Kiosk Card Readers – EMV and PCI Card Readers

credit card reader Trio-IQ

Right now we are just looking at Ingenico readers and OTI Global readers.

• Are your typical transactions below $25 or above
• Best to engineer modularity and the ability to use pinpad or not. Outdoor is another consideration
• Ensure the device is PCI-PTS v4 at minimum (which Ingenicos for kiosks are those?)
  • All v3 Ingenico kiosk hardware has been end of life for over a year. The iSelf which we are still selling is PCI v4 as is the iUC285. These are eligible for installation into net new kiosk deployments until April 30, 2023. The Self lineup is PCI-PTS v5, good for net new installations until April 30, 2026. Note: Historically i is possible to recertify to a later PCI-PTS version without changing the form factor of the unit provided nothing in the later specification required it. Ingenico did this with the iPP and iSC for example. I am not saying they will definitely do that with the Self, but there is a precedent for it if a device is a popular workhorse.
  • v3.2.1 Otiglobal includes the Trio IQ which provides
    • ALL NFC, contact & contactless EMV payments
    • Touchless vending support
    • Reduce development work
    • All in one device (Reader & Controller & SDK)
    • Multimedia capabilities (e.g advertisements, videos)
    • Large touch screen
    • High-end Operating Systems (Linux) with SDK allows users to develop customized features with minimal time, effort and risk
    • Integral support for Vending, Kiosk, Mobile payment, Pulse, Closed-loop payments*
• Ideally be aware and target v5
• Devices
  • v4 Pinpad + NFC [iSelf Combo iUC250 and 250LE] Guesstimate MSRP=$500
    • indoor
    • protected outdoor
    • Buzzer
  • v4 Contactless/Swipe [iUC285]  Guesstimate MSRP=$450
    • Any mobile wallet or NFC card
    • Vandal and Outdoor capable (IP54)
    • no pinpad
    • no Audio though it does Beep  (a lot). Ticketing ADA consideration.
  • v4 iSelf Series Guesstimate MSRP=$1500?
    • open frame
    • IP65
  • v4 UX Series  Guesstimate MSRP=$1500
    • Open Frame for seamless integration
    • IP44 and IP65
    • no audio
  • v5.1 Self 2000 – Contactless/Swipe/QR  Guesstimate MSRP=$500?
    • indoor
    • protected outdoor
    • no pinpad
    • Audio
  • v5.1 Self 4000 – Contactless/Swipe/QR/Pinpad Guesstimate MSRP=$750?
    • See QR camera in lower left of featured image.
    • Indoor / Outdoor Capable
      • Detail — both readers have water evacuation drain holes. Of course taking all your normal precautions regarding direct sunlight primarily for daylight readability and thermal load concerns. Follow best practices for facing kiosk North or South, avoid East and West facing installations. Instruct cleaning crews to not power wash kiosk etc. etc.
    • Audio
    • no commissioning required  — this is a big deal. Maintenance and service and downtime can be ruthless.
      • In detail — This is a time and money saver in that it no longer takes two technicians with special issued smart cards to install the hardware in the enclosure any more. This was originally a requirement for PIN entry capable payment terminals that are comprised of individual components (the iUP PIN pad and iUR card reader for example). With attended terminals the reader and PIN pad share a common plastic housing that is equipped with all kinds of tamper sensors. With these components, the kiosk enclosure is their common housing so anti-removal/anti-tamper sensors were installed on these devices so it can tell when it is mounting in a kiosk or not. Additionally the smart cards and commissioning process was a way to do a digital handshake between the PIN pad and its reader mate so they would trust each other with the idea being if one of the components was removed and replaced with a rogue device the other component wouldn’t trust the rogue device. Additionally if a bad actor did remove one of the components with this intention it would trip the anti-removal sensors anyway so they’d be unsuccessful from the very first step. With the Self 2000, 4000, and 5000 the PIN pad and reader share a common housing as they are “all in one” units so no trust handshake needed between PIN pad and reader any longer. Beyond that this part of the PCI-PTS specification was deprecated.
      • More detail — Commissioning is not a manufacturer’s requirement but rather one that PCI determined was the best way to confirm that a terminal had been installed by an authorized party. This is no longer a requirement under PCI v5, so the Self 2000, 4000 or 5000 do not require it. The Self 7000 and 8000, a modular solution to be used together and due to be released later this year may require commissioning, but our goal is to avoid it if possible. Commissioning does not have anything to do with key injection, it’s merely to put the terminal into a “ready” state once installed within the kiosk.
    • What About Verifone devices?
      • There is no Verifone device that would be a true comparison to the new Self 2000, 4000, and 5000 line. They don’t currently have a PCI-designated CAT (cardholder activated terminal, aka unattended terminal) that has PIN on display, or is an all-in-one, or has an integrated QR code reader.
      • Verifone, to our knowledge, does not have competing devices to match the Self family. They simply haven’t invested in unattended terminals, preferring to focus on their Zivelo acquisition and to push customers to use attended terminals on kiosks. While this works, this is not always in the best interest of the customer in our opinion as these terminals aren’t built for self-service use and may face shorter life spans when used in this manner.

Smart Vending Card Reader Solution Videos

The Ingenico 2000, 4000 and 5000 readers are also targeted for Smart Vending. Here is a video on that segment by Ingenico.

Here is a video by Otiglobal on Smart Vending

Some Background on Key Injection

This is an older write-up on Key Injection but still relevant at very least from point of view in 2015. Terms and requirements for this are dated to 2015

Key Injection Service is the secure process  by which payment hardware (credit card terminal/ reader/ pin pad)  gets loaded with the encrypted  Debit and Data keys which in effect “marries” the terminal to the merchant’s processor and bank to make the device functional and secure.  Debit Keys are now called PIN Keys.  This process is mandated by PCI (Payment Card Industry) to mask and protect card holder data during the transaction.  A debit key is needed to scramble the pin data and a data key is needed to scramble card data.  A debit key is mandatory if a customer wants to accept debit cards.   Customers accepting only credit will not need key injection.(1)

Only an ESO (Encryption Service Organization) can perform the key injection service to be PCI compliant.