PCI EMV Kiosk
Are your kiosks PCI EMV-compliant? Is your application PA-DSS certified? Odds are against it. For PCI it’s easy to check just by going to the Validated Applications section on the PCI site. EMV introduces Level 1, Level 2 and then Level 3 certifications. Call them Mechanical, Firmware and Application. There is also a listing of devices (emvco.com).
But I don’t want to do that — Let’s list out some of Why Nots — #1 it costs money to do. You’ll need a QSA and that could be $75K easy. Someone like Coalfire/etc. #2 it takes time. Figure a year or a month depending. #3 It is inconvenient. It’s unnecessary regulation given our environment. But it can come back to extract a heavy price in the future.
Participating Organization PCI Security Standards Council – The PCI Security Standards Council is an open global forum that is responsible for the ongoing development, enhancement, dissemination, and implementation of security standards for payment cardholder account data. The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN-Entry Device (PED) Requirements.
- EMV Update for 2019
- Storm – informative paper on Pin Pad Accessibility. Download it here — Accessibility – Implications on Keypad Design by Steve Greenaway
- EPP Regulations — Regulations EPP Pin Pads- 2020
- Patent News – new patent on mounting removable POS interface device. Here is patent link.
PCI EMV News Updates
- New Sponsor – OTI EMV Credit Card Readers
- Unattended Card Payments next generation self-service customer experiences with AMP 6500 EMV Android Smart terminal
- Kiosk Manufacturer Association Joins PCI SSC as Participating Organization
- Free Ecommerce with NETePay Hosted
- EMV Payment Solutions by TEAMSable POS
- Ingenico 8.6B Sale to Worldline
- Payment Card Theft via PoS Malware – Four more chains hit
- Contactless Card Double Tap
- Where is PCI EMV for Kiosks in 2019? An PCI EMV Update
- EMV Kiosk – On Track Innovations Receives Interac Certification for Canadian Market
- Feature – EMV Self-Service Update for Self-Order Kiosks 2018
- Ingenico EMV Q&A – EMV adoption in the self-service industry: What’s taking so long?
- Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market
- Verifone back online after outage on card machines
- Protect Yourself From Fraud and Identity Theft In 2018 – Digital Business
PCI EMV Kiosk FAQ & Commentary
- Q: So what about grandfathering devices like they do for ADA? Can I delay? A: The only extensions that Visa/MC are making for the liability shift are for ATMs (2016) and fuel dispensers (2017) – all other merchants are open to the liability shift in 2015.
- Q: What about someone like Redbox with thousands of machines with old credit card readers? A: Redbox may be looking at the cost of upgrading and comparing that against what they would be liable for after the “shift” – one guess is that the cost to upgrade would far outweigh the fraud on $1 payments.
- Q: Are the banks going to charge me less for being EMV? A: One of the other dirty little secrets is that many banks are charging merchants EMV conversion fees to enable EMV acceptance at terminals. For some of the larger merchants, this alone would be some real money.
- Q: So what costs am I looking at? A: The upgrade cost for these merchants would be – the equipment, field technician, software mods, PCI certification (yes – PCI is still required), bank setup fees, and all the other bits and pieces.
Ingenico makes the iSelf Series which includes EMV Chip and PIN devices designed specifically for self-service kiosk applications. Combining iUP 250 & iUR 250 allows EMV Chip & PIN transactions in your kiosks while respecting PCi 3,x certification.
VeriFone makes the UX “Unattended Devices” for kiosks and other unattended environments. PIN pad features LCD graphic screen that securely displays payment amount and engages customers through targeted messaging.
Kiosk EMV chip and contactless readers
The ViVOpay Vend III contactless NFC, contact EMV, and magnetic stripe all-in-one payment device provides self-service kiosk operators with an integrated device that allows all three types of payment acceptance technologies.
Kiosk EMV contactless NFC card readers
The Ingenico contactless reader focuses on contactless transaction only, the iiUC 180 is the ideal solution for small transactions, especially in the vending industry.
The VeriFone QX 700 provides rapid transaction speeds for all card types, including public transportation, stored value and other value-added applications.
The ViVOpay Kiosk II is a flexible stand-alone contactless reader comprised of a compact controller module and an RFID antenna module packaged individually giving equipment manufacturers flexibility to integrate contactless payment functionality with their host systems.
Which EMV hardware should I buy for my kiosks so I don’t have to replace it in the next 3 years?
This is a good question that is discussed in the video of the 2014 CPI EMV technology panel below. The answer boils down to personal preference. CPI makes the point that just because a card reader is EMV capable doesn’t mean your entire solution will be EMV compliant. Your entire solution needs to receive end-to-end EMV certification and according to MEI this has not happened in the US using the MEI 4-in-1 at the time this video was recorded. I’m not here to recommend EMV hardware for your kiosks just to spell out the options, so watch the video for more information and form your own opinions. We plan to add EMV support to KioskSimple
- Feb 2014 – NIST Framework for Cybersecurity – considered extension of HITECH and HIPAA requirements it lays out top down executive & enterprise view of cybersecurity. Close to BCP (Business Continuation Plan)