PCI Compliance kiosk. It means different things to people. Are your kiosks PCI compliant? EMV compliant? Is your application PA-DSS certified? Odds are against it. For PCI it’s easy to check just by going to the Validated Applications section on the PCI site. EMV introduces Level 1, Level 2 and then Level 3 certifications. Call them Mechanical, Firmware and Application. There is also a listing of devices (emvco.com).
But I don’t want to do that — Let’s list out some of Why Nots –
it costs money to do. You’ll need a QSA and that could be $75K easy.
it takes time. Figure a year or a month depending.
It is inconvenient. It’s unnecessary regulation given our environment. But it can come back to extract a heavy price in the future.
All of my transactions are so small and so many that the liability factor is low for any significant fraud rate.
Table of Contents
PCI Kiosk Definitions
PCI Level 1 Compliance — The Payment Card Industry Data Security Standard (PCI DSS) defines defines a “Level 1” merchant as one that processes at least 1 million, 2.5 million, or 6 million transactions per year, depending on which credit cards the merchant accepts. It is the highest, and most stringent, of the PCI DSS levels. Visa, Mastercard, and Discover define Level 1 merchants as those processing more than 6 million credit card transactions annually.
How to Qualify — To comply with PCI DSS, Level 1 merchants and service providers must attain a yearly Report on Compliance from a Qualified Security Assessor (QSA) or Internal Security Assessor after an onsite audit. Those in levels 2, 3, and 4 may self-assess by filling out the PCI DSS Self-Assessment Questionnaire (SAQ) that the security standards council provides.
EMV Compliance – EMV compliance means that a business has upgraded their point-of-sale equipment to feature credit card readers that support EMV technology (chip). If a customer walks into the store and is asked to insert their credit card into the slot on the machine, that store is EMV compliant. If the only option is to swipe the card via the magnetic strip on the back, the store in question probably isn’t EMV compliant.
Is the device you are using Approved by PCI Security Standards Council? Here is PTS search.
PCI SSC Participating Organization logoParticipating Organization PCI Security Standards Council – The PCI Security Standards Council is an open global forum that is responsible for the ongoing development, enhancement, dissemination, and implementation of security standards for payment cardholder account data. The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN-Entry Device (PED) Requirements.
PCI Compliance vs EMV Compliance What’s the difference between PCI compliance kiosk and EMV compliance kiosk? The short answer is they’re both guidelines for protecting cardholder data for the purpose preventing fraud, but they focus on different elements of the credit card transaction. “To clarify it even further and more simply, PCI is about making sure the card… Read More »
ADA Kiosk 20 Point Checklist KMA Code of Practice Update April 10 — Noted at recent U.S. Access Board ADA call — clarification and addition of standards in regards to EV charging stations is anticipated in the next rulemaking session about to commence. April 2022 original publish. Dec28, 2021 updated — Current updated page located at the Kiosk… Read More »
PCI EMV Compliance Kiosk Update – Unattended The deadline for merchants to bring payment devices into compliance with EMV standards passed more than three years ago, but there are still non-compliant devices in the marketplace. A year ago, KioskIndustry.org published a piece looking at the state of adoption of Europay, Mastercard and Visa (EMV) requirements among kiosk deployers… Read More »
Noted on DailyMail A security loophole is allowing fraudsters to break the £30 spending limit for contactless bank cards. Banks and retailers are allowing customers to cover a single bill of more than £60 by making several ‘tap-and-go’ payments of £30 each. Experts have warned this is making it easy for criminals to make more expensive purchases on… Read More »
Unattended Card Payments Inc. KIF Now PCI P2PE Validation PRESS RELEASE UPDATED: NOV 6, 2019 07:00 PST LAS VEGAS, November 6, 2019 (Newswire.com) – Unattended Card Payments Inc. (UCP), a leading Value Added Reseller of payment devices for self-service kiosks, announced today that its Key Injection Facility (KIF) located in Las Vegas, Nevada, has been validated for Point-to-Point Encryption (P2PE)… Read More »
Ingenico Acquired By Worldline From TechCrunch Feb03 — Some consolidation is afoot among the payments behemoths of Europe. Smaller, newer fintech companies are eating into their market dominance by adapting faster to changing spending habits, while also looking to capitalize on economies of scale. [Thanks to Frank at Olea Kiosks] Today Worldline, a financial services company that provides everything… Read More »
TEAMSable Partners With Worldnet Payments To Provide EMV Payment Solutions to Merchants San Jose, California – March 30, 2020 – TEAMSable, premiere hardware manufacturer of complete Point-Of-Sale (POS) systems, and Worldnet Payments, a trusted leader in electronic payments and security technology, announced today that they have joined forces to provide a one-stop shop for businesses looking for EMV… Read More »
In response to COVID-19 related business shifts, Datacap is offering free eCommerce functionality with every NETePay Hosted install for the next 6 months to make transitioning to takeout and delivery-only easier for you and your merchants. During this unprecedented time, it’s more important than ever to be able to offer your merchants the ability to pair card-present payments… Read More »
PCI SSC Technical FAQs for use with Version 6 A new November update to the PCI SSC Technical FAQs has been issued. It is listed below. We have also listed some other interesting questions. For a full copy of this document, it is provided by the PCI Security Standards Council November 2020: POI devices must support one or… Read More »
Retailers who offer contactless payments have a lot to gain. New research shows that nearly two thirds of consumers globally prefer shopping with merchants who accept contactless payments! Future-proof your income while lowering vending downtime, cash handling costs, theft and security concerns. Take TRIO-IQ, an intelligent, modular combo platform that works with all Payment options: QR Codes, custom app… Read More »
Datacap and Dash Now enable Text-to-Pay (eCommerce transactions) alongside card-present payments for any Point of Sale via Datacap’s NETePay Hosted™ platform. No hardware or mobile app required. Editor Note: This type of transaction is very common. Calling into order is likely the most common way of ordering. We order food regularly from restaurants and unless you are a loyal customer and… Read More »
PCI Compliance Kiosks Update & EMV Card Reader – 2021 Editor Updates: July 2021 Just what is a CAT or Cardholder Activated Terminal? See FAQ Sample specs of PAD device used in major RFP — see below Choosing a device for the operational situation is important. A slow CPU for example may work for a liquor store. If… Read More »
Cardholder Activated Terminals FAQ There are two primary classifications of Point of Sale Terminal Types: Attended and Unattended Payment Terminals are classified into two major types, depending on the situation: Attended Terminals A POS Transaction occurring at an attended POS Terminal is a face-to-face Transaction, since a Sales Person or Representative is present at the time of the… Read More »
Kiosk EMV Capable Card Readers, PIN Pads and Contactless Readers for Self-Service Kiosks Jan 2014 — The following is a list of EMV capable card readers, PIN pads and contactless card readers that are designed specifically for self-service environments like a kiosk. As we’re beginning research and development on adding EMV capabilities to our US-based kiosk applications it makes sense to take inventory… Read More »
Kiosk PCI Compliance Tips from PCI SSC July 2021 Update — See the updated KMA PCI EMV Credit Card Reader Update – includes a preview of v6 devices from Ingenico. We also have finalized 30×10 matrix of POS devices and specific capabilities and features. From PCI SSC – The COVID-19 pandemic is quickly changing how many small merchants accept… Read More »
AMP 6500 EMV Android Smart terminal We are excited to be working with AMP and adding the state of the art 6500 Android self-service device to our portfolio of products.” — Robert Chilcoat A Weatherproof Android solution to drive clean & contactless unattended payments LAS VEGAS, NV, UNITED STATES, October 2020 — UCP Inc., a leading distributor… Read More »
Noted on Bleeping Computer Excerpt By Ionut Ilascu Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers’ payment card information. In the last two days, McAlister’s Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee disclosed publicly that their networks were infected with point-of-sale malware copying… Read More »
BusinessWire — Westminster, CO, April 28, 2020 — The Kiosk Manufacturer Association (KMA), an organization focused on self-service, announced today that it has joined the PCI Security Standards Council (PCI SSC) as a new Participating Organization. KMA will work with the PCI SSC to help secure payment data worldwide through the ongoing development and adoption of the PCI… Read More »
EMV Credit Card Readers Welcome to OTI aka On Track Innovations as new Sponsor Check out the standard credit card readers below. Here is OTI link Easy To Integrate EMV Cashless / Contactless Payment Solutions For Unattended Machines OTI’s cashless credit card readers include key certifications and allow unattended-market operators to accept credit cards and mobile payments including… Read More »
PCI Compliance for self service kiosks announcement on PRNewswire WESTMINSTER, Colo., Dec. 15, 2020 /PRNewswire/ — The Kiosk Manufacturer Association (KMA), the leading unattended self-service kiosk association established in 1995, today announced the launch of new initiatives in the PCI Compliance space for unattended self-service kiosks. Those initiatives include providing content for the PCI Perspectives Blog, creating a SIG or Special… Read More »