Parabit has received commitments from 7 of the top 20 Commercial US Banks for 10,000 plus units over the next two to three years. Over the last 4 weeks 3 US Commercial Banks have upgraded their ACS-1E systems with MMR’s or installed MMR’s with our ACS-1E ATM Lobby Access Control System at over 400 ATM Lobby locations.
Parabit Adds Mobile NFC / Contactless EMV Access Control to secure ATM Lobbies with Overlay and RFID Skimmer Detection was last modified: May 24th, 2020 by Kiosk Industry
October 19, 2016 – YORK, PA. Livewire Kiosk is pleased to announce the integration and certification of the FreedomPay EMV payment processing system. The FreedomPay solution offers EMV compliance using Ingenico’s iSelf Series of unattended devices with processors including Heartland, First Data, and Elavon. Bundled with Livewire’s Self-Service Commerce platform and eConcierge® Content Management System, the FreedomPay/Ingenico integration provides fast processing of EMV-compliant payments while eliminating the merchant’s and consumer’s risk of credit card fraud.
The FreedomPay integration joins a list of other payment solutions that have been integrated into Livewire’s kiosk software, including Network Merchants, Authorize.net, First Data’s Payeezy, Frontstream, Credit Call, and Tempus. Livewire’s Transaction Processing Engine powers solutions worldwide such as event ticketing, token purchases, duty tax payment, product vending, gift card exchange, and entertainment systems. Initial deployments utilizing FreedomPay include cover charge collection kiosks for an upscale night club in Boston and a state vehicle registration renewal kiosk.
About Livewire Kiosk
Livewire is the Power to Connect, creating integrated software solutions for kiosks, digital signage, web sites and mobile applications, all managed from its eConcierge® Content Management System. Livewire’s transactional solutions increase revenue and productivity for its customers, while lowering overhead and providing seamless integration. Livewire provides cutting-edge software, hardware, and system integration, bringing the necessary puzzle pieces together to increase customer engagement and create a secure end-user experience. Learn more at LivewireDigital.com
EMV Kiosk – Livewire Kiosk Adds FreedomPay & Ingenico was last modified: May 24th, 2020 by News Editor
The deadline for merchants to bring payment devices into compliance with EMV standards passed more than three years ago, but there are still non-compliant devices in the marketplace.
A year ago, KioskIndustry.org published a piece looking at the state of adoption of Europay, Mastercard and Visa (EMV) requirements among kiosk deployers in 2018. The bottom-line findings were that while kiosk manufacturers were stressing the need for EMV-compliant solutions for new projects, many deployers planned to keep current non-compliant solutions in the field until the end of their lifespan.
Now that a year has passed since that analysis, has anything changed? Where do things stand now?
EMV Compliance continues to expand
To recap, EMV is defined as “a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.” EMV “smart cards” store their data on integrated circuits in addition to the traditional magnetic stripes. According to financial services firm FirstData, EMV chip cards transmit a variable algorithm that changes with each transaction, making the data more secure than what’s found on magnetic stripe cards.
Under EMV standards, merchants had until Oct. 1, 2015, to make their payment processing equipment EMV-complaint. If a fraudulent transaction occurred at a merchant who had not upgraded their equipment, the merchant would eat the cost of that transaction along with any fines or fees that might be assessed.
And while EMV standards were relatively clear for in-person transactions, such as those at an attended checkout register at a grocery store, they were a bit murkier when it came to transactions at an unattended device, such as a self-service kiosk.
Although payment card issuer Visa doesn’t break out kiosk-specific statistics, it does track overall EMV adoption. By most measures, the process seems to be rolling along.
As of December 2018, more than 3.1 million merchants now accept chip cards, according to Visa statistics, compared with just 392,000 merchants as of September 2015. There are now 511 million chip cards in circulation compared with 159 million three years ago. Ninety-eight percent of payments accomplished at the end of 2018 were done using chip cards.
In addition, counterfeit fraud dollars dropped 48 percent over the 39-month period, according to Visa statistics, while that figure was closer to 80 percent for merchants who have completed the upgrade.
Still, that doesn’t mean credit-card fraud is going to disappear. According to research by intelligence firm Gemini Advisory, as of November 2018 chip-enabled cards represent 93 percent of the more than 60 million payment cards stolen in the past 12 months, thanks to the lack of U.S. merchant compliance with the EMV implementation.
Other Gemini findings include:
45.8 million or 75 percent are Card-Present (CP) records and were stolen at the point-of-sale devices, while only 25% were compromised in online breaches.
90% of the CP compromised U.S. payment cards were EMV enabled.
The United States leads the rest of the world in the total amount of compromised EMV payment cards by a massive 37.3 million records.
Financially motivated threat groups are still exploiting the lack of merchant EMV compliance.
In addition, a new type of card fraud is gaining in popularity. Unlike the skimmers fraudsters attached to gas pumps and other devices to capture credit card information (one of the types of fraud EMV was designed to eliminate) a “shimmer,” according to Krebs on Security, fits in the card slot between the chip on the card and the chip reader — recording the data on the chip as it is read by the underlying machine. The fact that the device fits in the slot itself instead of fitting over the card reader, it’s difficult to spot.
“Data collected by shimmers cannot be used to fabricate a chip-based card, but it could be used to clone a magnetic stripe card. Although the data that is typically stored on a card’s magnetic stripe is replicated inside the chip on chip-enabled cards, the chip contains additional security components not found on a magnetic stripe.
“One of those is a component known as an integrated circuit card verification value or “iCVV” for short — also known as a “dynamic CVV.” The iCVV differs from the card verification value (CVV) stored on the physical magnetic stripe, and protects against the copying of magnetic-stripe data from the chip and using that data to create counterfeit magnetic stripe cards.”
The weakness a shimmer exploits lies with the card issuer as opposed to the payment device.
“The only way for this attack to be successful is if a [bank card] issuer neglects to check the CVV when authorizing a transaction,” ATM giant NCR Corp. wrote in a 2016 alert to customers. “All issuers MUST make these basic checks to prevent this category of fraud. Card Shimming is not a vulnerability with a chip card, nor with an ATM, and therefore it is not necessary to add protection mechanisms against this form of attack to the ATM.”
(If I needed any persuasion that payment card fraud was still a problem, I recently received a call from my bank alerting me that my debit card had been compromised. Someone had used what was obviously a cloned card to withdraw $300 at an ATM 30 miles away from where I live. The bank blocked the card when the fraudster attempted to make a withdrawal at another ATM. A few days later, my son’s debit card was compromised as well. In both cases, the money was refunded to our accounts and the dispute was closed in less than a week. When I posted a comment to the neighborhood Nextdoor social media site about the incident, dozens of people in my area said they had also been victims of payment card fraud. The speculation was that the issue occurred at a nearby convenience store, although nothing was proven.)
The current state of EMV affairs
By all appearances, EMV adoption among kiosk deployers essentially stands where it did a year ago. Deployers seem to be carrying on with existing equipment until the end of its lifespan, with any new deployments.
Part of the reason is likely, as mentioned in last year’s analysis, that the relatively low transaction averaged for many kiosks translates to less overall chargeback risk, which in turn means less incentive to upgrade. Given that risk, it doesn’t make much sense to invest in an upgrade it of the deployer plans to swap it out in a year or two.
“For kiosks we have seen very little in the way of EMV retrofits of fielded kiosks running in mag stripe even though there are surface mount devices well suited to field retrofits available,” said Rob Chilcoat, president, North American Operations with UCP Inc., a provider of EMV-compliant chip-and-pin hardware and payment gateway solutions for attended and unattended card payment terminals in North America.
In addition, some of the concerns about whether a kiosk would be considered attended, “semi-attended” or unattended under EMV requirements may have been overblown.
The Path to EMV
What are some other risks in deploying non-EMV kiosks? Comments from the experts:
There are current deployers with standard ecommerce websites using a third-party shopping cart on their kiosks that have no clue about EMV. Kiosk software like KioWare can intercept the shopping cart MSR checkout and perform the EMV transaction; however, they still need the third-party shopping cart to know the transaction has succeeded; ie, we need an API to call. This API is often lacking as most don’t care about kiosks and EMV integration, although it is slowly changing. This is definitely affecting existing kiosks going EMV, but it is also affecting new kiosk projects that had hoped to use their existing third-party shopping cart.
If a card data breach is tracked back to a kiosk, the merchant associated with that kiosk would be in hot water. This is why data in the clear between a card reader and a web hosted payment page (the old way of doing things) is such a PCI no-no.
Ultimately PCI compliance comes down to the merchant themselves, ISVs want to enable the merchants to use a PCI-DSS pre-certified solution, but that doesn’t completely relieve the merchant themselves from final PCI compliance. Implementing EMV pretty much removes mag stripe data from the environment except in cases where a card has no chip, or the chip is damaged. In the case of a card not having a chip, the issuer of the card would be the least compliant (culpable) party if the merchant is EMV capable. In the event of a damaged chip, this is why it is also important to implement end-to-end encryption, to render malware sniffing attacks unfruitful.
“’Semi-attended’ doesn’t exist as far as the PCI Security Council and EMVCo are concerned; a device is either a Cardholder Activated Terminal (CAT) or it isn’t in their eyes,” Chilcoat said.
“This ‘semi-attended’ term was coined by processors to justify using less costly attended devices at self-checkout and other indoor self-service scenarios where the kiosks are being tended to by an employee of the store,” he said. “This PCI gray area still exists and we do see people ordering attended devices from us for this purpose. We advise against it, but we can’t stop them from doing what they want with a terminal. It really comes down to what the merchant’s processor will allow.”
Still, deployers shouldn’t be lulled into a false sense of security by thinking a low transaction amount means they’re insulated from major losses. Yes, if a fraudulent card is used on a small transaction at the kiosk, it can just be considered a cost of doing business. On the other hand, if someone is able to collect cardholder data at the kiosk and then sell it on the dark web causing massive fraudulent transactions elsewhere, and that gets tracked back to a non-EMV compliant kiosk, it won’t be trivial to a kiosk deployer.
But for new projects, EMV is definitely the norm.
“In terms of kiosks, the biggest thing that’s changed is the move from EMV being an optional form of payment to a requirement for our customers,” said Bruce Rasmussen, director of sales with payment technology provider Ingenico Group.
“Currently we do not have any customers in the pre-deployment stage that are not already planning to support EMV now or in the next phase of their project,” Rasmussen said. “Additionally, merchants are continuing to redefine their customer interface to capture a new segment of the market, and payments continues to play a large role in this transformation.”
In particular, he said, there is a growing emphasis on supporting mobile wallets in payment solutions, which in turn drives demand for EMV contactless. With the majority of legacy cashless options only supporting magstripe transactions, merchants are putting updating their payment solutions to accept contactless at the top of their requirements.
“We see growth in contactless card payments and payments via smart phones driving growth in NFC adoption at the kiosk,” Rasmussen said. “The mandate from the card brands to support EMV contactless payments as of October 2019 is driving adoption for EMV since managing a contact and contactless certification may be the most economical and efficient use of resources to achieve a certification.”
Ultimately, although the process continues to be a gradual one, it’s only a matter of time before the vast majority of self-service kiosks in the marketplace are EMV-compliant.
“In terms of new kiosks, we have not shipped anything mag stripe only for a long time,” Chilcoat said. “I think overall EMV migration has hit a tipping point where chip card payments is the expected user experience and kiosk companies are seeing that and including it in their RFP requirements.”
BusinessWire — Westminster, CO, April 28, 2020 — The Kiosk Manufacturer Association (KMA), an organization focused on self-service, announced today that it has joined the PCI Security Standards Council (PCI SSC) as a newParticipating Organization. KMA will work with the PCI SSC to help secure payment data worldwide through the ongoing development and adoption of the PCI Security Standards.
The PCI SSC leads a global, cross-industry effort to increase payment security by providing flexible, industry-driven and effective data security standards and programs. The keystone is thePCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process and preventing, detecting and mitigating criminal attacks and breaches.
As a Participating Organization, the KMA adds its voice to the standards development process and will collaborate with a growing community of more than 800 Participating Organizations to improve payment security worldwide. KMA will also have the opportunity to recommend new initiatives for consideration to the PCI Security Standards Council and share cross-sector experiences and best practices at the annual PCI Community Meetings.
“In an era of increasingly sophisticated attacks on systems, PCI Security Standards and resources help organizations secure payment data and prevent, detect and mitigate attacks that can lead to costly data breaches,” said Mauro Lance, Chief Operating Officer of the PCI Security Standards Council. “By joining as a Participating Organization, KMA demonstrates they are playing an active part in improving payment security globally by helping drive awareness and adoption of PCI Security Standards.”
“Unattended self-service kiosk manufacturers deal with PCI every day. We communicate simplicity but also liabilities,” said Craig Keefner, with KMA. “We’ll propose Special Interest Group (SIG) for unattended. Our PCI-EMV steering committee is Unattended Card Payments Inc., DCAP Systems, Ingenico, Self-Service Networks and KioWare. We hope to duplicate our ADA Accessibility initiatives’ success.”
In response to COVID-19 related business shifts, Datacap is offering free eCommerce functionality with every NETePay Hosted install for the next 6 months to make transitioning to takeout and delivery-only easier for you and your merchants.
During this unprecedented time, it’s more important than ever to be able to offer your merchants the ability to pair card-present payments in brick-and-mortar locations with card-not-present payments, so you can help them through this tough time by providing a new avenue for payments and a means to help keep them afloat.
Why Datacap For Ecommerce
– Cross-platform tokens – Initiate transactions via cross-platform tokens that originated online to use in store or vice versa. Tokens remain independent of specific payment processing platforms, so they are maintained as merchants change processing relationships.
– App-based Payments – Seamlessly add payments to any iOS or Android app with Datacap’s eCommerce libraries.
– WooCommerce WordPress plugin – Easily add online checkout to your wordpress site with Datacap’s WooCommerce plugin.
TEAMSable Partners With Worldnet Payments To Provide EMV Payment Solutions to Merchants
San Jose, California – March 30, 2020 – TEAMSable, premiere hardware manufacturer of complete Point-Of-Sale (POS) systems, and Worldnet Payments, a trusted leader in electronic payments and security technology, announced today that they have joined forces to provide a one-stop shop for businesses looking for EMV certified frictionless payments solutions. This partnership will enable EMV payment processing on TEAMSable point-of-sale systems for retail, restaurants, hospitality, health care, and more.
Worldnet Payment’s gateway is certified to industry-leading processors and will integrate with TEAMSable’s POS hardware. This will allow transaction data to transfer seamlessly from the POS to the payment terminal, delivering a frictionless payment experience to customers, while saving merchants time and resources. Worldnet EMV certified with major processors and also provides Contactless and eCommerce solutions which means you would be able to accept any payment anywhere with all major credit and debit cards.
“Commerce is changing faster than ever before and merchants require versatile payment solutions to meet those demands,” said Conn Byrne, Worldnet Payments’ Senior Vice President of Sales. “By partnering with TEAMSable, we can deliver an integrated solution that will help merchants advance and grow their business.”
“We are thrilled to be partnering with Worldnet Payments because they have a dedicated team and the latest payments technology and security,” said Michael Hsieh, General Manager at TEAMSable. “We are proud to be partnering with them to enable merchants to accept EMV and mobile payments securely from anywhere.”
TEAMSable is continuously making strides to quickly and efficiently bring versatile point-of-sale solutions to the market. For businesses today to thrive, they must be able to accept a wide range of payments and provide security for card data. This partnership ensures that business owners have what is needed to run a successful operation for years to come.
About TEAMSable POS, Inc.
Founded in 2006, TEAMSable POS started as a division of Team Research Inc., a public company in Taiwan and doing business based in San Jose, California for over 25 years. TEAMSable POS offers a complete line of POS Hardware and mPOS solutions including all-in-one touch systems, mobile devices, peripherals, and payment terminals. Their team has a proven track record of delivering quality products and first-class customer service, always ensuring that products are delivered in a timely fashion and within budget. To learn more visit: www.teamsable.com
About Worldnet Payments
Worldnet Payments delivers frictionless payment solutions to Software Vendors and Integrators. We were founded in 2007 and our technology has been designed from the ground up to deliver seamlessly integrated omnichannel payments. We deliver end to end solutions, from advice on architecture, to support in rollout and merchant migration, helping to ensure a truly frictionless integration experience for our customers. The company operates from Atlanta GA, with a European base in Dublin, Ireland. To learn more visit: www.worldnetpayments.com
What’s the difference between EMV compliance and PCI compliance? The short answer is they’re both guidelines for protecting cardholder data for the purpose preventing fraud, but they focus on different elements of the credit card transaction.
“To clarify it even further and more simply, PCI is about making sure the card data doesn’t get stolen and is secure in the first place and EMV is making sure if the data IS stolen that the content is rendered useless.” – CPI PCI and EMV: What’s the difference?
My goal for this article is to give a brief overview of each of these standards for protecting cardholders so you have an idea how they impact how you accept credit card payments at your self-service kiosk or POS.
The goal of EMV is to ensure the security and global interoperability of chip-based payment cards.
Includes robust cardholder verification (i.e. Chip and PIN). The particular verification method that is used depends on the card issuer as well as the POS where you make a purchase.
Prevents cards from being cloned through the use of microprocessor on the card which produces unique encrypted output each time the card is used to defeat card skimming.
The EMV specifications are managed by the privately owned corporation EMVCo LLC and was first published in 1995 through a joint effort by Europay, MasterCard, and Visa (hence EMV).
The goal of PCI is to protect cardholder data that is processed, stored or transmitted by merchants.
Follows common sense steps that mirror best security practices including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy.
Requires regular vulnerability scanning by an ASV of Internet-facing environments of merchants and service providers.
Andrew Savala is the CEO of RedSwimmer Inc., creators of the kiosk lockdown software KioskSimple. Andrew has been developing kiosk software since 2007, with an emphasis on self-service retail payment applications.
EMV Compliance vs. PCI Compliance was last modified: March 24th, 2020 by News Editor
From TechCrunch Feb03 — Some consolidation is afoot among the payments behemoths of Europe. Smaller, newer fintech companies are eating into their market dominance by adapting faster to changing spending habits, while also looking to capitalize on economies of scale. [Thanks to Frank at Olea Kiosks]
Today Worldline, a financial services company that provides everything from in-store point-of-sale terminals through to online payments, data analytics, banking and fraud protection, announced that it would acquire Ingenico, the huge point-of-sale terminal provider that controls 37 percent of the market globally, in a cash and share deal that gives Ingenico a valuation of €7.8 billion ($8.6 billion at today’s exchange rates).
The deal underscores two big themes in fintech, and specifically payments. The first is that the shift in payments and spending habits to more digital platforms has meant an increasing amount of fragmentation in the payments space, with each player getting a cut of the transaction: this means that a company doing business in this area needs economy of scale in order to make decent returns. The deal will give both companies a lot more economy of scale.
The second is a bigger theme of
Ingenico 8.6B Sale to Worldline was last modified: February 3rd, 2020 by News Editor
Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers’ payment card information.
In the last two days, McAlister’s Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee disclosed publicly that their networks were infected with point-of-sale malware copying data from cards used in person at certain locations.
McAlister’s, Moe’s, and Schlotzsky’s together have around 1,500 locations spread across the U.S. and are owned by the same parent company, Focus Brands.
Payment Card Theft via PoS Malware – Four more chains hit was last modified: October 5th, 2019 by News Editor
EMV deadlines have arrived, but many choose to skip the upgrade. EMV is still split into two big camps. One that is compliant and the other which will be, but not yet. Our prime supporting sponsor for this update is KioWare. Thanks!
Richard Slawsky is an Educator and freelance writer, specializing in the digital signage and kiosk industries.Louisville, Kentucky Area
Which costs more, complying with new regulations or not complying and hoping for the best?
The question is particularly relevant when it comes to kiosk deployers complying with Europay, Mastercard and Visa (EMV) regulations. Invest in upgrading equipment, or run the risk of being hit with chargebacks and fines in the event of fraud?
Although the lack of clear incentives or financial impacts have prompted some to skip those upgrades, it may be wiser to begin the planning process now. When the inevitable kiosk fraud case makes headlines, it will likely set off a compliance rush that may leave some deployers waiting months or years to get their devices upgraded and certified.
Meeting EMV deadlines
The Wikipedia entry for EMV defines it as “a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.” EMV “smart cards” store their data on integrated circuits in addition to the traditional magnetic stripes.
The Path to EMV
CC readers as keyboard wedge. They take input & then act like a keyboard echoing out the numbers thru port.
Credit companies keep data on unprotected and unencrypted servers.
Europe sees better way & requires solid encryption paired with a PIN (aka Chip and Pin).
The US defers requiring that for time being and does not follow Europe’s lead.
Growth of Internet and rise of credit cards Mastercard and VISA in US agree that encryption is a good thing. Maybe even a PIN…
EMV liability timetable put in motion. ATMs hugely affected (in US only) as are retailers.
CC readers add encryption in advance. Magtek and IDTech good examples. Instead of open Keyboard Wedges we now have encryption capabilities. No chip, though, and no PIN.
Deadline nears – everybody knows it is time to use chips, assuming liability for not doing so is above profit threshold. Somebody that does relatively small transactions will never be a target for stolen credit cards (Redbox e.g.). Does liability outweigh cost of upgrading, and affecting bottom line and potentially share price?
Signature used or zip code as presumed id token.
Data systems becoming more secure with better firewalls, less physical access, and encryption but most are not.
Big incidents (Target) increases pressure to upgrade all systems. Target’s backend was entry point via a vendor with free malware.
Nowadays EMV means getting a chip reader. It means securing the back end (ask Equifax…).
It used to mean signature too but no more.
Does not mean a PIN. With some consumers carrying multiple cards, it is impossible for them to use a secure PIN for each card because they’ll never remember.
Card data remains relatively safe on the front end (with CHIP) though there are many who still swipe (40%?) and IT Departments pay more attention to security on back end. One could argue penalties for breaches be increased as money is best motivator. See HIPAA privacy.
Because the chips are supposedly impossible to clone, smart cards offer vastly improved security compared with magstripe-only cards. But while smart cards include a magstripe along with the integrated circuit for backwards compatibility, the improved security only applies when used with an EMV-compliant card reader.
Although EMV compliance is an ongoing process in the United States, EMV technology has been standard in Europe for years with chip-and-PIN standard and contactless payment cards exploding.
“The card I use for business is probably 60% chip and pin 40% contactless by number of transactions, and I don’t think I’ve ever been asked to confirm a contactless payment by providing my pin,” said Nigel Seed, who runs KioWare Europe now. “A lot of people simply mistrust contactless and refuse to ever use it, in fact some people contact their bank and tell then to send them a replacement card without that facility, but busy metro type professionals typically do use it more than the average.”
To incentivize businesses to upgrade their card readers to EMV-compliant devices, the four major U.S. credit card issuers – Visa, MasterCard, American Express and Discover – established Oct. 1, 2015 as the deadline when credit card fraud liability will shift to merchants or processors if they do not have an EMV payment system ready.
If fraudulent card use occurs at a merchant that has not upgraded their equipment to EMV technology, the merchant eats the cost of the chargeback along with any fines or fees that may be levied. If that merchant’s processor has not made an EMV-compliant solution to the merchant, or if the card issuer has not issued EMV-compliant cards to its cardholders, the processor or card issuer assumes the liability.
Despite that deadline, though, deployers of self-service devices have been slow to bring those devices into compliance with EMV, in part due to the complexity and cost of upgrading. Making a kiosk or other self-service device EMV-compliant isn’t simply a matter of swapping out a card reader. Along with upgrading the payment terminal and software, other infrastructure involved in the transaction, such as data storage devices, must be upgraded as well.
EMV compliance affects all systems involved in the payment process, not just the payment terminal. Data warehouses are likely the biggest target of all and the eventual destination of data provided at a public terminal. If a retailer takes that highly encrypted data and then stores it as plain text on some in-house data warehouse that thru the vagaries of Microsoft networking is accessible via a simple vendor logging into a portal, they are vulnerable to EMV compliance issues.
In addition to upgrading hardware, compliance also involves the processor and the card issuers certifying that transactions are originating from an EMV-certified device, and that all software and middleware is PCI-DSS complaint as well as being compliant with international operability standards established by EMVCo, the consortium that manages EMV standards. That process could take several months.
What About A Pin Pad?
When do I need a PIN pad? Here are the basics:
The United States has historically had two kinds of Cardholder Verification Methods (CVM); PIN for debit transactions and signature for credit transactions at attended terminals. A signature was not valid for unattended scenarios under the logic that a kiosk can’t check an ID or signature.
In recent weeks card brands declared Signature to be obsolete and optional in the United States. This really had no impact on unattended as the standard for unattended credit purchases was No CVM.
The vast majority of debit cards issued in the US are called “dual application,” meaning they also carry one of the card brand logos and as such can be used on both debit networks (with PIN) and credit networks (optional signature). Think of the phrase ”Visa check card.” The transaction is performed on the credit network, but the money really comes out of your checking account as opposed to a line of credit.
Acceptance of PIN debit at a kiosk is optional, although there are cases where acceptance of debit is beneficial, such as bill pay kiosks where transactions could be potentially very large. This would be advantageous to a bill pay kiosk businesses when you consider a debit transaction has a fixed cost, while a credit transaction has a percentage of the sale amount fee.
From the perspective of fraud protection it is sort of a non-factor because crooks don’t go around paying their bills with stolen cards. In the case of a kiosk in the mall selling $200 headphones, though, it would be advantageous from a cost of transaction perspective as well as the prevention of card fraud and product loss.
Deciding if having a PIN pad on the kiosk is right for you really comes down to a few factors:
What is the average sale amount, and considering that amount does the potential savings of the fixed cost of a debit transaction vs the % cost of a credit transactions justify the increased hardware cost of adding a PIN pad for debit acceptance? Essentially, what is the ROI of the PIN pad and ability to accept debit?
What is the risk and true cost of loss of product at my kiosk, and does that warrant the cost of a PIN pad?
As an example, let’s say a photo kiosk sale amount maxes out at $50, and using an estimated credit transactional cost of 3.5% as a baseline, transactions will cost $1.75 to run as credit. Given debit transactions typically hover around $1.25/$1.50, the outcome of the financial decision tree says maybe the increased solution cost of the kiosk with PIN pad isn’t showing a strong ROI, or at least one that cannot be realized in the short term.
Furthermore, the risk and cost of lost product is low, and it will take selling a lot of prints to make up for the cost of the PIN pad. In this example it would make sense to forgo PIN debit acceptance at the kiosk and instead process debit cards over the credit network.
“Each payment processor generally drives their own certifications, so timing varies pretty dramatically between payment processing certification teams,” said George Hudock, who handles business development with Datacap Systems, a developer of integrated payment systems.
“Most kiosk providers will use a third-party payments solution to avoid the on-going EMV certifications and maintenance, so most are able to avoid the EMV certifications directly,” Hudock said. “However, EMV certifications for unattended devices generally take 3-5 months once queued.”
Although it’s difficult to tell how many non-EMV-compliant kiosks are out in the field, experts say 50-60 percent of point-of-sale terminals aren’t EMV compliant. It’s likely that the percentage of non-EMV-compliant kiosks is similar. Still, experts say it could be several years before the vast majority of self-service devices in the marketplace are brought in line with EMV regulations.
Overall, the EMV migration in the United States is proceeding as well and as speedily as anyone could reasonably expect considering the somewhat tortured circumstances in which it was launched and the technical complexity and costs of its implementation, said Leland Englebardt, Practice Leader, Financial Services at New York-based UpshotAdvisors.
“Remember, it was not long after Dodd-Frank was enacted, which required many significant changes in payment card infrastructure, economics and rules,” Englebardt said.
“We are beginning to see the results in less counterfeit card fraud, which is good for everybody,” he said. “However, the security of EMV is materially enhanced by adding point-to-point tokenization and encryption. As cyber-crime is now the most active and challenging area of payments fraud, it’s possible that in the near future we will see more mandates and/or liability shifts for those technologies.”
EMV confusion still reigns
Part of what seems to be hampering EMV compliance is a lack of clarity on the part of deployers over where kiosks fall under EMV regulations. Is there a difference between attended and unattended devices? What about those that accept or dispense cash?
According to Visa’s Transaction Acceptance Device Guide Version 3.1, the term Unattended Cardholder Activated Terminal (UCAT) refers to an acceptance device managed by a merchant that dispenses goods or services, at which the card and cardholder are present, but the functions and services are provided without the assistance of an attendant to complete the transaction. These devices include cardholder activated fuel pumps, self-service vending units, and self-service payment devices in parking garages or at parking meters.
Devices that support cash dispensing and provide goods and services must comply with the Visa rules and regulations appropriate to the transaction:
• When dispensing cash, the device is considered an ATM and, therefore, must adhere to the Visa rules and regulations for ATMs.
• When dispensing goods or services, the device is considered a UCAT and must adhere to the Visa rules and regulations for unattended purchases.
Although unattended devices (e.g., ATMs, UCATs) may dispense goods and services as well as cash, transactions involving a purchase with cash back are not allowed. In other words, an unattended device may dispense either cash or goods and services in a single transaction but not both. In addition, UCATs that dispense scrip are not addressed because the Visa rules and regulations prohibit Visa card products from being used for scrip transactions. (Scrip is a two-part paper receipt redeemable for goods, services or cash.)
Attended Cardholder Activated Terminals, such as self-checkout terminals in supermarkets, are not considered UCATs and therefore are not required to meet UCAT requirements.
The guide also mentions a third category, “semi-attended,” to describe Semi-Attended Cardholder Activated Terminals in the Europe Region.
If you want to benefit from low cost EFT like Verifone VX820 series (<200USD) and you want to install in Semi-Attended environment you should cover unneeded and unwanted functions by a plastic form.
Pyramid did it for instance in the McD Europe case. The customer can benefit from the low cost EFT and the “white” form embeds the EFT in an elegant and ergonomic way and in same time it covers the magnetic card function on the side of VX820 which would be not needed and would only make customers unsecure which way to use the device. With our embedded form, that ensures that the customer uses or NFC or Chip Card function.
“This has resulted in self-service manufacturers creating a third optional semi-attended solution, in conjunction with VISA, for those situations,” said Frieder Hansen, co-CEO of Germany’s Pyramid Computer. “Instead, for example, a plain IPP350 or 820 being used (attended), or for purposes of a UCAT using Ingenico 250 series, the third solution would be using an inspectable key-lockable option with a terminal like a 350.”
There is a perception that kiosks are always considered unattended from an EMV perspective, said Allen Friedman, VP of Payment Solutions at Ingenico Group.
“This is not always true,” Friedman said. “Some self-service implementations in attended environments where employee assistance is available, like at the grocery store, can be considered attended devices. If there is any time period where no assistance is available, then it is considered an unattended solution.”
There is also a card brand requirement for unattended devices to make a printed receipt available to cardholders for transactions above $15, Friedman said.
“Designs for kiosks intended to provide merchandise or services above that amount should include a receipt printer with their models to insure compliance,” he said.
Taking the risk
Although kiosk deployers are still asking for non-EMV compliant solutions, kiosk manufacturers seem to be coming down firm on needing EMV-compliant payment solutions for any custom deployment. New projects are likely to take EMV into account throughout the process.
On the other hand, some deployers are likely to stick with non-EMV compliant kiosks to the end of their lifespan.
“Deployers aren’t as educated on this as they need to be,” Laura Miller with KioWare said. “They think it doesn’t apply to them, aren’t aware of the risk or think that the risk isn’t high enough to warrant the additional cost.”
EMV-certified options are also still relatively limited, so kiosk providers’ preferred payments providers may not yet have an EMV-certified option for unattended applications.
“Kiosks are also expensive to upgrade to EMV due to a required change in casework to accommodate the updated EMV device,” Hudock said.
EMV & Cloud Services
EMV credit transactions thru the cloud makes things easier. Keyboard wedge changed to HID changed to USB and now changes to Ethernet. A hospital environment with a copay for example in old days would require direct integration between the check-in device and the credit terminal. Which payment processor becomes an issue along with who writes the code.Nowadays you can offload the credit portion via cloud services and all that is required on the check-in or check-out terminal is simple HTTP and JSON call for authorization. The credit device takes over, conducts the transaction (thru preferred provider) via EMV certified kernel and then notifies the check-in/check-out that the transaction is complete.
You eliminate the development cost, and the credit devices can be leased monthly to reduce the upfront cost of going EMV.
You do need an ethernet connection though.
“The kiosk industry is more fragmented than retail/restaurant,” Hudock said. “This means that there are often multiple constituents involved in delivering the kiosk that need to be involved in the upgrade process, including hardware OEMs, software developers, payments middleware providers, payment processors and installers. Kiosk upgrades tend to take a little more time and planning than retail/restaurant due to the number of involved parties.”
Some of the reluctance for kiosk deployers to adopt EMV is understandable. If the kiosk is near the end of its life cycle, a deployer may choose to ride it out until it’s time to replace the entire device. In addition, the relatively low transaction averaged for many kiosks translates to less overall chargeback risk, which in turn means less incentive to upgrade.
Should a deployer choose to skip making their units EMV compliant, though, at the very least they should place additional attention on security to minimize the possibility of fraud. Those steps could include data clearing technology and secure browsers, end session on a particular page, session timeouts and so forth. In addition, point-to-point encryption and tokens are valuable security measures. P2PE ensures that card data is encrypted at the time of card insertion and maintains that encryption until it’s routed offsite. Tokens ensure that card data is not stored locally for voids or recurring transactions.
“There is less risk of internal compromise of data for a kiosk due to the hardened nature of the casework, but the largest card data security problem facing kiosks is likely card skimmers,” Hudock said. “Because these are generally placed on top of an existing reader, the card is skimmed before security measures like encryption or EMV would have any impact. Merchants need to periodically check their kiosks to confirm that they haven’t been tampered with.”
And as EMV cards and terminals become ubiquitous, banks’ authorization parameters may evolve to limit fallback approvals.
“A kiosk operator who doesn’t upgrade to EMV may find it harder and harder to get a positive mag stripe authorization,” Englebardt said.
“Notwithstanding the liability shift, banks seek to avoid the risk of counterfeit card chargebacks that trigger replacement/reissuance costs and cardholder attrition,” he said. “So revenue erosion is an additional long term business risk for kiosk operators not adopting EMV.”
Other Problems with EMV
So you reside in U.S. and all your cards (for the last year) are the sturdier Chip cards right? And no problems since right?Well, not exactly. The process of manufacture still has kinks. Personally two of my cards have failed just due to electronic failure (both of them from Chase). So malfunctioning cards are a problem.
My Chip cards have needed to be replaced due to fraud instances twice (rarely did before). I am a low volume very restricted credit card user (except for online accounts). Why the increase of breaches?
At the end of the day, though, what’s likely to motivate deployers to upgrade their devices will be the news of a major chargeback and fine associated with a device that wasn’t EMV-compliant.
“There are beginning to be some fines but not publicized and none that would be considered punitive by any measure,” said Geoff Leopold, division manager with Heartland Payment Systems. Still, it’s likely just a matter of time before a major incident occurs.
In addition, some payment processors have begun charging their customers EMV non-compliance fees. Those fees can vary, coming as a flat monthly or annual charge or a percentage of the deployer’s processing volume.
“The bottom line is that processors and banks want you to move to EMV equipment because it’s more secure for everyone,” write Ellen Cunningham in an article on the website CardFellow.com. “If you’ve been holding off on EMV-capable equipment you may want to think about upgrading before more processors begin imposing expensive fees.”
How EMV works.
EMVCo manages EMV specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. EMVCo is a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.
US Payments Forum — The U.S. Payments Forum (the “Forum”) is a cross-industry body focused on addressing issues that require broad cooperation and coordination across many constituents in the payments industry. Part of Secure Technology Alliance (see below).
The EMV Connection website provides up-to-date EMV migration information and educational resources. One of those is Chip Cards Facts-at-a-Glance. It is now US Payments Forum.
EMV Resources page of the Card Acquiring Service (CAS). Offers information and links to helpful EMV information, including the federal government’s move to EMV chip and PIN-enabled card acceptance.
Secure Technology Alliance — The Alliance brings together leading providers and adopters of end-to-end security solutions designed to protect privacy and digital assets in a variety of vertical markets.
“This partnership delivers an affordable, semi-integrated EMV solution for self-service markets,” said Scott Dowty, chief revenue officer at Apriva. “Kiosk retailers, micro-markets, vendors and other self-service merchants can increase their revenues by accepting more forms of cashless payments, easily integrated via Windows or Linux SDK, and reducing their PCI scope through end-to-end encryption.”
The interactive self-service OTI kiosk payment solution is available in the U.S. through OTI’s Las Vegas-based distributor, Unattended Card Payments Inc.
Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market was last modified: November 7th, 2018 by Kiosk Industry
ROSH PINNA, Israel – October 30th, 2018 — On Track Innovations Ltd. (OTI) (NASDAQ: OTIV), a global provider of near field communication (NFC) and cashless payment solutions, has received a renewed Interbank Network Interac certification, which now allows Canadian businesses to integrate OTI’s secure cashless payment solutions into vending machines, kiosks and other unattended devices throughout Canada.
Interac Corp. operates an economical, world-class debit payments system with broad-based acceptance, reliability, security, and efficiency. The organization is one of Canada’s leading payments brands and is chosen an average of 16 million times daily to pay and exchange money.
“We are pleased to announce that we have received the Interac certification, reaffirming our commitment to remain at the forefront of innovation within the exciting Canadian unattended payment market,” said Shlomi Cohen, CEO of OTI. “Canada has over 59,000 automated teller machines and over 450,000 merchant locations accessible through the Interac network, making this certification essential to doing business in Canada. I look forward to addressing this significant market opportunity by leveraging our continued technological advantage and aggressive new sales efforts nationwide,” concluded Cohen.
On Track Innovations (OTI) is a global leader in the design, manufacture, and sale of secure cashless payment solutions using contactless NFC technology. OTI’s field-proven innovations have been deployed around the world to address cashless payment and management requirements for the Internet of Payment Things (IoPT), wearables, automated retail, and petroleum markets. OTI distributes and supports its solutions through a global network of regional offices and alliances. OTI is the proud recipient of the 2017 AI Award for Best Cashless Payment Solutions Provider – Israel. For more information, visit www.otiglobal.com.
Safe Harbor / Forward-Looking Statements
This press release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 and other Federal securities laws. Whenever we use words such as “believe,” “expect,” “anticipate,” “intend,” “plan,” “estimate” or similar expressions, we are making forward-looking statements. For example, we are using forward-looking statements when we discuss our expectations regarding our growth or profitability, reduction of costs and expenses, expected divestitures, plans for our existing and new products and services, penetration of new markets and securing new customers, contributions of our regions to our growth, resolution of our outstanding patent infringement claims, strengthening of our balance sheet and deliver long-term shareholder value. Because such statements deal with future events and are based on OTI’s current expectations, they are subject to various risks and uncertainties and actual results, performance or achievements of OTI could differ materially from those described in or implied by the statements in this press release. Forward-looking statements could be impacted by the effects of the protracted evaluation and validation periods in the U.S. and other markets for contactless payment cards, or new and existing products and our ability to execute production on orders, as well as other risks and uncertainties, including those discussed in the “Risk Factors” section and elsewhere in our Annual Report on Form 10-K for the year ended December 31, 2016, and in subsequent filings with the Securities and Exchange Commission. Although we believe that the expectations reflected in such forward-looking statements are based on reasonable assumptions, we can give no assurance that our expectations will be achieved. Except as otherwise required by law, OTI disclaims any intention or obligation to update or revise any forward-looking statements, which speak only as of the date hereof, whether as a result of new information, future events or circumstances or otherwise.
In UK shops that use the technology, including supermarkets such as Waitrose, there were reports of long queues, and several businesses took to social media to advise customers to bring cash with them.
Seems like the Cabbies really took the hit.
Verifone back online after outage on card machines was last modified: May 18th, 2018 by Kiosk Industry
Industry observers agree the unattended sector has lagged attended retail in adopting EMV. Payment equipment manufacturers have introduced a number of EMV-compliant devices, but many terminals have yet to implement them.
John Menzel, senior self service solutions manager at Ingenico Group, a leading payment equipment manufacturer, recently offered his insights on progress in the self service sector toward EMV compliance.
Following are Menzel’s answers to questions posed by Kiosk Marketplace.
Q: What is the current state of EMV adoption in self-service?
A: EMV adoption in the self-service industry is still in the beginning stages of adoption. However, there are steps being taken from both a hardware and software perspective to increase the security of the payment devices deployed in self-service.
This includes PCI-certified devices running in a point-to-point-encrypted environment with secure read encrypted device capability, known as SRED. In this manner, all card data is encrypted at the time of the transaction to ensure security. This is an interim step before full EMV compliance.
Q: How do EMV compliance regulations affect kiosk operators?
A: Gaining EMV compliance is a process which needs to be completed any time a new combination of payment device, software and gateway/processor is created. The steps taken include utilizing PCI-certified devices, working with qualified security assessor auditors, working with certified payment gateway providers and changing the flow of the software applications to support EMV tags, etc.
So it is a step-by-step process that is a different motion and requires different partners than operating in a nonsecure world. Couple this with the fact that many operators don’t feel the need to upgrade, since they are not currently liable for fraudulent transactions under $20.
Q: What are the benefits of EMV technology?A: There are many benefits of utilizing a PCI-certified EMV solution, including insuring not only end-to-end security of the payment transaction, but insuring rogue devices and skimmers can’t be inserted or card readers removed without anti-tamper switches going off.From a consumer perspective, it gives them confidence to utilize their payment cards when making a purchase at an EMV-enabled self-service kiosk, which provides a similar experience to that which they are used to at a brick-and-mortar retailer.
From an operator perspective, it gives them the future protection of being EMV compliant, especially as higher ticket items are being offered from unattended solutions, like Best Buy’s kiosks.
Q: How does EMV acceptance improve the customer experience?
A: The more the self-service industry can emulate the brick-and-mortar experience, the better. Consumers are now used to inserting their chip cards into EMV readers at supermarkets, retail stores, quick-serve restaurants and more. Consumers understand EMV use — dipping their chip card into a reader — is supposed to be more secure. Implementing EMV at self-service gives them that security and confidence.
Q: How can kiosk operators seamlessly make the switch to EMV?
A: I wouldn’t call it a seamless experience to upgrade from non-PCI compliant, non-EMV solutions. It is more an evolution with incremental steps being taken.
This includes utilizing PCI-certified payment devices, upgrading the software applications to be EMV compliant, utilizing payment gateways that can operate in P2PE manner and undergoing quality security assessor audits of the end-to-end solution.
The future state of self-service is turning the kiosk into a stand-alone store, and secure payment is one of the services that needs to be offered and integrated into the solution for it to be effective.
Elliot Maras is the editor of KioskMarketplace.com and FoodTruckOperator.com.
Ingenico EMV Q&A – EMV adoption in the self-service industry: What’s taking so long? was last modified: April 20th, 2018 by News Editor
EMV system compliance has taken longer than many expected due to the complexity of integrating certified hardware with software and processors. Part 1 in a two-part series explores why the transition has taken so long, especially in the unattended retail sector.
“It does seem like it could be going better on the deployment side,” said Frank Olea, CEO of Olea Kiosks Inc., a kiosk designer and manufacturer. He said the payment processors have to become familiar with EMV-compliant hardware, which takes time.
“The retailers all have to change to this technology, so there is a rush on equipment, and there’s a rush on certification,” said Paul Burden, director of software a Meridian Kiosk.
“EMV requires communication in both directions [between the processor and the chip card],” said Greg Burch, vice president of strategic development at payment equipment manufacturer Ingenico Group. “The complexities of that are much more than traditional magstripe.”
“It’s a more complicated integration,” agreed Rob Chilcoat, president of operations at UCP Inc., an EMV compliance consultant that assists companies with EMV migration. “Every link in the chain has to be certified.”
“These smart terminals actually package and encrypt the data before it ever leaves the device, which is a concept called point-to-point encryption,” Chilcoat said. “Combined with Derived Unique Key Per Transaction, that is what ultimately provides the security assurances to the merchants and the kiosk providers that their system won’t ever be the source of a significant breach of customer card data.”
A year after the US deadline, EMV compliance lags: Part 1 — What’s causing the delay? was last modified: April 19th, 2018 by Kiosk Industry
Reprinted with permission.. Protect Yourself From Fraud and Identify Theft In 2018 Fraud protection. Unfortunately, we live in a time when identity theft and fraud are running rampant. Almost every month we hear of major security breaches, with companies like Yahoo, Uber, Equifax, and Dropbox all compromised. When these types of breaches occur, millions of usernames and passwords are hacked, often resulting in identity theft and fraud. So what can you do to protect yourself in 2018? What steps can you take to ensure that you don’t get hacked? We’re going to break down the how, what, and why of protecting yourself, touching on everything from your digital accounts to … Continue reading Protect Yourself From Fraud and Identity Theft In 2018 →
The end of the swipe-and-sign era is right around the corner, and merchants such as bars and restaurants could face major risk as of October if they haven’t migrated their point of sale systems to accept EMV.
If you concern yourself with the kiosk industry enough to read this article it probably isn’t the first time the terms “chip and pin” or “EMV” have come up in your workweek. In this write-up I hope to address some common misconceptions about EMV and how it effects kiosk manufacturers, ISOs, and kiosk business owner/operators. By the end you should have a good idea of what it takes for all of these groups to get their products past the “EMV capable” finish line.
It is not just the hardware:
EMV hardware manufacturers and distributors have spent the last few years focused on educating ISV/ISOs and hardware integrators that EMV is not just a matter of buying a new piece of hardware. A true solution is dependent on a marriage of hardware and software; and as marriages go it also entails a commitment. More on that to come…
EMV Level 1 means that a device physically meets EMV specifications for chip (contact), and in some cases NFC (contactless).
EMV Level 2 means that the firmware on a device performs to EMV processing specifications.
Both EMV Level 1 and Level 2 are the responsibility of terminal manufacturers. This hardware can be described as “EMV ready.”
Level 3 is achieved when a developer marries a device meeting the aforementioned Level 1 and 2 EMV specifications with their software, and commits to certifying it with a processor or processors, and then the card brands. This fully developed and certified solution can be described as “EMV capable.”
The cost and level of commitment:
The cost of this commitment can definitely set you back more than a designer engagement ring, depending on the ring of course. The cost and level of commitment varies greatly depending on the developer’s goals.
A developer can choose to pursue a direct certification with a processor (fully integrated) or decide to use a payment gateway which has already made a commitment to certifying a piece of hardware with a processor(s) (semi-integrated).
Fully integrated vs. semi-integrated:
A fully integrated approach to EMV is a time consuming a very costly endeavor and the end solution is fully within PCI scope. Historically speaking a fully integrated solution can easily take 8 to 12 months to develop and certify. The cost will be well over $100K all-in considering time, tools, and certification testing. Then rinse and repeat for each processor you want to certify with.
A semi-integrated approach allows you to leverage the commitment of another company to complete your solution in a matter of weeks, and at an enormously reduced cost. In addition to the cost factor a semi-integrated solution also allows you to piggyback on your gateway partner’s PCI-DSS compliance. A semi-integrated approach eliminates your need for full-blown PCI and EMV evaluation. In most cases semi-integrated system architecture will allow for a PCI Self Assessment Questionnaire (SAQ) to obtain your attestation of compliance.
I hope after reading this you have a better understanding of why just picking a piece of hardware that meets EMV Levels 1 and 2 doesn’t make a EMV capable solution. The Liability Shift is coming in October and we are here to help you prepare. For more answers to your questions, and for information on middleware available to you, please contact Unattended Card Payments Inc. at (702) 802-3504 or by emailing firstname.lastname@example.org
Industry Insight EMV Kiosk – Getting past the Finish Line was last modified: January 18th, 2018 by News Editor
Let’s face it. When it comes to the U.S. EMV liability shift, there is conflicting information about what it is, who it impacts, and even when it actually starts. We’d like to finally put an end to the confusion and equip you with the facts.
In this webinar. our payment experts will address common misconceptions and provide answers to frequently asked questions, such as:
What is EMV?
What does it take to become EMV-ready?
Can EMV prevent card data breaches?
Does EMV ensure PCI compliance?
When is the migration deadline and what happens after that date?
Featured speakers: Greg Burch, VP of Mobility and Business Development, Ingenico Group / North America Allen Friedman, VP of Payments Solutions, Ingenico Group / North America
EMV Myths Debunked – Ingenico Webinar Tomorrow was last modified: January 18th, 2018 by News Editor
With the arrival of Apple Pay and, more recently, Android Pay, consumers are becoming more comfortable with alternative ways of paying that don’t involve credit card swipes. And now, with the U.S.’s transition to EMV – smart cards that store data on chips instead of magnetic stripes, which offers increased security – many business owners will have to upgrade their hardware in order to support these newer chip-and-PIN cards.
Today, PayPal unveiled its strategy to compete amid all the changes taking place in the payments landscape with the unveiling of its PayPal Here Chip Card Reader in the U.S. The reader now supports not only EMV, but also magnetic stripe cards and NFC, including Apple Pay, Android Pay, Samsung Pay, and more.
As PayPal VP and GM Brad Brodigan explains, consumers today expect to “pay anywhere, anytime and any way they please,” which is why the company needed to enter the game with a multi-functional card reader. At the same time, businesses themselves are preparing for the EMV liability shift taking place on October 1, 2015. At that time, merchants who won’t accept chip cards will become liable for point-of-sale fraud when customers use their chip cards – a strong incentive to encourage business owners to upgrade their hardware. That’s where the PayPal Here reader comes in.
More than a month after the October 1 deadline, some reports estimate that only a third of merchants have migrated to EMV-capable credit card readers. At the same time, larger retailers say the new standard doesn’t go far enough.
Version 3.6 of KioWare for Android (Lite, Basic, & Full) now supports Android Marshmallow (6.0). Users running Android 6.0 can now use KioWare to safely secure their tablets or phones to approved websites or applications.
KioWare Basic for Android and KioWare Full for Android (Version 3.6) also include support for EMV certification via Credit Call’s mPOS CardEaseMobile framework which works on Android 5.0 and newer. With support for this framework, EMV certified transactions and refunds can be run on a tablet using compatible devices. For a full device list,visit our website.
KioWare Lite, Basic, & Full for Android also now support native PDF files, allowing PDF viewing. Version 3.6 of KioWare for Android also offers a user agent feature, appending custom text to the browser user agent. This feature allows the web server to detect that a kiosk is requesting the webpage and enables users to set the kiosk display to be different from basic web browsing content. This feature can also be used for analytics and reporting.
Users of KioWare for Android should update their version of KioWare to version 3.6, particularly if it will be securing a device running Android 6.0 or later. Current support is required in order to update.
For a full description of new features for the entire KioWare for Android product line, visit our site.
At the annual NRF Conference & EXPO, Retail’s BIG Show, in New York City, Ingenico Group , global leader in seamless payment, announced a new partner program intended to help accelerate EMV and… | January 17, 2016
The Creditcall EMV Virtual Terminal is a convenient way to test your EMV implementation without requiring a physical EMV terminal.
Fortunately the Creditcall EMV Virtual Terminal is designed to emulate an EMV terminal. This makes for a quick and affordable way to test EMV contact and contactless NFC payments in your application without purchasing EMV hardware.
In this article we’re going to cover how to use the Creditcall EMV Virtual Terminal with KioskSimple kiosk software.
Step 1: Register for a Creditcall WebMIS Sandbox Account
This article will cover how to use the Creditcall EMV Virtual Terminal with KioskSimple.
The only configuration necessary is to enter your WebMIS Terminal Id and Transaction Key under the Transaction Settings tab. As you can see in the screenshot below, the Terminal ID and Trans ID (Transaction Key) just need to be populated.
We’ve went ahead and included screen shots of the Device Settings and Server Settings tabs for your reference, but you shouldn’t need to change these values in order to use the Creditcall EMV Virtual Terminal.
Creditcall EMV Virtual Terminal Transaction Settings. The Terminal ID and Trans ID still need to be populated.
Creditcall EMV Virtual Terminal Device Settings
Creditcall EMV Virtual Terminal Server Settings
Step 4: Configuring KioskSimple to Show the Creditcall EMV Virtual Terminal
By default, KioskSimple blocks popup windows and 3rd party applications from running to ensure a smooth user experience at your kiosks or POS.
We’ll want to disable this feature in order to use the Creditcall EMV Virtual Terminal since it’s a 3rd party application.
This can easily be accomplished by changing the setting Enabling Closing Popup Windows to OFF as shown below.
Popup blocking disabled in KioskSimple
Now that we’ve configured KioskSimple to not block the Creditcall EMV Virtual Terminal we need an easy way to switch to it while KioskSimple is running.
I prefer to disable the filtering of the Windows hotkey ALT-TAB as shown below, which allows you to easily switch between open applications.
Disabling the ALT-TAB hotkey in KioskSimple
Step 5: Launching the Creditcall EMV Virtual Terminal
Step 6: Running an EMV Test Transaction in KioskSimple
Once the example is setup, you can take the following steps to launch KioskSimple and run some EMV test transactions.
Select “Try the Demo” and then “Test Mode”.
When you’re done press ESC and any password will work while KioskSimple is unregistered.
Please contact us and we’ll get you up and running quickly. We offer free phone and email technical support for all of our code examples. Try finding that anywhere else in this industry.
We’re dedicated to making your next kiosk or POS project a success and are happy to hold your hand through the hardware integration.
Las Vegas, March 29, 2016 – SlabbKiosks, a leader in self-service technology, announced today that it has partnered with Ingenico Group, the global leader in seamless payment, to bring secure, EMV-enabled unattended payment devices to the market. SlabbKiosks, well known for its customized kiosk solutions, will utilize Ingenico Group’s unattended payment solutions, and become a member of the company’s Unattended Partner Program.
According to Mike Masone, Sales Director at SlabbKiosks, “Ingenico Group’s iSelf series represents a departure from typical payment devices. The solutions were designed from the ground up for unattended environments, and Ingenico Group provides unparalleled support, by making in-house engineering and support personnel available to our customers. These customers are spread across many verticals but their needs remain the same – to have simple and secure payment applications developed for their unattended applications.”
Ingenico Group’s Unattended Partner Program will allow SlabbKiosks to provide secure, EMV- and NFC-enabled unattended self-service payment solutions via its various kiosk models and customized hardware solutions. The Program was designed to facilitate integration among partners allowing them to offer turnkey unattended solutions for a wide variety of uses with secure EMV and NFC payment acceptance built in.
Bruce Rasmussen, Director of Strategic Verticals for Ingenico added, “We’re seeing high demand for unattended payment solutions. Companies such as SlabbKiosks want to protect their customers from post-EMV deadline fraud liability, while enabling consumers to pay using the latest payment methods, including Apple Pay and Android Pay. We’re looking forward to working closely with SlabbKiosks to bring its new turnkey solutions to market.”
SlabbKiosks is a leading international manufacturer and distributor of cost effective, interactive kiosks. The company has installed and customized interactive kiosks for thousands of clients in over 150 countries and distinguishes itself from the competition by offering the latest in technological advancements including the wireless kiosk, while utilizing high quality components with designs that facilitate quick and efficient maintenance of their units.
Great EMV kiosk case study by Creditcall on our KioskSimple integration with their EMV Payment Gateway. RedSwimmer was looking for a way to provide EMV compliance to users of their kiosk software, KioskSimple. The Challenge RedSwimmer was looking for a way to provide EMV compliance to users of their kiosk software, KioskSimple. Many of RedSwimmer customers are … Continue reading “Creditcall KioskSimple EMV Case Study”
How the EMV Kiosk Works
Both developers and business owners realized the need for an outside party in activating EMV compliance and this is where ChipDNA supported RedSwimmer’s client initiatives.
EMV Kiosk – Creditcall KioskSimple EMV Case Study was last modified: January 18th, 2018 by Kiosk Industry
Editors Note: New kiosk software release KioWare for Windows (Version 8.7)! New accessibility features are now available (such as ZoomText and JAWS for the visually impaired). Support for EZ® Access Keypad. (See upcoming Accessibility Seminar). Also added are a number of new devices, including an EMV compliant option using the Elavon processor via the OTI Trio (see UCP). Other devices that have been added include Raw Windows printer device support, monitored device support, barcode readers supporting SNAPI, Bill dispensers, acceptors, and recyclers.
Jim Kruper President of KioWare said, “New features in this release provide significant advances in our ability to support ADA compliant deployments and the expansion of options and devices available for transactional kiosk projects.”
Here are the details (note the new “Assistive Technologies” tab in the config tool image below):
Learn more about Accessibility at government site for ADA. Next seminar is 9/27.
Press Release Copy – Version 8.7 of KioWare for Windows is now available. This version adds extensive assistive technologies for visual and hearing assistance as well as a number of new devices such as barcode readers supporting SNAPI, new bill acceptors, dispensers & recyclers, raw printer support and more.
Analytical Design Solutions Inc. (ADSI) has released a new version of KioWare for Windows kiosk software, with new assistive technologies for improved accessibility.
KioWare kiosk software products lock down your device into kiosk mode, which secures the overall operating system, home screen and usage of applications.
support configuration settings can be found in the KioWare Config Tool’s new Assistive Technologies tab. Support for the ZoomText® Magnifier/Reader has also been added. ZoomText is a fully integrated magnification and screen reading program. Also found in the new Assistive Technology tab is support for the EZ® Access Keypad, software navigation keypads for people with mobility or sensory impairments. These features, now available in KioWare Lite, KioWare Basic, & KioWare Full for Windows, combine to help make your kiosk compliant with Section 508 and ADA regulations. These assistive technology applications must be purchased separately.
KioWare Basic and KioWare Full for Windows Version 8.7 has added a number of new supported devices and supported device types:
Raw Windows Printer device support
Any printer that installs a Windows driver
PJL Printer Monitoring Support
Barcode Readers supporting SNAPI
OTI Trio device support providing EMV support through Elavon
Fujitsu F53 Bill Dispenser
CashCode Bill Acceptors
MEI Bill Acceptors
MEI BNR (Bank Note Recycler)
KioWare for Windows (Lite, Basic, & Full) now requires Windows 7 or higher. With version 8.7, Vista will no longer be supported. The browser is now updated to Chrome 52. Additional features for Lite, Basic, & Full includes:
Ability to use “Scheduled Actions” settings to execute a command line
Support for mapping key combinations to actions (HotKeys)
Addin support for handling downloads
Context (right click) menu customization and support
New attract screen mode (simple attract looper) features
Customs Duty Payment Kiosks Upgraded to EMV While Passing Ten-Year Milestone
November 14, 2017 – YORK, PA. Bermudians love to travel and shop, in fact Bermuda residents are among the most traveled populations in the world. In 2006, Bermuda’s H.M. Customs authority recognized the need to help speed travelers through the arduous task of completing a declarations form and paying duty tax. HSBC, the world’s largest bank, and their Bermuda branch saw the opportunity to help the local government and commissioned Livewire Digital to create new self-service terminals to electronically calculate and pay for the duty tax assessed on purchases made abroad.
Since going live in May of 2007, over 100,000 travelers have used the kiosks annually to complete the declarations process and pay their duty tax via credit card. The kiosks have undergone several minor hardware and software upgrades throughout the past ten years, although the most significant upgrade for security purposes has just been completed. When EMV payment technology became readily available for the self-service market in 2016, HSBC and Livewire began the planning process to update the outdated card swipe equipment with new EMV-based processing that offers point-to-point encryption of card data and secure chip-and-pin security to card holders. The duty payment kiosks now feature Ingenico smart terminals to allow payment via card swipe with signature, chip and pin entry, and NFC/contactless reading. Livewire’s payment gateway partner, FreedomPay, provides the PCI certified process that ensures complete security of HSBC’s customers’ payment card information from the point of data entry to the card processor’s servers.
“It’s great to see systems such as this evolve to continually improve security and the customer experience” said David McCracken, Livewire Digital’s President and CEO. “It’s hard to imagine that these kiosks have been in place for over ten years now and required very little TLC throughout that time span. I believe that points back to the robustness of the original process that HSBC and Livewire designed together, as well as the self-service hardware and software expertise that Livewire has built over the past twenty years.”
About Livewire Digital
Livewire is a leading provider of transactional self-service payment kiosks. Livewire’s many turnkey solutions increase revenue and productivity for its customers, while lowering overhead and providing seamless integration. Livewire provides cutting-edge software, hardware, and system integration, bringing the necessary puzzle pieces together to increase customer engagement and create a better end-user experience. LivewireDigital.com
Customs Duty Payment Kiosks Now EMV was last modified: January 18th, 2018 by News Editor
Excerpt — NEW YORK CITY — Ingenico Group said year-over-year shipments of its iSelf Series cashless payment systems grew more than 200%. New additions to Ingenico’s unattended partners program, launched a year ago, have accelerated sales, the company reported. Ingenico products are used by the vending, education, retail, hospitality and parking industries.
Ingenico Group said it saw its single largest deployment of unattended payment solutions in 2016. New unattended partners include Vengo Labs, which makes a wall-mounted touchscreen vending machine, along with Bank of America, Bluefin, Shift4 and Vantiv. The program’s 22 members consist of kiosk, value-added and payment solutions providers. It also serves system integrators that create the ecosystem necessary for secure unattended payments.
Ingenico’s PCI-certified iSelf Series is EMV and NFC capable. The all-in-one iUC285 contact and contactless standalone module for self-service businesses is the most popular terminal/reader in the series. Over the past two years, the company says it created more than 10,000 purchase points with its unattended terminals.
Connected Technology Solutions, Flex, Image Manufacturing Group, Kiosk Information Systems, Olea Kiosks, SlabbKiosks and Zivelo are other kiosk makers that use Ingenico’s products. Intouch, Livewire and Nanonation are among the system integrators working with Ingenico.
Ingenico Group’s Unattended Partner Program Drives Deployment Of Cashless Terminals On Kiosks was last modified: October 18th, 2017 by Kiosk Industry