PCI EMV Kiosk
Are your kiosks PCI EMV-compliant? Is your application PA-DSS certified? Odds are against it. For PCI it’s easy to check just by going to the Validated Applications section on the PCI site. EMV introduces Level 1, Level 2 and then Level 3 certifications. Call them Mechanical, Firmware and Application. There is also a listing of devices (emvco.com).
But I don’t want to do that — Let’s list out some of Why Nots — #1 it costs money to do. You’ll need a QSA and that could be $75K easy. Someone like Coalfire/etc. #2 it takes time. Figure a year or a month depending. #3 It is inconvenient. It’s unnecessary regulation given our environment. But it can come back to extract a heavy price in the future.
Participating Organization PCI Security Standards Council – The PCI Security Standards Council is an open global forum that is responsible for the ongoing development, enhancement, dissemination, and implementation of security standards for payment cardholder account data. The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN-Entry Device (PED) Requirements.
- EMV Update for 2019
- Storm – informative paper on Pin Pad Accessibility. Download it here — Accessibility – Implications on Keypad Design by Steve Greenaway
- EPP Regulations — Regulations EPP Pin Pads- 2020
- Patent News – new patent on mounting removable POS interface device. Here is patent link.
PCI EMV News Updates
- Kiosk Manufacturer Association Joins PCI SSC as Participating Organization
- Free Ecommerce with NETePay Hosted
- EMV Payment Solutions by TEAMSable POS
- Ingenico 8.6B Sale to Worldline
- Payment Card Theft via PoS Malware – Four more chains hit
- Contactless Card Double Tap
- Where is PCI EMV for Kiosks in 2019? An PCI EMV Update
- EMV Kiosk – On Track Innovations Receives Interac Certification for Canadian Market
- Feature – EMV Self-Service Update for Self-Order Kiosks 2018
- Ingenico EMV Q&A – EMV adoption in the self-service industry: What’s taking so long?
- Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market
- Verifone back online after outage on card machines
- Protect Yourself From Fraud and Identity Theft In 2018 – Digital Business
- Customs Duty Payment Kiosks Now EMV
- T-Minus Forty! – ATM Armageddon and EMV
PCI EMV Kiosk FAQ & Commentary
- Q: So what about grandfathering devices like they do for ADA? Can I delay? A: The only extensions that Visa/MC are making for the liability shift are for ATMs (2016) and fuel dispensers (2017) – all other merchants are open to the liability shift in 2015.
- Q: What about someone like Redbox with thousands of machines with old credit card readers? A: Redbox may be looking at the cost of upgrading and comparing that against what they would be liable for after the “shift” – one guess is that the cost to upgrade would far outweigh the fraud on $1 payments.
- Q: Are the banks going to charge me less for being EMV? A: One of the other dirty little secrets is that many banks are charging merchants EMV conversion fees to enable EMV acceptance at terminals. For some of the larger merchants, this alone would be some real money.
- Q: So what costs am I looking at? A: The upgrade cost for these merchants would be – the equipment, field technician, software mods, PCI certification (yes – PCI is still required), bank setup fees, and all the other bits and pieces.
Here is a handy list of resources and devices. Many thanks to KioskSimple for compiling and producing this. It’s a very good list…Editor
The following is a list of EMV capable card readers, PIN pads and contactless card readers that are designed specifically for self-service environments like a kiosk. As we’re beginning research and development on adding EMV capabilities to our US-based kiosk applications it makes sense to take inventory of the available EMV capable devices specifically designed for the self-service kiosk industry and weigh all of our options. This is why I’m taking the time to assemble this list of EMV capable payment devices which will likely grow as the looming October 2015 EMV liability shift draws nearer.
Kiosk EMV chip and PIN
Ingenico makes the iSelf Series which includes EMV Chip and PIN devices designed specifically for self-service kiosk applications. Combining iUP 250 & iUR 250 allows EMV Chip & PIN transactions in your kiosks while respecting PCi 3,x certification.
VeriFone makes the UX “Unattended Devices” for kiosks and other unattended environments. PIN pad features LCD graphic screen that securely displays payment amount and engages customers through targeted messaging.
Kiosk EMV chip and contactless readers
The ViVOpay Vend III contactless NFC, contact EMV, and magnetic stripe all-in-one payment device provides self-service kiosk operators with an integrated device that allows all three types of payment acceptance technologies.
With the EasiChoice bezel from MEI your self-service kiosks can accept any payment type the consumer has in their wallet: bills, coupons, magnetic stripe cards, NFC/contactless payments, and contactless EMV cards.
Kiosk EMV contactless NFC card readers
The Ingenico contactless reader focuses on contactless transaction only, the iiUC 180 is the ideal solution for small transactions, especially in the vending industry.
The VeriFone QX 700 provides rapid transaction speeds for all card types, including public transportation, stored value and other value-added applications.
The ViVOpay Kiosk II is a flexible stand-alone contactless reader comprised of a compact controller module and an RFID antenna module packaged individually giving equipment manufacturers flexibility to integrate contactless payment functionality with their host systems.
Which EMV hardware should I buy for my kiosks so I don’t have to replace it in the next 3 years?
This is a good question that is discussed in the video of the 2014 CPI EMV technology panel below. The answer boils down to personal preference. CPI makes the point that just because a card reader is EMV capable doesn’t mean your entire solution will be EMV compliant. Your entire solution needs to receive end-to-end EMV certification and according to MEI this has not happened in the US using the MEI 4-in-1 at the time this video was recorded. I’m not here to recommend EMV hardware for your kiosks just to spell out the options, so watch the video for more information and form your own opinions. We plan to add EMV support to KioskSimplekiosk software for Windows in 2015.