Description:

Currently, Proton Wallet focuses on the secure management of digital assets and Bitcoin. To bridge the gap between decentralized finance and everyday utility, Proton Wallet must expand into the mPOS (Mobile Point of Sale) space with a focus on traditional payment methods. By leveraging the EU Digital Markets Act (DMA) on iOS and HCE (Host Card Emulation) on Android, Proton can offer a "Tap-to-Pay" experience. This allows users to pay at physical terminals by securely linking their Visa, Mastercard, or Debit cards directly to the wallet.
Unlike mainstream providers, this integration would keep transaction metadata private and outside the surveillance of Big Tech, providing a privacy-first alternative for standard card payments in daily life.

User Story:

As a Proton Unlimited user,
I want to use virtual and physical payment cards (Visa, Mastercard, Debit) managed directly within my Proton Wallet for contactless payments at physical terminals via NFC,
So that I can replace Google Pay and Apple Pay with a self-custodial, de-googled, and end-to-end encrypted financial ecosystem.

Acceptance Criteria (AC)

AC 1: Card Virtualization & Management
The user can securely link a physical or virtual Visa, Mastercard, or Debit card or a specific crypto sub-wallet to the Proton Wallet. The interface must provide a toggle to "Enable for Tap-to-Pay," allowing the card to be used for contactless payments via the app.

AC 2: NFC Handshake & Protocol
The Proton Wallet app must successfully communicate with ISO/IEC 14443 compliant terminals. It must support EMV-standard contactless protocols to ensure global compatibility with existing point-of-sale (POS) infrastructure.

AC 3: Secure Biometric Gatekeeping
Every NFC transaction must be authorized via a mandatory biometric challenge (FaceID/Fingerprint) or a Proton Wallet-specific PIN. This ensures that a stolen or unlocked phone cannot be used for unauthorized card payments.

AC 4: Tokenization & Privacy Shield
The system must utilize a Token Service Provider (TSP) to ensure that actual card numbers (PAN) are never shared with the merchant. Metadata regarding the purchase must be encrypted and remain private within the Proton ecosystem, shielded from third-party tracking.

AC 5: Hybrid Offline Payments
The app must support "Limited Use Keys" (LUKs) stored locally. This allows the user to perform a set number of card transactions without an active internet connection (e.g., in subways or areas with poor reception).

AC 6: Compliance & Hardware Security
The implementation must adhere to PCI-DSS and EMVCo standards. Sensitive cryptographic material and card tokens must be stored in the device's Secure Enclave (iOS) or StrongBox/TEE (Android). The app must detect and block execution on compromised (rooted/jailbroken) devices.