In the new revision we’ve been focused on privacy and security of RTA transactions. We shifted significant amount of the work, required for transaction verification, from POS Proxy to POS itself. POS Proxy doesn’t know a recipient wallet address anymore. We also introduced an end-to-end encryption of the payment data.
Thanks to @jagerman42 and others for contributing their critique and ideas!