility
• one-handed or countertop operation
• obvious physical action buttons for confirm / cancel / navigate
• fast tap-to-pay demo loop

Recommended breadboard UX

For prototype phase, keep the interaction model simple:

1. terminal boots into ready state
2. merchant enters amount or receives amount from future POS companion
3. terminal shows amount, merchant label, and Tap card prompt
4. NFC reader detects a fake-bank payment token/card id
5. firmware sends authorization request to fake-bank API
6. terminal shows Approved, Declined, or Try again
7. terminal optionally shows short reference code and returns to ready state

Display direction

Preferred first-build display:

• 1.3” 240x240 ST7789 TFT

Why this is the best first choice:

• compact and visually sharp
• cheap and easy to source
• good fit for simple card-reader-style UI
• works well over SPI with Pico-class firmware
• easier to make look polished than character LCDs

Fallback acceptable range for experiments:

• 1.54” to 2.0” SPI TFT if the 1.3” module is too cramped
• 2.4” to 2.8” SPI TFT only if the team decides touch UI matters more than compactness

My opinion: start with the 1.3” ST7789 and resist scope creep. It matches the desired aesthetic and keeps the first prototype honest.

Business logic and rules

Terminal payment rules

1. This terminal is fake-bank simulation hardware, not a real payment instrument.
2. Terminal may authorize only against explicitly supported fake-bank accounts/cards/tokens.
3. All amounts are demo amounts and must remain clearly inside the fake-bank sandbox context.
4. Terminal should create or map to a backend transaction of type card_payment.
5. Terminal must be idempotent for payment submission retries using a terminal-generated request id.
6. Merchant-facing result states for phase 1:
   • APPROVED
   • DECLINED
   • CANCELLED
   • ERROR
   • TIMEOUT
7. If network is unavailable, the device should fail closed rather than invent offline approval.
8. Phase-1 NFC support should treat tags/cards as demo identifiers, not real EMV cards.
9. A terminal session should expire quickly if no tap occurs.
10. Each payment attempt should produce an auditable terminal event trail.

Safety / simulation rules

• UI copy should not imply production banking or real money movement.
• No storage of real PAN, CVV, or live issuer credentials.
• No attempt to emulate real EMV cryptography in a misleading way.
• Device may use fake-bank card ids, wallet tokens, or signed demo payloads instead.

Technical design summary

Recommended system split

Use a thin-terminal model:

• Pico 2 W firmware handles UI, buttons, NFC read, local state machine, and network transport
• fake-bank backend remains source of truth for authorization, balances, limits, and transaction history
• later fake-shop / merchant POS can become the amount-entry and checkout-orchestration layer

Why this split is right

• keeps firmware small and achievable in C++
• avoids inventing business logic twice
• lets bank-side rules evolve centrally
• makes later POS integration much easier
• keeps the breadboard prototype focused on interaction and device behavior

Technical architecture / data flow

flowchart LR
  Merchant[Merchant / stall operator] --> Terminal[Physical terminal\nPico 2 W firmware]
  Terminal --> Display[ST7789 UI]
  Terminal --> Keys[Buttons / keypad]
  Terminal --> NFC[PN532 or MFRC522 reader]
  Terminal --> WiFi[Wi-Fi]
  WiFi --> BankAPI[Fake-bank API]
  BankAPI --> Tx[(transactions)]
  BankAPI --> Cards[(cards / tokens)]
  BankAPI --> Audit[(audit logs)]
  FuturePOS[Future fake-shop POS] -. amount/session sync later .-> Terminal
  FuturePOS -. merchant/order context later .-> BankAPI

Phase-1 payment flow

sequenceDiagram
  participant M as Merchant
  participant T as Terminal firmware
  participant N as NFC reader
  participant A as Fake-bank API
  participant DB as Transactions/cards

  M->>T: Enter amount / choose preset
  T->>T: Create local checkout session
  T-->>M: Show amount + Tap prompt
  N-->>T: Read demo token/card id
  T->>A: POST payment authorization
  A->>DB: validate token/card + funds/rules
  DB-->>A: decision context
  A-->>T: approved / declined + reference
  T-->>M: Show result
  T->>A: optional completion/telemetry event

API / spec implications

The current fake-bank API already hints at the right ledger shape because it includes card_payment as a transaction type. For the terminal slice, I would add a terminal-oriented authorization surface rather than cram this into customer GraphQL immediately.

Recommended phase-1 contract shape:

• small REST endpoints for device traffic
• backend still maps results into existing transaction/audit models
• keep GraphQL for apps and admin UX, not device firmware

See Terminal API specs.

Permissions / access model

Device identity

Recommended minimum model:

• each physical terminal has a terminalId
• each terminal has a provisioned device secret or signed token
• backend maps terminal to a merchant/store context

Backend permissions

Phase 1 can stay narrow:

• terminal may create payment authorization requests only
• terminal may read only its own bootstrap/config payload if such an endpoint exists
• terminal must not receive broad customer/staff privileges

Infra / IAM implications

No AWS permission broadening is required at doc stage, but future runtime should assume:

• least-privilege secret delivery for device bootstrap credentials
• separate API auth path for terminal/device traffic
• auditability for terminal-originated requests

Dependencies and component strategy

See:

• Hardware / component strategy
• Firmware architecture

Roadmap

Phase 0 — docs and decisions

• confirm terminal interaction model
• confirm display, keypad, and NFC module shortlist
• confirm whether bank API gets REST device endpoints in the existing repo
• confirm fake token/card approach for NFC demo

Phase 1 — breadboard prototype

• Pico 2 W + ST7789 + buttons + NFC wired on breadboard
• local UI shell in C++
• Wi-Fi connection + backend ping
• payment session screen + result screen
• fake token read and submit

Phase 2 — realistic checkout flow

• stronger session state machine
• backend-created payment intents
• better decline/error handling
• richer references/audit events
• optional sound/buzzer feedback

Phase 3 — POS integration

• fake-shop / merchant app sends amount and basket context
• terminal becomes merchant-side approval device
• support merchant/location binding and settlement-style reporting later

Phase 4 — hardware refinement

• perfboard or proto-hat cleanup
• 3D-printed shell
• battery / power strategy review
• custom PCB only after firmware/UI flow stabilizes

Current recommendation

Do not start with custom hardware. Build the fake-bank terminal as a thin, Wi-Fi-connected Pico prototype with:

• 1.3” ST7789 display
• compact button cluster or 4x4 keypad
• PN532 NFC module
• USB power

That gets the fastest believable result with the least regret.