Tag Archives: emv

EMV Kiosk – On Track Innovations Receives Interac Certification for Canadian Market

Originally published on https://www.otiglobal.com/pr-news-events/on-track-innovations-receives-interac-certification-for-canadian-market/

ROSH PINNA, Israel – October 30th, 2018 — On Track Innovations Ltd. (OTI) (NASDAQ: OTIV), a global provider of near field communication (NFC) and cashless payment solutions, has received a renewed Interbank Network Interac certification, which now allows Canadian businesses to integrate OTI’s secure cashless payment solutions into vending machines, kiosks and other unattended devices throughout Canada.

Interac Corp. operates an economical, world-class debit payments system with broad-based acceptance, reliability, security, and efficiency. The organization is one of Canada’s leading payments brands and is chosen an average of 16 million times daily to pay and exchange money.

“We are pleased to announce that we have received the Interac certification, reaffirming our commitment to remain at the forefront of innovation within the exciting Canadian unattended payment market,” said Shlomi Cohen, CEO of OTI. “Canada has over 59,000 automated teller machines and over 450,000 merchant locations accessible through the Interac network, making this certification essential to doing business in Canada. I look forward to addressing this significant market opportunity by leveraging our continued technological advantage and aggressive new sales efforts nationwide,” concluded Cohen.

About OTI

On Track Innovations (OTI) is a global leader in the design, manufacture, and sale of secure cashless payment solutions using contactless NFC technology. OTI’s field-proven innovations have been deployed around the world to address cashless payment and management requirements for the Internet of Payment Things (IoPT), wearables, automated retail, and petroleum markets. OTI distributes and supports its solutions through a global network of regional offices and alliances. OTI is the proud recipient of the 2017 AI Award for Best Cashless Payment Solutions Provider – Israel. For more information, visit www.otiglobal.com.

 

Safe Harbor / Forward-Looking Statements

This press release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 and other Federal securities laws. Whenever we use words such as “believe,” “expect,” “anticipate,” “intend,” “plan,” “estimate” or similar expressions, we are making forward-looking statements. For example, we are using forward-looking statements when we discuss our expectations regarding our growth or profitability, reduction of costs and expenses, expected divestitures, plans for our existing and new products and services, penetration of new markets and securing new customers, contributions of our regions to our growth, resolution of our outstanding patent infringement claims, strengthening of our balance sheet and deliver long-term shareholder value. Because such statements deal with future events and are based on OTI’s current expectations, they are subject to various risks and uncertainties and actual results, performance or achievements of OTI could differ materially from those described in or implied by the statements in this press release. Forward-looking statements could be impacted by the effects of the protracted evaluation and validation periods in the U.S. and other markets for contactless payment cards, or new and existing products and our ability to execute production on orders, as well as other risks and uncertainties, including those discussed in the “Risk Factors” section and elsewhere in our Annual Report on Form 10-K for the year ended December 31, 2016, and in subsequent filings with the Securities and Exchange Commission. Although we believe that the expectations reflected in such forward-looking statements are based on reasonable assumptions, we can give no assurance that our expectations will be achieved. Except as otherwise required by law, OTI disclaims any intention or obligation to update or revise any forward-looking statements, which speak only as of the date hereof, whether as a result of new information, future events or circumstances or otherwise.

Investor Relations Contact:

Greg Falesnik
MZ North America
+1-949-385-6449
[email protected]

More Information on OTI

Feature – EMV Self-Service Update for Self-Order Kiosks 2018

EMV Update for Self-Order Kiosks

EMV deadlines have arrived, but many choose to skip the upgrade. EMV is still split into two big camps. One that is compliant and the other which will  be, but not yet.   Our prime supporting sponsor for this update is KioWare. Thanks!

EMV card reader
Ingenico is the largest provider of self-service EMV for unattended and contributed to this resource article.

By Richard Slawsky contributor

Richard Slawsky is an Educator and freelance writer, specializing in the digital signage and kiosk industries.Louisville, Kentucky Area

Which costs more, complying with new regulations or not complying and hoping for the best?

The question is particularly relevant when it comes to kiosk deployers complying with Europay, Mastercard and Visa (EMV) regulations. Invest in upgrading equipment, or run the risk of being hit with chargebacks and fines in the event of fraud?

Although the lack of clear incentives or financial impacts have prompted some to skip those upgrades, it may be wiser to begin the planning process now. When the inevitable kiosk fraud case makes headlines, it will likely set off a compliance rush that may leave some deployers waiting months or years to get their devices upgraded and certified.

Meeting EMV deadlines

The Wikipedia entry for EMV defines it as “a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.” EMV “smart cards” store their data on integrated circuits in addition to the traditional magnetic stripes.

The Path to EMV
  • CC readers as keyboard wedge. They take input & then act like a keyboard echoing out the numbers thru port.
  • Credit companies keep data on unprotected and unencrypted servers.
  • Europe sees better way & requires solid encryption paired with a PIN (aka Chip and Pin).
  • The US defers requiring that for time being and does not follow Europe’s lead.
  • Growth of Internet and rise of credit cards Mastercard and VISA in US agree that encryption is a good thing. Maybe even a PIN…
  • EMV liability timetable put in motion. ATMs hugely affected (in US only) as are retailers.
  • CC readers add encryption in advance. Magtek and IDTech good examples. Instead of open Keyboard Wedges we now have encryption capabilities. No chip, though, and no PIN.
  • Deadline nears – everybody knows it is time to use chips, assuming liability for not doing so is above profit threshold. Somebody that does relatively small transactions will never be a target for stolen credit cards (Redbox e.g.). Does liability outweigh cost of upgrading, and affecting bottom line and potentially share price?
  • Signature used or zip code as presumed id token.
  • Data systems becoming more secure with better firewalls, less physical access, and encryption but most are not.
  • Big incidents (Target) increases pressure to upgrade all systems. Target’s backend was entry point via a vendor with free malware.
  • Nowadays EMV means getting a chip reader. It means securing the back end (ask Equifax…).
  • It used to mean signature too but no more.
  • Does not mean a PIN. With some consumers carrying multiple cards, it is impossible for them to use a secure PIN for each card because they’ll never remember.
  • Card data remains relatively safe on the front end (with CHIP) though there are many who still swipe (40%?) and IT Departments pay more attention to security on back end. One could argue penalties for breaches be increased as money is best motivator. See HIPAA privacy.

Because the chips are supposedly impossible to clone, smart cards offer vastly improved security compared with magstripe-only cards. But while smart cards include a magstripe along with the integrated circuit for backwards compatibility, the improved security only applies when used with an EMV-compliant card reader.

Although EMV compliance is an ongoing process in the United States, EMV technology has been standard in Europe for years with chip-and-PIN standard and contactless payment cards exploding.

“The card I use for business is probably 60% chip and pin 40% contactless by number of transactions, and I don’t think I’ve ever been asked to confirm a contactless payment by providing my pin,” said Nigel Seed, who runs KioWare Europe now. “A lot of people simply mistrust contactless and refuse to ever use it, in fact some people contact their bank and tell then to send them a replacement card without that facility, but busy metro type professionals typically do use it more than the average.”

To incentivize businesses to upgrade their card readers to EMV-compliant devices, the four major U.S. credit card issuers – Visa, MasterCard, American Express and Discover – established Oct. 1, 2015 as the deadline when credit card fraud liability will shift to merchants or processors if they do not have an EMV payment system ready.

If fraudulent card use occurs at a merchant that has not upgraded their equipment to EMV technology, the merchant eats the cost of the chargeback along with any fines or fees that may be levied. If that merchant’s processor has not made an EMV-compliant solution to the merchant, or if the card issuer has not issued EMV-compliant cards to its cardholders, the processor or card issuer assumes the liability.

Despite that deadline, though, deployers of self-service devices have been slow to bring those devices into compliance with EMV, in part due to the complexity and cost of upgrading. Making a kiosk or other self-service device EMV-compliant isn’t simply a matter of swapping out a card reader. Along with upgrading the payment terminal and software, other infrastructure involved in the transaction, such as data storage devices, must be upgraded as well.

EMV compliance affects all systems involved in the payment process, not just the payment terminal. Data warehouses are likely the biggest target of all and the eventual destination of data provided at a public terminal. If a retailer takes that highly encrypted data and then stores it as plain text on some in-house data warehouse that thru the vagaries of Microsoft networking is accessible via a simple vendor logging into a portal, they are vulnerable to EMV compliance issues.

In addition to upgrading hardware, compliance also involves the processor and the card issuers certifying that transactions are originating from an EMV-certified device, and that all software and middleware is PCI-DSS complaint as well as being compliant with international operability standards established by EMVCo, the consortium that manages EMV standards. That process could take several months.

What About A Pin Pad?
When do I need a PIN pad? Here are the basics:

The United States has historically had two kinds of Cardholder Verification Methods (CVM); PIN for debit transactions and signature for credit transactions at attended terminals. A signature was not valid for unattended scenarios under the logic that a kiosk can’t check an ID or signature.

In recent weeks card brands declared Signature to be obsolete and optional in the United States. This really had no impact on unattended as the standard for unattended credit purchases was No CVM.

The vast majority of debit cards issued in the US are called “dual application,” meaning they also carry one of the card brand logos and as such can be used on both debit networks (with PIN) and credit networks (optional signature). Think of the phrase ”Visa check card.” The transaction is performed on the credit network, but the money really comes out of your checking account as opposed to a line of credit.

Acceptance of PIN debit at a kiosk is optional, although there are cases where acceptance of debit is beneficial, such as bill pay kiosks where transactions could be potentially very large. This would be advantageous to a bill pay kiosk businesses when you consider a debit transaction has a fixed cost, while a credit transaction has a percentage of the sale amount fee.

From the perspective of fraud protection it is sort of a non-factor because crooks don’t go around paying their bills with stolen cards. In the case of a kiosk in the mall selling $200 headphones, though, it would be advantageous from a cost of transaction perspective as well as the prevention of card fraud and product loss.

Deciding if having a PIN pad on the kiosk is right for you really comes down to a few factors:

What is the average sale amount, and considering that amount does the potential savings of the fixed cost of a debit transaction vs the % cost of a credit transactions justify the increased hardware cost of adding a PIN pad for debit acceptance? Essentially, what is the ROI of the PIN pad and ability to accept debit?

What is the risk and true cost of loss of product at my kiosk, and does that warrant the cost of a PIN pad?

As an example, let’s say a photo kiosk sale amount maxes out at $50, and using an estimated credit transactional cost of 3.5% as a baseline, transactions will cost $1.75 to run as credit. Given debit transactions typically hover around $1.25/$1.50, the outcome of the financial decision tree says maybe the increased solution cost of the kiosk with PIN pad isn’t showing a strong ROI, or at least one that cannot be realized in the short term.

Furthermore, the risk and cost of lost product is low, and it will take selling a lot of prints to make up for the cost of the PIN pad. In this example it would make sense to forgo PIN debit acceptance at the kiosk and instead process debit cards over the credit network.

“Each payment processor generally drives their own certifications, so timing varies pretty dramatically between payment processing certification teams,” said George Hudock, who handles business development with Datacap Systems, a developer of integrated payment systems.

“Most kiosk providers will use a third-party payments solution to avoid the on-going EMV certifications and maintenance, so most are able to avoid the EMV certifications directly,” Hudock said. “However, EMV certifications for unattended devices generally take 3-5 months once queued.”

Although it’s difficult to tell how many non-EMV-compliant kiosks are out in the field, experts say 50-60 percent of point-of-sale terminals aren’t EMV compliant. It’s likely that the percentage of non-EMV-compliant kiosks is similar. Still, experts say it could be several years before the vast majority of self-service devices in the marketplace are brought in line with EMV regulations.

Overall, the EMV migration in the United States is proceeding as well and as speedily as anyone could reasonably expect considering the somewhat tortured circumstances in which it was launched and the technical complexity and costs of its implementation, said Leland Englebardt, Practice Leader, Financial Services at New York-based UpshotAdvisors.

“Remember, it was not long after Dodd-Frank was enacted, which required many significant changes in payment card infrastructure, economics and rules,” Englebardt said.

“We are beginning to see the results in less counterfeit card fraud, which is good for everybody,” he said. “However, the security of EMV is materially enhanced by adding point-to-point tokenization and encryption. As cyber-crime is now the most active and challenging area of payments fraud, it’s possible that in the near future we will see more mandates and/or liability shifts for those technologies.”

EMV confusion still reigns

Part of what seems to be hampering EMV compliance is a lack of clarity on the part of deployers over where kiosks fall under EMV regulations. Is there a difference between attended and unattended devices? What about those that accept or dispense cash?

According to Visa’s Transaction Acceptance Device Guide Version 3.1, the term Unattended Cardholder Activated Terminal (UCAT) refers to an acceptance device managed by a merchant that dispenses goods or services, at which the card and cardholder are present, but the functions and services are provided without the assistance of an attendant to complete the transaction. These devices include cardholder activated fuel pumps, self-service vending units, and self-service payment devices in parking garages or at parking meters.

Devices that support cash dispensing and provide goods and services must comply with the Visa rules and regulations appropriate to the transaction:

• When dispensing cash, the device is considered an ATM and, therefore, must adhere to the Visa rules and regulations for ATMs.
• When dispensing goods or services, the device is considered a UCAT and must adhere to the Visa rules and regulations for unattended purchases.

Although unattended devices (e.g., ATMs, UCATs) may dispense goods and services as well as cash, transactions involving a purchase with cash back are not allowed. In other words, an unattended device may dispense either cash or goods and services in a single transaction but not both. In addition, UCATs that dispense scrip are not addressed because the Visa rules and regulations prohibit Visa card products from being used for scrip transactions. (Scrip is a two-part paper receipt redeemable for goods, services or cash.)

Attended Cardholder Activated Terminals, such as self-checkout terminals in supermarkets, are not considered UCATs and therefore are not required to meet UCAT requirements.

The guide also mentions a third category, “semi-attended,” to describe Semi-Attended Cardholder Activated Terminals in the Europe Region.

Semi-Attended Tips
If you want to benefit from low cost EFT like Verifone VX820 series (<200USD) and you want to install in Semi-Attended environment you should cover unneeded and unwanted functions by a plastic form.

Pyramid did it for instance in the McD Europe case. The customer can benefit from the low cost EFT and the “white” form embeds the EFT in an elegant and ergonomic way and in same time it covers the magnetic card function on the side of VX820 which would be not needed and would only make customers unsecure which way to use the device. With our embedded form, that ensures that the customer uses or NFC or Chip Card function.

McDonalds EFT
Click for full size

“This has resulted in self-service manufacturers creating a third optional semi-attended solution, in conjunction with VISA, for those situations,” said Frieder Hansen, co-CEO of Germany’s Pyramid Computer. “Instead, for example, a plain IPP350 or 820 being used (attended), or for purposes of a UCAT using Ingenico 250 series, the third solution would be using an inspectable key-lockable option with a terminal like a 350.”

There is a perception that kiosks are always considered unattended from an EMV perspective, said Allen Friedman, VP of Payment Solutions at Ingenico Group.

“This is not always true,” Friedman said. “Some self-service implementations in attended environments where employee assistance is available, like at the grocery store, can be considered attended devices. If there is any time period where no assistance is available, then it is considered an unattended solution.”

There is also a card brand requirement for unattended devices to make a printed receipt available to cardholders for transactions above $15, Friedman said.

“Designs for kiosks intended to provide merchandise or services above that amount should include a receipt printer with their models to insure compliance,” he said.

Taking the risk

Although kiosk deployers are still asking for non-EMV compliant solutions, kiosk manufacturers seem to be coming down firm on needing EMV-compliant payment solutions for any custom deployment. New projects are likely to take EMV into account throughout the process.

On the other hand, some deployers are likely to stick with non-EMV compliant kiosks to the end of their lifespan.

“Deployers aren’t as educated on this as they need to be,” Laura Miller with KioWare said. “They think it doesn’t apply to them, aren’t aware of the risk or think that the risk isn’t high enough to warrant the additional cost.”

EMV-certified options are also still relatively limited, so kiosk providers’ preferred payments providers may not yet have an EMV-certified option for unattended applications.

“Kiosks are also expensive to upgrade to EMV due to a required change in casework to accommodate the updated EMV device,” Hudock said.

EMV & Cloud Services
EMV credit transactions thru the cloud makes things easier. Keyboard wedge changed to HID changed to USB and now changes to Ethernet. A hospital environment with a copay for example in old days would require direct integration between the check-in device and the credit terminal. Which payment processor becomes an issue along with who writes the code.Nowadays you can offload the credit portion via cloud services and all that is required on the check-in or check-out terminal is simple HTTP and JSON call for authorization. The credit device takes over, conducts the transaction (thru preferred provider) via EMV certified kernel and then notifies the check-in/check-out that the transaction is complete.

You eliminate the development cost, and the credit devices can be leased monthly to reduce the upfront cost of going EMV.

You do need an ethernet connection though.
EMV Cloud Service

“The kiosk industry is more fragmented than retail/restaurant,” Hudock said. “This means that there are often multiple constituents involved in delivering the kiosk that need to be involved in the upgrade process, including hardware OEMs, software developers, payments middleware providers, payment processors and installers. Kiosk upgrades tend to take a little more time and planning than retail/restaurant due to the number of involved parties.”

Some of the reluctance for kiosk deployers to adopt EMV is understandable. If the kiosk is near the end of its life cycle, a deployer may choose to ride it out until it’s time to replace the entire device. In addition, the relatively low transaction averaged for many kiosks translates to less overall chargeback risk, which in turn means less incentive to upgrade.

Should a deployer choose to skip making their units EMV compliant, though, at the very least they should place additional attention on security to minimize the possibility of fraud. Those steps could include data clearing technology and secure browsers, end session on a particular page, session timeouts and so forth. In addition, point-to-point encryption and tokens are valuable security measures. P2PE ensures that card data is encrypted at the time of card insertion and maintains that encryption until it’s routed offsite. Tokens ensure that card data is not stored locally for voids or recurring transactions.

“There is less risk of internal compromise of data for a kiosk due to the hardened nature of the casework, but the largest card data security problem facing kiosks is likely card skimmers,” Hudock said. “Because these are generally placed on top of an existing reader, the card is skimmed before security measures like encryption or EMV would have any impact. Merchants need to periodically check their kiosks to confirm that they haven’t been tampered with.”

And as EMV cards and terminals become ubiquitous, banks’ authorization parameters may evolve to limit fallback approvals.

“A kiosk operator who doesn’t upgrade to EMV may find it harder and harder to get a positive mag stripe authorization,” Englebardt said.

“Notwithstanding the liability shift, banks seek to avoid the risk of counterfeit card chargebacks that trigger replacement/reissuance costs and cardholder attrition,” he said. “So revenue erosion is an additional long term business risk for kiosk operators not adopting EMV.”

Other Problems with EMV
So you reside in U.S. and all your cards (for the last year) are the sturdier Chip cards right? And no problems since right?Well, not exactly. The process of manufacture still has kinks. Personally two of my cards have failed just due to electronic failure (both of them from Chase). So malfunctioning cards are a problem.

My Chip cards have needed to be replaced due to fraud instances twice (rarely did before). I am a low volume very restricted credit card user (except for online accounts). Why the increase of breaches?

At the end of the day, though, what’s likely to motivate deployers to upgrade their devices will be the news of a major chargeback and fine associated with a device that wasn’t EMV-compliant.

“There are beginning to be some fines but not publicized and none that would be considered punitive by any measure,” said Geoff Leopold, division manager with Heartland Payment Systems. Still, it’s likely just a matter of time before a major incident occurs.

In addition, some payment processors have begun charging their customers EMV non-compliance fees. Those fees can vary, coming as a flat monthly or annual charge or a percentage of the deployer’s processing volume.

“The bottom line is that processors and banks want you to move to EMV equipment because it’s more secure for everyone,” write Ellen Cunningham in an article on the website CardFellow.com. “If you’ve been holding off on EMV-capable equipment you may want to think about upgrading before more processors begin imposing expensive fees.”

EMV Resources

How EMV works.

EMVCo manages EMV specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. EMVCo is a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.

US Payments Forum — The U.S. Payments Forum (the “Forum”) is a cross-industry body focused on addressing issues that require broad cooperation and coordination across many constituents in the payments industry.  Part of Secure Technology Alliance (see below).

The EMV Connection website provides up-to-date EMV migration information and educational resources. One of those is Chip Cards Facts-at-a-Glance.  It is now US Payments Forum.

EMV Resources page of the Card Acquiring Service (CAS). Offers information and links to helpful EMV information, including the federal government’s move to EMV chip and PIN-enabled card acceptance.

Secure Technology Alliance — The Alliance brings together leading providers and adopters of end-to-end security solutions designed to protect privacy and digital assets in a variety of vertical markets

EMV Contributor Acknowledgements

Thanks to all from us!

 

Ingenico EMV Q&A – EMV adoption in the self-service industry: What’s taking so long?

ingenico kiosk

EMV adoption in the self-service industry – Q&A With John Menzel of Ingenico

Editor’s NoteThis article originally appeared in ATM Marketplace and just recently in Kiosk Marketplace . Thanks! For more information on EMV options we suggest you visit the Ingenico Unattended Self Service website.

Industry observers agree the unattended sector has lagged attended retail in adopting EMV. Payment equipment manufacturers have introduced a number of EMV-compliant devices, but many terminals have yet to implement them.

John Menzel, senior self service solutions manager at Ingenico Group, a leading payment equipment manufacturer, recently offered his insights on progress in the self service sector toward EMV compliance.

Following are Menzel’s answers to questions posed by Kiosk Marketplace.

Q: What is the current state of EMV adoption in self-service?

A: EMV adoption in the self-service industry is still in the beginning stages of adoption. However, there are steps being taken from both a hardware and software perspective to increase the security of the payment devices deployed in self-service.

This includes PCI-certified devices running in a point-to-point-encrypted environment with secure read encrypted device capability, known as SRED. In this manner, all card data is encrypted at the time of the transaction to ensure security. This is an interim step before full EMV compliance.

Q: How do EMV compliance regulations affect kiosk operators?

A: Gaining EMV compliance is a process which needs to be completed any time a new combination of payment device, software and gateway/processor is created. The steps taken include utilizing PCI-certified devices, working with qualified security assessor auditors, working with certified payment gateway providers and changing the flow of the software applications to support EMV tags, etc.

So it is a step-by-step process that is a different motion and requires different partners than operating in a nonsecure world. Couple this with the fact that many operators don’t feel the need to upgrade, since they are not currently liable for fraudulent transactions under $20.

Q: What are the benefits of EMV technology?A: There are many benefits of utilizing a PCI-certified EMV solution, including insuring not only end-to-end security of the payment transaction, but insuring rogue devices and skimmers can’t be inserted or card readers removed without anti-tamper switches going off.From a consumer perspective, it gives them confidence to utilize their payment cards when making a purchase at an EMV-enabled self-service kiosk, which provides a similar experience to that which they are used to at a brick-and-mortar retailer.

From an operator perspective, it gives them the future protection of being EMV compliant, especially as higher ticket items are being offered from unattended solutions, like Best Buy’s kiosks.

Q: How does EMV acceptance improve the customer experience?

A: The more the self-service industry can emulate the brick-and-mortar experience, the better. Consumers are now used to inserting their chip cards into EMV readers at supermarkets, retail stores, quick-serve restaurants and more. Consumers understand EMV use — dipping their chip card into a reader — is supposed to be more secure. Implementing EMV at self-service gives them that security and confidence.

Q: How can kiosk operators seamlessly make the switch to EMV?

A: I wouldn’t call it a seamless experience to upgrade from non-PCI compliant, non-EMV solutions. It is more an evolution with incremental steps being taken.

This includes utilizing PCI-certified payment devices, upgrading the software applications to be EMV compliant, utilizing payment gateways that can operate in P2PE manner and undergoing quality security assessor audits of the end-to-end solution.

The future state of self-service is turning the kiosk into a stand-alone store, and secure payment is one of the services that needs to be offered and integrated into the solution for it to be effective.

 


Elliot Maras
 is the editor of KioskMarketplace.com and FoodTruckOperator.com.

Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market

EMV Solution by Apriva

ROSH PINNA, Israel, Feb. 12, 2018 /PRNewswire/ — Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market

Source: www.prnewswire.com

“This partnership delivers an affordable, semi-integrated EMV solution for self-service markets,” said Scott Dowty, chief revenue officer at Apriva. “Kiosk retailers, micro-markets, vendors and other self-service merchants can increase their revenues by accepting more forms of cashless payments, easily integrated via Windows or Linux SDK, and reducing their PCI scope through end-to-end encryption.”

 

The interactive self-service OTI kiosk payment solution is available in the U.S. through OTI’s Las Vegas-based distributor, Unattended Card Payments Inc.

Verifone back online after outage on card machines

Verifone back online after outage on card machinesVerifone back online after outage on card machines

Shops, football stadiums and taxis were unable to take payments from frustrated customers on Tuesday

Source: www.theguardian.com

In UK shops that use the technology, including supermarkets such as Waitrose, there were reports of long queues, and several businesses took to social media to advise customers to bring cash with them.

 

Seems like the Cabbies really took the hit.

Protect Yourself From Fraud and Identity Theft In 2018 – Digital Business

Reprinted with permission.. Protect Yourself From Fraud and Identify Theft In 2018 Fraud protection. Unfortunately, we live in a time when identity theft and fraud are running rampant. Almost every month we hear of major security breaches, with companies like Yahoo, Uber, Equifax, and Dropbox all compromised. When these types of breaches occur, millions of usernames and passwords are hacked, often resulting in identity theft and fraud. So what can you do to protect yourself in 2018? What steps can you take to ensure that you don’t get hacked? We’re going to break down the how, what, and why of protecting yourself, touching on everything from your digital accounts to … Continue reading Protect Yourself From Fraud and Identity Theft In 2018 →

Source: digitalbusiness.us

Very nice and complete article on Identify Theft and Fraud Protection. Includes specific tips for self-service technology engagements (gas pumps, ATMs, self-checkout, etc).

Customs Duty Payment Kiosks Now EMV

Customs Duty Payment Kiosks Upgraded to EMV While Passing Ten-Year Milestone

November 14, 2017 – YORK, PA.  Bermudians love to travel and shop, in fact Bermuda residents are among the most traveled populations in the world.  In 2006, Bermuda’s H.M. Customs authority recognized the need to help speed travelers through the arduous task of completing a declarations form and paying duty tax.  HSBC, the world’s largest bank, and their Bermuda branch saw the opportunity to help the local government and commissioned Livewire Digital to create new self-service terminals to electronically calculate and pay for the duty tax assessed on purchases made abroad.

Since going live in May of 2007, over 100,000 travelers have used the kiosks annually to complete the declarations process and pay their duty tax via credit card.  The kiosks have undergone several minor hardware and software upgrades throughout the past ten years, although the most significant upgrade for security purposes has just been completed.  When EMV payment technology became readily available for the self-service market in 2016, HSBC and Livewire began the planning process to update the outdated card swipe equipment with new EMV-based processing that offers point-to-point encryption of card data and secure chip-and-pin security to card holders.  The duty payment kiosks now feature Ingenico smart terminals to allow payment via card swipe with signature, chip and pin entry, and NFC/contactless reading.  Livewire’s payment gateway partner, FreedomPay, provides the PCI certified process that ensures complete security of HSBC’s customers’ payment card information from the point of data entry to the card processor’s servers.

“It’s great to see systems such as this evolve to continually improve security and the customer experience” said David McCracken, Livewire Digital’s President and CEO.  “It’s hard to imagine that these kiosks have been in place for over ten years now and required very little TLC throughout that time span.  I believe that points back to the robustness of the original process that HSBC and Livewire designed together, as well as the self-service hardware and software expertise that Livewire has built over the past twenty years.”

About Livewire Digital

livewire digitalLivewire is a leading provider of transactional self-service payment kiosks. Livewire’s many turnkey solutions increase revenue and productivity for its customers, while lowering overhead and providing seamless integration. Livewire provides cutting-edge software, hardware, and system integration, bringing the necessary puzzle pieces together to increase customer engagement and create a better end-user experience. LivewireDigital.com

###

T-Minus Forty! – ATM Armageddon and EMV

ATM EMV and Compliance

ATM EMV

75% of ATMs not converted to EMV before deadline

Source: www.atmatom.com

Why? Well, some call it the “curse of the POS terminal,” where nearly two years after the 2015 POS liability shift, fewer than 50% of merchants have upgraded their POS terminals to EMV. For a number of reasons, many of these procrastinators have yet to be burned by chargebacks.

From Triton ATMatom with permission.

by: Daryl Cornell –Less than a month before the VISAATM liability shift deadline, you would think we would be in the midst of a frantic, last-ditch effort to upgrade or replace all remaining non-EMV ATMs. Well, you would be wrong. Instead, we hear crickets. To be clear, we are talking about another 75% of all ATM transactions which will be at risk for fraud chargebacks in less than a month (MasterCard’s 25% share of ATM transactions has been at risk for nearly a year). So why the lethargy here? Is “ATM-ageddon” real or just more fake news? Here are the latest estimates on the ground, along with some likely outcomes later this year:

Banks and IADs have largely completed their ATM EMV upgrades. While there are exceptions at the local level, banks are for the most part ready for the final ATM EMV liability shift on October 1. Of the roughly 125,000 bank ATMs in the U.S., estimates are that over 110,000 will be EMV ready this October. The remaining non-EMV ATMs are owned by banks which tend to be smaller and who don’t view themselves as fraud targets. In addition to banks, it looks like more than 75% of IAD-owned ATMs will be EMV ready by October. This equates to roughly 135,000 EMV-capable ATMs out of a total estimated IAD population of 175,000. The remaining 40,000 or so IAD ATMs will present more of a challenge. Some are not upgradeable. Many are in low-transaction or low-margin sites which may be culled. While contracts may call for merchants to bear the expense of EMV upgrade, these provisions have proven difficult to enforce. Hard decisions will need to be made by IADs on these non-EMV ATMs regarding risk assumption, upgrade in conjunction with contract renewal or outright removal. The jury is still out on the level of retail ATM contraction we will see here.

Merchant-owned ATMs are NOT EMV ready. It is the estimated 200,000 merchant-owned ATMs which are the real wild card in the looming liability shift deadline. Currently, fewer than 20% of these ATMs are estimated to be EMV capable. That leaves some 160,000 merchant-owned, non-EMV ATMs exposed to both fraud and chargebacks in little mor than a month. Why? Well, some call it the “curse of the POS terminal,” where nearly two years after the 2015 POS liability shift, fewer than 50% of merchants have upgraded their POS terminals to EMV. For a number of reasons, many of these procrastinators have yet to be burned by chargebacks. These merchants argue that it makes perfect sense to take a “wait and see approach” before upgrading or replacing ATM hardware. Plus, the gas deadline, originally scheduled for this year, has now been extended to 2020. And there’s always a chance for a last minute ATM reprieve, right? Perhaps, however we are talking about cash, combined with persistent, sophisticated criminals and mag stripe fraud totaling $ billions annually. Whether these non-EMV ATMs will be turned off or whether IADs, sponsor banks and processors allow merchants to play “liability shift Russian roulette” will ultimately determine the number of merchant ATMs still operating after October.

ATM contraction is still a likely outcome. Clearly the stakes are high when it comes to liability shift on non-EMV ATMs. Mag stripe ATMs will probably still total over 200,000 at the onset of the VISA liability shift. Unlike POS, retail ATMs and their cash are high-value targets for fraudsters. Will VISA and the other networks blink and continue to absorb fraud losses at non-EMV ATMs? Will IADs be able to rely on contract provisions to protect them from those chargebacks which do flow? Is the liability shift risk worth the reward at these generally low transaction sites? While the answers to all of these questions will determine the degree of contraction, it would appear that there will be far fewer retail ATMs in operation in the U.S. by early 2018 – as many as 40% fewer.

Finally, given the 60-90 days it takes chargebacks to wind their way through the system, we could see a fair amount of coal in merchant stockings this Christmas Season.

Kiosks vs. Mobile Apps: A Face-Off of Restaurant Tech

Nice write up on kiosks versus tablets in the QSR ordering space.

Source: globenewswire.com

When it comes to mobile apps vs. kiosks in the restaurant field, here’s why some experts give the edge to using a self-service ordering device over a mobile app:

Excerpt:

What has made kiosks particularly enticing to consumers is their efficiency.

Customers want to buy products that are easily available, within their budget and present the required information pertaining to ingredients, product details, nutritional value and others. Products and information provided at kiosks quickly cater to those demands.

“When kiosks first came along, there was a learning curve for users,” Vasa said. “It took them some time to figure them out. As time has gone on, kiosks are everywhere. Exposure has helped people understand the technology and become more comfortable with it. Kiosks no longer are seen as potential obstacles, but rather as necessities.”

Juke Slot develops automated technology designed to facilitate faster service and provide entertainment for consumers in the casino, hospitality and restaurant industries. Its Android-based kiosks’ sole purpose is to provide faster service and entertainment to the everyday public environment, with customized application capabilities based on customer needs.

The company’s device provides a tableside ordering, custom designed EMV-certified hardware solution that enables secure transactions. Juke Slot’s lineup also features a standup touchscreen kiosk aimed at the quick service industry.

Juke Slot focuses on giving its customers more control of their operation — over their customer ordering process, over their onsite marketing and over their business processes.

For more information or to purchase Juke Slot’s software or kiosks, email [email protected].

White Paper – Payment Processor for Kiosks

payment gateway
EMV Kiosk

The Value of Payment Gateways for Kiosks

When a merchant wants to accept payments through their unattended kiosk, they are faced with many processing choices and industry complexities.  Whether forming multiple direct integrations to processors or utilizing one-to-many processing solutions provided by middleware or gateways, kiosk operators and merchants have a lot to consider.

A payment integration to a gateway or processor can require a great deal of time and resources.  Kiosk operators also need to assess ongoing remote maintenance and how to support multiple integrations.  In addition, there are various industry, regulatory and compliance requirements (like EMV and PCI DSS) to follow, as well as value-added security features such as end-to-end encryption or tokenization for recurring payments to consider.  The payment process and user interface must attract and retain the customer through the entire payment process.  As most kiosk users are untrained, transaction abandonment is common with a slow or cumbersome user interface.

This whitepaper will evaluate the benefits and costs of integrating payments via a gateway versus via direct processor connections, plus explore the other potential value points a gateway partner can provide kiosk operators and merchants.

Gateways and Payment Processors Defined

With the payment landscape growing more complex every year, merchants are seeking more sophisticated technologies to help them accept diverse forms of payment and integrate payment data with their other systems, such as inventory management, accounting and more.  Kiosk operators need systems designed for ease of use, speed and security, and payment gateways and payment processors are two of the most widely used solutions for payment acceptance.

A gateway is essentially a secure cloud-based platform that connects credit card payments from merchant points of sale (POS) to their processors, thereby facilitating the authorization and settlement of payment transactions.  Why have a gateway in the middle of this important relationship?  The short answer is for security and flexibility, but the details and other benefits will be expanded below.

A payment processor is a company (often a third party) appointed by a merchant to handle transactions from various channels, such as credit cards and debit cards for merchant acquiring banks.  They are usually two types: front-end and back-end processors.  Front-end processors have connections to various card associations and supply authorization and settlement services to merchants.  Back-end processors accept settlements from front-end processors and move money from issuing bank to the merchant bank.

Pros and Cons of Leveraging a Gateway

Gateways provide several benefits to kiosk operators that are integrating payments into their offerings:

  • A single connection to a gateway leverages that gateway’s multiple connections to many processors, enabling kiosk operators to have more freedom to choose their processor partners and accommodate a broader customer base with very different payment needs.  Connecting once to access multiple payment processors is much more cost-effective and efficient than creating multiple direct processor connections.
  • Access to the gateway provider’s reseller base, which gives kiosk operators connections to potential channel partners and greatly increases growth opportunities.
  • PCI DSS compliance of each processor connection, securely routing card data from the POS system to the processor of choice—again all delivered via the single connection to the gateway.
  • Access to PCI scope-reduction tools, like end-to-end encryption, EMV and tokenization, which limit the kiosk operator’s exposure to handling sensitive card data and potential fraud.
  • Lower upkeep and maintenance costs due to the fact that the gateway provider handles the bi-annual card brand releases and enhancements required by card brands and processors.

The price of leveraging these gateway benefits is typically a gateway transaction fee—an expense in addition to the interchange fees charged by processors.  While the gateway fee is typically nominal, the expense can add up over time as transaction volumes grow.

Pros and Cons of Direct Connections

The main benefit of direct connections is that they eliminate incremental transaction fees typically associated with gateways, because direct processor connections cut out the “middle man” with a select processor.

However, there are additional costs in both funds and time accompanying direct processor connections:

  • Merchant have fewer choices for payment processors—typically only the one processor is directly connected.
  • Kiosk operators are personally responsible for PCI compliance, which is an ongoing and labor-intensive process.  Even when using a PCI DSS-compliant level one service provider, the kiosk operator will still need to adhere to any applicable PSI DSS obligations set forth by their acquirer, based on processing environment, volume of transactions and policies/procedures.
  • It takes a substantial amount of work (and, therefore, cost) to certify and maintain each individual connection, comply with PCI data security standards, and perform necessary updates for card brand and processor bi-annual releases.  This can result in a very expensive, time-consuming and resource-intensive effort for kiosk operators who wish to handle payments processing development themselves.

Integrating with direct connections and certifying EMV transactions for every chosen processor requires several steps, each of which can each take weeks or months to complete:

  1. Submitting and getting approval from the payment processors for an EMV Application Request
  2. Assigning a Certification Analyst and acquiring Magnetic Stripe Reader (MSR) Certification
  3. Completing pre-certification EMV Testing
  4. Completing subsequent EMV certification with individual card brands (These certifications are device- and processor-specific, and separate for Visa, MasterCard, Discover and AMEX)

Repeating this process for each connection is extremely costly to initiate and maintain.  Kiosk operators must certify each desired hardware to each desired processor, and any alterations to the payment application requires a new EMV certificate.

EMV for Kiosk Operators

With the implementation of EMV cards in the U.S., kiosk merchants are seeing improved security for consumers and decreased fraud for merchants.  With these benefits, come a few challenges, the first of which is that kiosks are usually unattended devices.  Since the kiosks are not using a basic POS terminal, an original equipment manufacturer approved for unattended use is needed for Level 1 EMV compliance.  Level 1 EMV compliance relates to the hardware housing the terminal, which must have a higher degree of security to prevent people from accessing the keys to the data.  The next stage of EMV compliance (Level 2) refers to the software. Transactions happen between the POS device and bank exclusively, removing liability from the kiosk operator.  

EMV compliance can be complicated and costly, but it marks a significant shift in liability in the U.S.  Using a secure payment gateway can help to streamline this process for kiosk operators and remove the burden of securing EMV certifications for each payment type.

Other Benefits of Gateways for Kiosk Operators

While direct integration can be time-consuming and expensive, integrating with a gateway provides kiosk operators with several key benefits that reduce ongoing operational costs, labor and maintenance.

  • More Options and Flexibility

Gateways typically enable the ability to connect to more processors than direct connections so merchants have the freedom to choose the partners that work best for their business.  The more connections and channel partners that your gateway provider offers, the more flexible payment options that are available for kiosk merchants.  With customer analytics growing quickly, kiosk merchants can provide a customized experience for their users, including user recognition through card number, email address and more.

  • Top-Notch Security

Be sure to select a gateway provider that has a reputation for top-notch safety and security.  Features to look for include advanced security features like end-to-end encryption, tokenization and hosted payment screens, in addition to EMV compliance for a comprehensive layered security approach.

  • Industry-Specific Solutions

Gateway technology can be tailored for a variety of niche markets like vending, parking, car washes, golf courses, and ticketing, plus a wide array of traditional payments terminals, so look for a provider that meets your specific vertical market needs.

  • Semi-Integrated Solutions to Save Time and Effort

Semi-integrated solutions allow kiosk operators to add EMV support quickly and easily using their existing payment solutions, saving significant time, effort and resources.  EMV reduces the liability for kiosk merchants, shifting more liability to the cardholder’s bank, significantly reducing risk to the kiosk merchant.

  • Increased Growth Potential

Gateway providers sometimes have a large reseller base.  For those that do, granting kiosk operators access to the gateway’s reseller base gives those kiosk operators connections to potential channel partners, greatly increasing growth opportunities.

  • Speed & Service

Gateways should provide a consistent level of service to enhance the payment process for the customer.  Speed of a transaction is especially important during heavy use.  A slow system can drive customers away during the payment process and reduce the sales volume. Kiosks must be able to function well at a high volume without the system slowing or shutting down.

  • Dynamic Routing for Fast and Easy Payment Device Management

Gateways should feature dynamic routing across platforms and services, meaning devices are boarded once and can send transactions anywhere.  This consolidates payments and data from different platforms into one simple, easy-to-use interface, and translates across reporting, risk management and billing for all devices, which dramatically reduces the work required to maintain these connections.  As kiosk users are generally untrained, a fast, reliable experience is required to maintain current users and gain new users. Sales are often abandoned due to system delays or an interface that is not user friendly. Look for a gateway provider that allows acquired portfolios of devices to easily be added, and supports functions like recurring billing.

  • Preferred Rates

Some gateways can convey preferred rates for small-ticket Visa and MasterCard transactions, further validating the ROI of connecting to a gateway, especially for kiosk markets with lower average sales tickets.

  • Flexibility to Support New Technology

Gateway providers continually add support for new payments technologies as they emerge, which helps future-proof solutions and keep them compliant with updated PCI regulations.  Ensuring the kiosk merchants can utilize the latest mobile options, such as Apple Pay, Wallet and more with a future-proof solution.

Which Integration Path is Right for You?

Establishing and maintaining individual connections with processors may seem more empowering and cost-effective at first glance, but it can be quite costly and resource-intensive over the long term.  Many payments solution providers are turning to gateways to provide their merchants (and customers) with more options.  However, each kiosk provider or merchant must weigh the pros and cons, and choose an integration path that works best for their business.

By Justin Passalaqua
Director of Sales at Apriva, LLC
[email protected]
(480) 423-7724

For more information on payment gateways and processors visit Apriva website.

Al Rajhi Bank deploys Gemalto’s instant EMV card issuance solution in new self-service kiosks

The extension of the solution to kiosks is part of our on-going plan to transform branches for the digital age of banking and give our customers advanced services and a seamless experience,” said Saleh Alzumaie, General Manager Retail Banking Group for Al Rajhi Bank.

Source: www.gemalto.com

This is the first deployment of our instant issuance technology in self-service kiosks in Saudi Arabia and, since its introduction in January, the number of cards being produced this way has increased threefold.”

Ingenico Group’s Unattended Partner Program Drives Deployment Of Cashless Terminals On Kiosks

Ingenico Unattended Partner Program Drives Kiosks

Ingenico Unattended

TAGS: cashless vending, mobile payments, unattended payments, Ingenico Group, Ingenico unattended partners program, Self Series readers, Greg Burch, Vengo Labs, Steven Bofill

NEW YORK CITY — Ingenico Group said year-over-year shipments of its

Source: www.vendingtimes.com

Excerpt — NEW YORK CITY — Ingenico Group said year-over-year shipments of its iSelf Series cashless payment systems grew more than 200%. New additions to Ingenico’s unattended partners program, launched a year ago, have accelerated sales, the company reported. Ingenico products are used by the vending, education, retail, hospitality and parking industries.

Ingenico Group said it saw its single largest deployment of unattended payment solutions in 2016. New unattended partners include Vengo Labs, which makes a wall-mounted touchscreen vending machine, along with Bank of America, Bluefin, Shift4 and Vantiv. The program’s 22 members consist of kiosk, value-added and payment solutions providers. It also serves system integrators that create the ecosystem necessary for secure unattended payments.

Ingenico’s PCI-certified iSelf Series is EMV and NFC capable. The all-in-one iUC285 contact and contactless standalone module for self-service businesses is the most popular terminal/reader in the series. Over the past two years, the company says it created more than 10,000 purchase points with its unattended terminals.

Connected Technology Solutions, Flex, Image Manufacturing Group, Kiosk Information Systems, Olea Kiosks, SlabbKiosks and Zivelo are other kiosk makers that use Ingenico’s products. Intouch, Livewire and Nanonation are among the system integrators working with Ingenico.

KioWare Whitepaper Review: Video, EMV, Android, Cash Kiosk

KioWare publishes a series of whitepapers and all of them are excellent whitepapers.

For December we wanted to do a roundup of their 2016 Whitepapers which follow below.


White Papers

Below you will find white papers covering the issues and solutions involving kiosk software and security.

Featured

Creating a Video Kiosk in KioWare for Android

  • Type: White Paper
  • Author: Laura Boniello Miller
  • Date: September 2016

You can create a video kiosk using KioWare for Android (version 3.7 and later). Using a PC or tablet and KioWare, you can turn your video and images into an interactive video kiosk.  Learn more…


Creating an EMV Compliant Android Kiosk

  • Type: White Paper
  • Author: Laura Boniello Miller
  • Date: June 2016

For anyone who has heard about the shift in liability for credit card purchases, an EMV Compliant Android Kiosk is a great option for a secure self service payment solution.  Learn more…


Creating a Video Kiosk using Windows

  • Type: White Paper
  • Author: Chris Dierdorff
  • Date: May 2016

Learn how to set up a kiosk to display your videos. Using a PC or tablet, you can utilize KioWare to display as many or as few videos as you would like.  Learn more…


Cash Kiosk: Turnkey transactional kiosk solution for retail cash payment

  • Type: White Paper
  • Author: Laura Boniello Miller
  • Date: May 2016

Using the KioPay Point of Sale kiosk application and the Franklin Bill Payment kiosk by Olea, retailers can now deploy a fully integrated cash accepting kiosk for order processing and fulfillment.  Learn more…


Queueing Theory: How do customers queue?

  • Type: White Paper
  • Author: Laura Boniello Miller
  • Date: December 2015

Queueing theory is the study of waiting in lines. Actual and perceived wait time can be positively impacted with the implementation of kiosks, effectively improving customer satisfaction, decreasing wait time, and increasing the number of transactions.  Learn more…

A year after the US deadline, EMV compliance lags: Part 1 — What’s causing the delay?

A year after the US deadline, EMV compliance lags: Part 1

EMV system compliance has taken longer than many expected due to the complexity of integrating certified hardware with software and processors. Part 1 in a two-part series explores why the transition has taken so long, especially in the unattended retail sector.

Source: www.kioskmarketplace.com

“It does seem like it could be going better on the deployment side,” said Frank Olea, CEO of Olea Kiosks Inc., a kiosk designer and manufacturer. He said the payment processors have to become familiar with EMV-compliant hardware, which takes time.

“The retailers all have to change to this technology, so there is a rush on equipment, and there’s a rush on certification,” said Paul Burden, director of software a Meridian Kiosk.

“EMV requires communication in both directions [between the processor and the chip card],” said Greg Burch, vice president of strategic development at payment equipment manufacturer Ingenico Group. “The complexities of that are much more than traditional magstripe.”

“It’s a more complicated integration,” agreed Rob Chilcoat, president of operations at UCP Inc., an EMV compliance consultant that assists companies with EMV migration. “Every link in the chain has to be certified.”

“These smart terminals actually package and encrypt the data before it ever leaves the device, which is a concept called point-to-point encryption,” Chilcoat said. “Combined with Derived Unique Key Per Transaction, that is what ultimately provides the security assurances to the merchants and the kiosk providers that their system won’t ever be the source of a significant breach of customer card data.”

 

 

EMV Kiosk – Livewire Kiosk Adds FreedomPay & Ingenico

EMV Kiosk – Livewire Adds FreedomPay EMV Processing

October 19, 2016 – YORK, PA.  Livewire Kiosk is pleased to livewire digitalannounce the integration and certification of the FreedomPay EMV payment processing system.  The FreedomPay solution offers EMV compliance using Ingenico’s iSelf Series of unattended devices with processors including Heartland, First Data, and Elavon.  Bundled with Livewire’s Self-Service Commerce platform and eConcierge®  Content Management System, the FreedomPay/Ingenico integration provides fast processing of EMV-compliant payments while eliminating the merchant’s and consumer’s risk of credit card fraud.

The FreedomPay integration joins a list of other payment solutions that have been integrated into Livewire’s kiosk software, including Network Merchants, Authorize.net, First Data’s Payeezy, Frontstream, Credit Call, and Tempus.  Livewire’s Transaction Processing Engine powers solutions worldwide such as event ticketing, token purchases, duty tax payment, product vending, gift card exchange, and entertainment systems.  Initial deployments utilizing FreedomPay include cover charge collection kiosks for an upscale night club in Boston and a state vehicle registration renewal kiosk.

About Livewire Kiosk

Livewire is the Power to Connect, creating integrated software solutions for kiosks, digital signage, web sites and mobile applications, all managed from its eConcierge® Content Management System. Livewire’s transactional solutions increase revenue and productivity for its customers, while lowering overhead and providing seamless integration. Livewire provides cutting-edge software, hardware, and system integration, bringing the necessary puzzle pieces together to increase customer engagement and create a secure end-user experience. Learn more at LivewireDigital.com

More Livewire News & Commentary

EMV Compliance vs. PCI Compliance

Ingenico iSelf-Series Kiosk EMV DeviceWhat’s the difference between EMV compliance and PCI compliance?  The short answer is they’re both guidelines for protecting cardholder data for the purpose preventing fraud, but they focus on different elements of the credit card transaction.

“To clarify it even further and more simply, PCI is about making sure the card data doesn’t get stolen and is secure in the first place and EMV is making sure if the data IS stolen that the content is rendered useless.” – CPI PCI and EMV: What’s the difference?

My goal for this article is to give a brief overview of each of these standards for protecting cardholders so you have an idea how they impact how you accept credit card payments at your self-service kiosk or POS.

EMVCo logoEMV Compliance:

  • The goal of EMV is to ensure the security and global interoperability of chip-based payment cards.
  • Includes robust cardholder verification (i.e. Chip and PIN).  The particular verification method that is used depends on the card issuer as well as the POS where you make a purchase.
  • Prevents cards from being cloned through the use of microprocessor on the card which produces unique encrypted output each time the card is used to defeat card skimming.
  • Requires EMV certification between EMV capable hardware and the processor.
  • President Obama signed an executive order that requires all government-issued credit cards and readers to come equipped with EMV technology starting 2015.
  • Has a US liability shift coming in October 2015
  • The EMV specifications are managed by the privately owned corporation EMVCo LLC and was first published in 1995 through a joint effort by Europay, MasterCard, and Visa (hence EMV).

PCI Compliance:

  • The goal of PCI is to protect cardholder data that is processed, stored or transmitted by merchants.
  • Follows common sense steps that mirror best security practices including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy.
  • Requires regular vulnerability scanning by an ASV of Internet-facing environments of merchants and service providers.
  • Allows organizations to “self-assess” in many cases.  Different Self-Assessment Questionnaires (SAQs) are specified for various business situations.
  • The PCI specifications are administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

Andrew Savala

Andrew Savala

Andrew Savala is the CEO of RedSwimmer Inc., creators of the kiosk lockdown software KioskSimple. Andrew has been developing kiosk software since 2007, with an emphasis on self-service retail payment applications.

Parabit Adds Mobile NFC / Contactless EMV Access Control to secure ATM Lobbies with Overlay and RFID Skimmer Detection

ROOSEVELT, N.Y., Sept. 21, 2016 /PRNewswire/ — Parabit Adds Mobile NFC / Contactless EMV Access Control to secure ATM Lobbies with Overlay an

Source: www.prnewswire.com

Parabit has received commitments from 7 of the top 20 Commercial US Banks for 10,000 plus units over the next two to three years. Over the last 4 weeks 3 US Commercial Banks have upgraded their ACS-1E systems with MMR’s or installed MMR’s with our ACS-1E ATM Lobby Access Control System at over 400 ATM Lobby locations.

Kiosk Software Accessibility – New KioWare Zoom Text, EZAccess, and Cash + EMV

KioWare For Windows
KioWare For Windows

Editors Note: New kiosk software release KioWare for Windows (Version 8.7)! New accessibility features are now available (such as ZoomText and JAWS for the visually impaired).  Support for EZ® Access Keypad.  (See upcoming Accessibility Seminar). Also added are a number of new devices, including an EMV compliant option using the Elavon processor via the OTI Trio (see UCP). Other devices that have been added include Raw Windows printer device support, monitored device support, barcode readers supporting SNAPI, Bill dispensers, acceptors, and recyclers.   

Jim Kruper President of KioWare said, “New features in this release provide significant advances in our ability to support ADA compliant deployments and the expansion of options and devices available for transactional kiosk projects.

ADA kiosk
Section 508 Subpart C – Click for full size

Here are the details (note the new “Assistive Technologies” tab in the config tool image below):

Learn more about Accessibility at government site for ADA. Next seminar is 9/27.


Press Release Copy – Version 8.7 of KioWare for Windows is now available.  This version adds extensive assistive technologies for visual and hearing assistance as well as a number of new devices such as barcode readers supporting SNAPI, new bill acceptors, dispensers & recyclers, raw printer support and more.

kiosk software
Click to see full size image

Analytical Design Solutions Inc. (ADSI) has released a new version of KioWare for Windows kiosk software, with new assistive technologies for improved accessibility.

KioWare kiosk software products lock down your device into kiosk mode, which secures the overall operating system, home screen and usage of applications.

Version 8.7 of KioWare for Windows (Lite, Basic, & Full with Server) has added JAWS® (Job Access With Speech) screen reader technology support to allow blind and visually impaired users to read and interact with the kiosk screen.  Screen Reader

What is JAWS in plain english? Click to see.
What is JAWS in plain english? Click to see.

support configuration settings can be found in the KioWare Config Tool’s new Assistive Technologies tab.  Support for the ZoomText® Magnifier/Reader has also been added.  ZoomText is a fully integrated magnification and screen reading program. Also found in the new Assistive Technology tab is support for the EZ® Access Keypad, software navigation keypads for people with mobility or sensory impairments.  These features, now available in KioWare Lite, KioWare Basic, & KioWare Full for Windows, combine to help make your kiosk compliant with Section 508 and ADA regulations.  These assistive technology applications must be purchased separately.

KioWare Basic and KioWare Full for Windows Version 8.7 has added a number of new supported devices and supported device types:

  • Raw Windows Printer device support
    • Zebra TTP2030
    • Zebra KR403
    • Zebra KR203
    • Any printer that installs a Windows driver
  • Monitored devices
    • PJL Printer Monitoring Support
  • Barcode Readers supporting SNAPI
    • Symbol
    • Motorola
    • Zebra
  • OTI Trio device support providing EMV support through Elavon
  • Fujitsu F53 Bill Dispenser
  • CashCode Bill Acceptors
  • MEI Bill Acceptors
  • MEI BNR (Bank Note Recycler)

KioWare for Windows (Lite, Basic, & Full) now requires Windows 7 or higher.  With version 8.7, Vista will no longer be supported.  The browser is now updated to Chrome 52. Additional features for Lite, Basic, & Full includes:

  • Ability to use “Scheduled Actions” settings to execute a command line
  • Support for mapping key combinations to actions (HotKeys)
  • Addin support for handling downloads
  • Context (right click) menu customization and support
  • New attract screen mode (simple attract looper) features
    • Default screen delay
    • Attract screen transition style options
    • Transition time customization
    • Ability to add displays.

Support must be current to upgrade.

For a full description of features added for this and other versions of the KioWare product line,  visit http://www.kioware.com/versionhistory.aspx.

All of these products are available as a free trial with nag screen at http://www.kioware.com/download.aspx. Existing clients have the ability to upgrade at https://www.kioware.com/downloadupgrade.aspx.

KioWare has been providing OS, desktop, and browser lockdown security for the kiosk and self-service industry since 2001.

https://dev.accessibilityonline.org/cioc-508/schedule
Click for information on seminar September 27th

UCP has Ingenico iUC285 Beta units

iUC285 Ingenico EMV Reader for Unattended Self Service

Unattended Card Payments Inc. Begins Shipping the iUC285 in the U.S. As main Ingenico VAR for unattended hardware, UCP Inc. announces they have received first shipment of iUC285 beta units.

Source: www.ucp-inc.com

These units are designed for unattended and are being certified with multiple processors as we speak.

Here is spec sheet.

iUC280 product info

EMV Kiosk – Creditcall KioskSimple EMV Case Study

EMV Kiosk Case Study

Great EMV kiosk case study by Creditcall on our KioskSimple integration with their EMV Payment Gateway. RedSwimmer was looking for a way to provide EMV compliance to users of their kiosk software, KioskSimple. The Challenge RedSwimmer was looking for a way to provide EMV compliance to users of their kiosk software, KioskSimple. Many of RedSwimmer customers are … Continue reading “Creditcall KioskSimple EMV Case Study”

Source: blog.kiosksimple.com

Their kiosk or POS applications were developed as a web app and used the KioskSimple software which acts as middleware, providing a JavaScript API which can easily be called by a web application and thereby add support for accepting EMV payments via Creditcall’s payment gateway solution ChipDNA using the Windows SDK.

How the EMV Kiosk Works

Both developers and business owners realized the need for an outside party in activating EMV compliance and this is where ChipDNA supported RedSwimmer’s client initiatives.

ChipDNA provided the interface to Ingenico’s iPP350PINpad and handled all the complicated behind-the-scenes magic of EMV compliance. This process allowed RedSwimmer to focus on the JavaScript front end which is their expertise. The larger challenge with RedSwimmer was to find a way to make ChipDNA accessible from a web app.ChipDNA works well with native applications but lacked a JavaScript API.  Thanks to Creditcall’s expertise, RedSwimmer was able to use developer-friendly JavaScript front-end language with ChipDNA through the use of KioskSimple.

SlabbKiosks partners with Ingenico Group to provide EMV-enabled unattended payment devices

SlabbKiosksLas Vegas, March 29, 2016 – SlabbKiosks, a leader in self-service technology, announced today that it has partnered with Ingenico Group, the global leader in seamless payment, to bring secure, EMV-enabled unattended payment devices to the market. SlabbKiosks, well known for its customized kiosk solutions, will utilize Ingenico Group’s unattended payment solutions, and become a member of the company’s Unattended Partner Program.

According to Mike Masone, Sales Director at SlabbKiosks, “Ingenico Group’s iSelf series represents a departure from typical payment devices. The solutions were designed from the ingenico kioskground up for unattended environments, and Ingenico Group provides unparalleled support, by making in-house engineering and support personnel available to our customers. These customers are spread across many verticals but their needs remain the same – to have simple and secure payment applications developed for their unattended applications.”

Ingenico Group’s Unattended Partner Program will allow SlabbKiosks to provide secure, EMV- and NFC-enabled unattended self-service payment solutions via its various kiosk models and customized hardware solutions. The Program was designed to facilitate integration among partners allowing them to offer turnkey unattended solutions for a wide variety of uses with secure EMV and NFC payment acceptance built in.

Bruce Rasmussen, Director of Strategic Verticals for Ingenico added, “We’re seeing high demand for unattended payment solutions. Companies such as SlabbKiosks want to protect their customers from post-EMV deadline fraud liability, while enabling consumers to pay using the latest payment methods, including Apple Pay and Android Pay. We’re looking forward to working closely with SlabbKiosks to bring its new turnkey solutions to market.”

About SLABBKIOSKS

SlabbKiosks is a leading international manufacturer and distributor of cost effective, interactive kiosks. The company has installed and customized interactive kiosks for thousands of clients in over 150 countries and distinguishes itself from the competition by offering the latest in technological advancements including the wireless kiosk, while utilizing high quality components with designs that facilitate quick and efficient maintenance of their units.

Additional information can be found at:

http://www.slabbkiosks.com

For further press information about this release, please contact:

Kisha Wilson (Marketing Manager)
SlabbKiosks

Tel: 702-605-4845
Email: [email protected]

Full release of SlabbKiosks partners with Ingenico_v2.1

Using the Creditcall EMV Virtual Terminal With KioskSimple

The Creditcall EMV Virtual Terminal is a convenient way to test your EMV implementation without requiring a physical EMV terminal.

Fortunately the Creditcall EMV Virtual Terminal is designed to emulate an EMV terminal.  This makes for a quick and affordable way to test EMV contact and contactless NFC payments in your application without purchasing EMV hardware.

In this article we’re going to cover how to use the Creditcall EMV Virtual Terminal with KioskSimple kiosk software.

Step 1: Register for a Creditcall WebMIS Sandbox Account

This article will cover how to use the Creditcall EMV Virtual Terminal with KioskSimple.

The first step is to register for a WebMIS sandbox account (aka test account) with Creditcall.  This will allow you to make test transactions without actually charging your credit card.

Once you’ve completed the registration process you’ll receive an email with your WebMIS Terminal Id and Transaction Key.

Step 2: Install the KioskSimple Creditcall EMV Payment Gateway Plugin

The KioskSimple Creditcall EMV Payment Gateway Plugin allows you to access the Creditcall EMV payment gateway via the KioskSimple EMV JavaScript API.

If you haven’t done so already, download and install the free demo of KioskSimple.

Next run the KioskSimple Configuration Tool and navigate to the PLUGIN STORE.

Install the Creditcall EMV Payment Gateway Plugin.  The configuration tool will restart and some dependencies will be installed.

You should now see a menu option called CARD READERS.  Navigate there and select the Creditcall EMV Payment Gateway Plugin and then press CONFIGURE.

Step 3: Configuring the Creditcall EMV Virtual Terminal

The Creditcall EMV Payment Gateway Plugin comes pre-configured to work with the Creditcall EMV Virtual Terminal.

The only configuration necessary is to enter your WebMIS Terminal Id and Transaction Key under the Transaction Settings tab.  As you can see in the screenshot below, the Terminal ID and Trans ID (Transaction Key) just need to be populated.

We’ve went ahead and included screen shots of the Device Settings and Server Settings tabs for your reference, but you shouldn’t need to change these values in order to use the Creditcall EMV Virtual Terminal.

Creditcall EMV Virtual Terminal Transaction Settings. The Terminal ID and Trans ID still need to be populated.

Creditcall EMV Virtual Terminal Device Settings

Creditcall EMV Virtual Terminal Server Settings

Step 4: Configuring KioskSimple to Show the Creditcall EMV Virtual Terminal

By default, KioskSimple blocks popup windows and 3rd party applications from running to ensure a smooth user experience at your kiosks or POS.

We’ll want to disable this feature in order to use the Creditcall EMV Virtual Terminal since it’s a 3rd party application.

This can easily be accomplished by changing the setting Enabling Closing Popup Windows to OFF as shown below.

Popup blocking disabled in KioskSimple

Now that we’ve configured KioskSimple to not block the Creditcall EMV Virtual Terminal we need an easy way to switch to it while KioskSimple is running.

I prefer to disable the filtering of the Windows hotkey ALT-TAB as shown below, which allows you to easily switch between open applications.

Disabling the ALT-TAB hotkey in KioskSimple

Step 5: Launching the Creditcall EMV Virtual Terminal

The Creditcall EMV Virtual Terminal gets installed automatically when you install the Creditcall EMV Payment Gateway Plugin in KioskSimple.

The Creditcall EMV Virtual Terminal is located here…

C:\ProgramData\RedSwimmer\KioskSimple\Plugins\8c43efed-7611-42ec-9942-874798728c88\ChipDNA Virtual PINpad\ChipDNAVirtualPINpad.exe

Running the Creditcall EMV Virtual Terminal

Step 6: Running an EMV Test Transaction in KioskSimple

Now you’re ready to test the Creditcall EMV Virtual Terminal with KioskSimple.  The easiest way to do this is to run our Creditcall EMV JavaScript API example.Running a Creditcall EMV test transaction in KioskSimple

Once the example is setup, you can take the following steps to launch KioskSimple and run some EMV test transactions.

  1. Start KioskSimple.
  2. Select “Try the Demo” and then “Test Mode”.
  3. Now you’ll see the EMV JavaScript API website example shown above.  Press “Get Status” and you should see the status of the Creditcall EMV Virtual Terminal.  You can also enter a dollar amount and press “Start Authorization” to begin your transaction then ALT-TAB over to the Creditcall EMV Virtual Terminal.
  4. When you’re done press ESC and any password will work while KioskSimple is unregistered.

Got Questions?

Please contact us and we’ll get you up and running quickly.  We offer free phone and email technical support for all of our code examples.  Try finding that anywhere else in this industry.

We’re dedicated to making your next kiosk or POS project a success and are happy to hold your hand through the hardware integration.

Kiosk Manufacturer Self-Service