Tag Archives: OTI

EMV Kiosk – On Track Innovations Receives Interac Certification for Canadian Market

Originally published on https://www.otiglobal.com/pr-news-events/on-track-innovations-receives-interac-certification-for-canadian-market/

ROSH PINNA, Israel – October 30th, 2018 — On Track Innovations Ltd. (OTI) (NASDAQ: OTIV), a global provider of near field communication (NFC) and cashless payment solutions, has received a renewed Interbank Network Interac certification, which now allows Canadian businesses to integrate OTI’s secure cashless payment solutions into vending machines, kiosks and other unattended devices throughout Canada.

Interac Corp. operates an economical, world-class debit payments system with broad-based acceptance, reliability, security, and efficiency. The organization is one of Canada’s leading payments brands and is chosen an average of 16 million times daily to pay and exchange money.

“We are pleased to announce that we have received the Interac certification, reaffirming our commitment to remain at the forefront of innovation within the exciting Canadian unattended payment market,” said Shlomi Cohen, CEO of OTI. “Canada has over 59,000 automated teller machines and over 450,000 merchant locations accessible through the Interac network, making this certification essential to doing business in Canada. I look forward to addressing this significant market opportunity by leveraging our continued technological advantage and aggressive new sales efforts nationwide,” concluded Cohen.

About OTI

On Track Innovations (OTI) is a global leader in the design, manufacture, and sale of secure cashless payment solutions using contactless NFC technology. OTI’s field-proven innovations have been deployed around the world to address cashless payment and management requirements for the Internet of Payment Things (IoPT), wearables, automated retail, and petroleum markets. OTI distributes and supports its solutions through a global network of regional offices and alliances. OTI is the proud recipient of the 2017 AI Award for Best Cashless Payment Solutions Provider – Israel. For more information, visit www.otiglobal.com.

 

Safe Harbor / Forward-Looking Statements

This press release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 and other Federal securities laws. Whenever we use words such as “believe,” “expect,” “anticipate,” “intend,” “plan,” “estimate” or similar expressions, we are making forward-looking statements. For example, we are using forward-looking statements when we discuss our expectations regarding our growth or profitability, reduction of costs and expenses, expected divestitures, plans for our existing and new products and services, penetration of new markets and securing new customers, contributions of our regions to our growth, resolution of our outstanding patent infringement claims, strengthening of our balance sheet and deliver long-term shareholder value. Because such statements deal with future events and are based on OTI’s current expectations, they are subject to various risks and uncertainties and actual results, performance or achievements of OTI could differ materially from those described in or implied by the statements in this press release. Forward-looking statements could be impacted by the effects of the protracted evaluation and validation periods in the U.S. and other markets for contactless payment cards, or new and existing products and our ability to execute production on orders, as well as other risks and uncertainties, including those discussed in the “Risk Factors” section and elsewhere in our Annual Report on Form 10-K for the year ended December 31, 2016, and in subsequent filings with the Securities and Exchange Commission. Although we believe that the expectations reflected in such forward-looking statements are based on reasonable assumptions, we can give no assurance that our expectations will be achieved. Except as otherwise required by law, OTI disclaims any intention or obligation to update or revise any forward-looking statements, which speak only as of the date hereof, whether as a result of new information, future events or circumstances or otherwise.

Investor Relations Contact:

Greg Falesnik
MZ North America
+1-949-385-6449
Greg.Falesnik@mzgroup.us

More Information on OTI

Whitepaper – OTI Brings Cashless Payment Solutions to Worldwide Merchants

OTI Brings Diverse Cashless Payment Solutions to Worldwide Merchants

INTRODUCTION TO OTI
On Track Innovations LTD, or OTI (NASDAQ: OTIV), is a pioneer and leading global developer of cutting-edge cashless payment solutions including near-field communication (NFC) products and solutions. For over two decades, OTI has provided enterprises worldwide with innovative technology and solutions that forge new business models, grow revenues, streamline processes, and create measurable value for end users. OTI’s field-proven suite of cashless payment solutions is based on an extensive IP portfolio, including registered and patent applications throughout the world.

BUSINESS CHALLENGE – CASHLESS PAYMENTS

mobile paymentAs most of the globe moves towards cashless transactions, consumers are looking for options beyond traditional credit and debit cards. Market growth and technology adoption rates for cashless solutions are driven by millennials who prefer to go cashless. Other market factors driving cashless payments include: universal presence of wireless communications, governments’ promotion of cashless transactions to combat “black cash,” and the demand for the miniaturization of technology.

Automated retailers, Internet of Things (IoT) providers, fuel management companies, mass transit ticketing organizations, and many other industries need secure cashless payment systems to deliver their business objectives. Approximately 45% of transactions in the United States are cashless today, and Sweden expects to be completely cashless by 2020. Cashless transactions already exceed cash in Belgium, France, Sweden, the United Kingdom, and other European countries.

BUSINESS CHALLENGE – OTI

OTI’s business spans hardware, software, and mobile solutions for cashless payments. OTI has over 700,000 hardware devices installed worldwide, supporting markets such as vending, micro-markets, banking and ATMs, petroleum and fuel hardware, ticketing, IoT, wearable devices, and more.

With around 40% market share in the U.S., OTI needed a U.S.-based payment partner to provide secure processing in combination with OTI’s payment capture solutions.

One example, OTI’s TRIO is a modular payment device which supports up to three cashless payment interfaces in one enclosure. The TRIO is specifically designed for installation in unattended environments such as kiosks and vending machines to enable cashless payments with magnetic payment cards, as well as mobile (NFC payment options such as Apple Pay®, Google Pay, Samsung Pay®), EMV chip and contactless payment cards. To deliver this hardware to the U.S. market, OTI needed a payment partner offering state of the art security with end-to-end encryption, tokenization and EMV capabilities.

In another example, otiKiosk provides kiosk system developers with an easy and affordable way to integrate a pre-certified EMV payment acceptance solution into their system, and additionally provides kiosk operators with remote management of their hardware and software. This OTI hardware solution incorporates EMV secured payment acceptance for quick service restaurants (QSRs) and other businesses, supporting mobile payments, credit cards and debit cards. To deliver this to the U.S. market, OTI needed a payment technology partner who could process mobile,

“The OTI and Apriva cashless payments solution was the perfect choice for us. The flexibility to manage both our EASE and CloudEASE portfolios with the same SDK, combined with the efficiency of an off-the-shelf, pre-certified EMV solution not only gave Parking BOXX a time-to-market advantage,but also saved us the cost of months of integration and certification.”
~Renee Smith, President and CTO, Parking BOXX

CHOOSING APRIVA

OTI selected Apriva among the many options for partnering in the U.S. market. With Apriva’s adaptive payment platform, OTI gained a processing partner with the ability to facilitate the broad range of payments OTI’s customer base required. With a secure end-to-end encryption model, and multiple EMV certifications already completed, Apriva was a strategic fit to OTI’s North American operations.

OTI was impressed with Apriva’s payment APIs for quick integration for the OTI’s TRIO and otiKiosk hardware, and with the superlative technical support that accompanied those integrations. Plus, Apriva’s technology platform allows OTI to expand its U.S. business—leveraging Apriva’s network of more than 1,100 merchant acquirers and independent sales organizations (ISOs).

“Apriva is an excellent fit for our cashless payment solutions, as they offer a world-class gateway with multiple secure options,” said Bill Gostowski, Vice President of Business Development at OTI.

“Our cost-effective hardware and software solution pairs strongly with Apriva’s secure payment capabilities and we are pleased to bring an unattended solution to market built upon our combined technologies, experience and success.”

SOLUTION – OTI & APRIVA

In 2017, OTI and Apriva partnered to bring a new end-to-end EMV solution to the U.S. market supporting unattended payments. This payment solution supports magnetic stripe reader (MSR) transactions, as well as EMV contact and contactless transactions with Elavon as acquiring bank. As a semi-integrated solution, the OTI TRIO reader is securely interfaced with the Apriva gateway, which means a quick integration process for unattended payment environments. Security includes real-time, end-to-end data encryption, using the industry standard derived unique key per transaction (DUKPT) encryption method, with no cardholder or card data stored.

In 2018, OTI combined its otiKiosk solution set with Apriva’s adaptive payment platform to bring vendors, micro market merchants, automated retailers and other unattended businesses unmatched value, flexibility, and ease of integration—saving thousands of dollars, many months in development time and certification costs.

“The addition of pre-certified EMV processing to the OTI/Apriva Kiosk Solutions brings incredible value to both our current and future customers. This timely and relevant EMV solution is easy to install, even for kiosk solution providers with no previous cashless payment experience.”

~Shlomi Cohen, CEO of OTI

The pairing of otiKiosk and Apriva delivers a pre-certified, off-the-shelf EMV solution binding a powerful unattended system with secure payment processing technology. This partnership helps businesses eliminate the cost and complexity of integration and EMV certification for unattended, cashless processing. OTI brings an integrated cloud-based Terminal Management Solution package, responsible for remote terminal management and financial reporting, and Apriva brings payment technology built on a security foundation that has been deployed by the US Intelligence Community, Department of Defense (DoD), and is compliant with the payment industry’s standards body, the PCI Security Standards Council.

cashless payment apriva gateway

MOVING FORWARD

Together, OTI and Apriva continue to focus on the ever-growing unattended market with their integrated payment solutions. OTI’s best-in-class hardware and software solutions, combined with Apriva’s adaptive payment platform, brings OTI customers unmatched value, flexibility, and ease of integration.

The partnership delivers an affordable, EMV solution for automated markets. Unattended retailers, micro-markets, vendors and other self-service merchants can increase their revenues by accepting more forms of cashless payments, easily integrated via Windows or Linux SDK, and potentially reducing PCI scope through Apriva’s secure end-to-end encryption (E2EE) technology.

As unattended payment options expand in the years ahead, OTI’s success with hundreds of thousands of readers in the field worldwide aligns tightly with Apriva’s vision for supporting those payments.

“Secure, customer-focused unattended payments are critical to AR Systems. OTI’s payment hardware and Apriva’s payment gateway are key partners in AR Systems’ application of intelligent computing, cloud-based monitoring and robotic solutions to evolve vending into a robust premium retail solution.”
~ Shannon Illingworth, Chief Innovation Officer at AR Systems

Reference links:

Contact Information

Richard HARRIS
Marketing Manager
+972 (50) 524-6989
+972 (4) 686-8004
richard@otiglobal.com
www.otiglobal.com

Feature – EMV Self-Service Update for Self-Order Kiosks 2018

EMV Update for Self-Order Kiosks

EMV deadlines have arrived, but many choose to skip the upgrade. EMV is still split into two big camps. One that is compliant and the other which will  be, but not yet.   Our prime supporting sponsor for this update is KioWare. Thanks!

EMV card reader
Ingenico is the largest provider of self-service EMV for unattended and contributed to this resource article.

By Richard Slawsky contributor

Richard Slawsky is an Educator and freelance writer, specializing in the digital signage and kiosk industries.Louisville, Kentucky Area

Which costs more, complying with new regulations or not complying and hoping for the best?

The question is particularly relevant when it comes to kiosk deployers complying with Europay, Mastercard and Visa (EMV) regulations. Invest in upgrading equipment, or run the risk of being hit with chargebacks and fines in the event of fraud?

Although the lack of clear incentives or financial impacts have prompted some to skip those upgrades, it may be wiser to begin the planning process now. When the inevitable kiosk fraud case makes headlines, it will likely set off a compliance rush that may leave some deployers waiting months or years to get their devices upgraded and certified.

Meeting EMV deadlines

The Wikipedia entry for EMV defines it as “a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.” EMV “smart cards” store their data on integrated circuits in addition to the traditional magnetic stripes.

The Path to EMV
  • CC readers as keyboard wedge. They take input & then act like a keyboard echoing out the numbers thru port.
  • Credit companies keep data on unprotected and unencrypted servers.
  • Europe sees better way & requires solid encryption paired with a PIN (aka Chip and Pin).
  • The US defers requiring that for time being and does not follow Europe’s lead.
  • Growth of Internet and rise of credit cards Mastercard and VISA in US agree that encryption is a good thing. Maybe even a PIN…
  • EMV liability timetable put in motion. ATMs hugely affected (in US only) as are retailers.
  • CC readers add encryption in advance. Magtek and IDTech good examples. Instead of open Keyboard Wedges we now have encryption capabilities. No chip, though, and no PIN.
  • Deadline nears – everybody knows it is time to use chips, assuming liability for not doing so is above profit threshold. Somebody that does relatively small transactions will never be a target for stolen credit cards (Redbox e.g.). Does liability outweigh cost of upgrading, and affecting bottom line and potentially share price?
  • Signature used or zip code as presumed id token.
  • Data systems becoming more secure with better firewalls, less physical access, and encryption but most are not.
  • Big incidents (Target) increases pressure to upgrade all systems. Target’s backend was entry point via a vendor with free malware.
  • Nowadays EMV means getting a chip reader. It means securing the back end (ask Equifax…).
  • It used to mean signature too but no more.
  • Does not mean a PIN. With some consumers carrying multiple cards, it is impossible for them to use a secure PIN for each card because they’ll never remember.
  • Card data remains relatively safe on the front end (with CHIP) though there are many who still swipe (40%?) and IT Departments pay more attention to security on back end. One could argue penalties for breaches be increased as money is best motivator. See HIPAA privacy.

Because the chips are supposedly impossible to clone, smart cards offer vastly improved security compared with magstripe-only cards. But while smart cards include a magstripe along with the integrated circuit for backwards compatibility, the improved security only applies when used with an EMV-compliant card reader.

Although EMV compliance is an ongoing process in the United States, EMV technology has been standard in Europe for years with chip-and-PIN standard and contactless payment cards exploding.

“The card I use for business is probably 60% chip and pin 40% contactless by number of transactions, and I don’t think I’ve ever been asked to confirm a contactless payment by providing my pin,” said Nigel Seed, who runs KioWare Europe now. “A lot of people simply mistrust contactless and refuse to ever use it, in fact some people contact their bank and tell then to send them a replacement card without that facility, but busy metro type professionals typically do use it more than the average.”

To incentivize businesses to upgrade their card readers to EMV-compliant devices, the four major U.S. credit card issuers – Visa, MasterCard, American Express and Discover – established Oct. 1, 2015 as the deadline when credit card fraud liability will shift to merchants or processors if they do not have an EMV payment system ready.

If fraudulent card use occurs at a merchant that has not upgraded their equipment to EMV technology, the merchant eats the cost of the chargeback along with any fines or fees that may be levied. If that merchant’s processor has not made an EMV-compliant solution to the merchant, or if the card issuer has not issued EMV-compliant cards to its cardholders, the processor or card issuer assumes the liability.

Despite that deadline, though, deployers of self-service devices have been slow to bring those devices into compliance with EMV, in part due to the complexity and cost of upgrading. Making a kiosk or other self-service device EMV-compliant isn’t simply a matter of swapping out a card reader. Along with upgrading the payment terminal and software, other infrastructure involved in the transaction, such as data storage devices, must be upgraded as well.

EMV compliance affects all systems involved in the payment process, not just the payment terminal. Data warehouses are likely the biggest target of all and the eventual destination of data provided at a public terminal. If a retailer takes that highly encrypted data and then stores it as plain text on some in-house data warehouse that thru the vagaries of Microsoft networking is accessible via a simple vendor logging into a portal, they are vulnerable to EMV compliance issues.

In addition to upgrading hardware, compliance also involves the processor and the card issuers certifying that transactions are originating from an EMV-certified device, and that all software and middleware is PCI-DSS complaint as well as being compliant with international operability standards established by EMVCo, the consortium that manages EMV standards. That process could take several months.

What About A Pin Pad?
When do I need a PIN pad? Here are the basics:

The United States has historically had two kinds of Cardholder Verification Methods (CVM); PIN for debit transactions and signature for credit transactions at attended terminals. A signature was not valid for unattended scenarios under the logic that a kiosk can’t check an ID or signature.

In recent weeks card brands declared Signature to be obsolete and optional in the United States. This really had no impact on unattended as the standard for unattended credit purchases was No CVM.

The vast majority of debit cards issued in the US are called “dual application,” meaning they also carry one of the card brand logos and as such can be used on both debit networks (with PIN) and credit networks (optional signature). Think of the phrase ”Visa check card.” The transaction is performed on the credit network, but the money really comes out of your checking account as opposed to a line of credit.

Acceptance of PIN debit at a kiosk is optional, although there are cases where acceptance of debit is beneficial, such as bill pay kiosks where transactions could be potentially very large. This would be advantageous to a bill pay kiosk businesses when you consider a debit transaction has a fixed cost, while a credit transaction has a percentage of the sale amount fee.

From the perspective of fraud protection it is sort of a non-factor because crooks don’t go around paying their bills with stolen cards. In the case of a kiosk in the mall selling $200 headphones, though, it would be advantageous from a cost of transaction perspective as well as the prevention of card fraud and product loss.

Deciding if having a PIN pad on the kiosk is right for you really comes down to a few factors:

What is the average sale amount, and considering that amount does the potential savings of the fixed cost of a debit transaction vs the % cost of a credit transactions justify the increased hardware cost of adding a PIN pad for debit acceptance? Essentially, what is the ROI of the PIN pad and ability to accept debit?

What is the risk and true cost of loss of product at my kiosk, and does that warrant the cost of a PIN pad?

As an example, let’s say a photo kiosk sale amount maxes out at $50, and using an estimated credit transactional cost of 3.5% as a baseline, transactions will cost $1.75 to run as credit. Given debit transactions typically hover around $1.25/$1.50, the outcome of the financial decision tree says maybe the increased solution cost of the kiosk with PIN pad isn’t showing a strong ROI, or at least one that cannot be realized in the short term.

Furthermore, the risk and cost of lost product is low, and it will take selling a lot of prints to make up for the cost of the PIN pad. In this example it would make sense to forgo PIN debit acceptance at the kiosk and instead process debit cards over the credit network.

“Each payment processor generally drives their own certifications, so timing varies pretty dramatically between payment processing certification teams,” said George Hudock, who handles business development with Datacap Systems, a developer of integrated payment systems.

“Most kiosk providers will use a third-party payments solution to avoid the on-going EMV certifications and maintenance, so most are able to avoid the EMV certifications directly,” Hudock said. “However, EMV certifications for unattended devices generally take 3-5 months once queued.”

Although it’s difficult to tell how many non-EMV-compliant kiosks are out in the field, experts say 50-60 percent of point-of-sale terminals aren’t EMV compliant. It’s likely that the percentage of non-EMV-compliant kiosks is similar. Still, experts say it could be several years before the vast majority of self-service devices in the marketplace are brought in line with EMV regulations.

Overall, the EMV migration in the United States is proceeding as well and as speedily as anyone could reasonably expect considering the somewhat tortured circumstances in which it was launched and the technical complexity and costs of its implementation, said Leland Englebardt, Practice Leader, Financial Services at New York-based UpshotAdvisors.

“Remember, it was not long after Dodd-Frank was enacted, which required many significant changes in payment card infrastructure, economics and rules,” Englebardt said.

“We are beginning to see the results in less counterfeit card fraud, which is good for everybody,” he said. “However, the security of EMV is materially enhanced by adding point-to-point tokenization and encryption. As cyber-crime is now the most active and challenging area of payments fraud, it’s possible that in the near future we will see more mandates and/or liability shifts for those technologies.”

EMV confusion still reigns

Part of what seems to be hampering EMV compliance is a lack of clarity on the part of deployers over where kiosks fall under EMV regulations. Is there a difference between attended and unattended devices? What about those that accept or dispense cash?

According to Visa’s Transaction Acceptance Device Guide Version 3.1, the term Unattended Cardholder Activated Terminal (UCAT) refers to an acceptance device managed by a merchant that dispenses goods or services, at which the card and cardholder are present, but the functions and services are provided without the assistance of an attendant to complete the transaction. These devices include cardholder activated fuel pumps, self-service vending units, and self-service payment devices in parking garages or at parking meters.

Devices that support cash dispensing and provide goods and services must comply with the Visa rules and regulations appropriate to the transaction:

• When dispensing cash, the device is considered an ATM and, therefore, must adhere to the Visa rules and regulations for ATMs.
• When dispensing goods or services, the device is considered a UCAT and must adhere to the Visa rules and regulations for unattended purchases.

Although unattended devices (e.g., ATMs, UCATs) may dispense goods and services as well as cash, transactions involving a purchase with cash back are not allowed. In other words, an unattended device may dispense either cash or goods and services in a single transaction but not both. In addition, UCATs that dispense scrip are not addressed because the Visa rules and regulations prohibit Visa card products from being used for scrip transactions. (Scrip is a two-part paper receipt redeemable for goods, services or cash.)

Attended Cardholder Activated Terminals, such as self-checkout terminals in supermarkets, are not considered UCATs and therefore are not required to meet UCAT requirements.

The guide also mentions a third category, “semi-attended,” to describe Semi-Attended Cardholder Activated Terminals in the Europe Region.

Semi-Attended Tips
If you want to benefit from low cost EFT like Verifone VX820 series (<200USD) and you want to install in Semi-Attended environment you should cover unneeded and unwanted functions by a plastic form.

Pyramid did it for instance in the McD Europe case. The customer can benefit from the low cost EFT and the “white” form embeds the EFT in an elegant and ergonomic way and in same time it covers the magnetic card function on the side of VX820 which would be not needed and would only make customers unsecure which way to use the device. With our embedded form, that ensures that the customer uses or NFC or Chip Card function.

McDonalds EFT
Click for full size

“This has resulted in self-service manufacturers creating a third optional semi-attended solution, in conjunction with VISA, for those situations,” said Frieder Hansen, co-CEO of Germany’s Pyramid Computer. “Instead, for example, a plain IPP350 or 820 being used (attended), or for purposes of a UCAT using Ingenico 250 series, the third solution would be using an inspectable key-lockable option with a terminal like a 350.”

There is a perception that kiosks are always considered unattended from an EMV perspective, said Allen Friedman, VP of Payment Solutions at Ingenico Group.

“This is not always true,” Friedman said. “Some self-service implementations in attended environments where employee assistance is available, like at the grocery store, can be considered attended devices. If there is any time period where no assistance is available, then it is considered an unattended solution.”

There is also a card brand requirement for unattended devices to make a printed receipt available to cardholders for transactions above $15, Friedman said.

“Designs for kiosks intended to provide merchandise or services above that amount should include a receipt printer with their models to insure compliance,” he said.

Taking the risk

Although kiosk deployers are still asking for non-EMV compliant solutions, kiosk manufacturers seem to be coming down firm on needing EMV-compliant payment solutions for any custom deployment. New projects are likely to take EMV into account throughout the process.

On the other hand, some deployers are likely to stick with non-EMV compliant kiosks to the end of their lifespan.

“Deployers aren’t as educated on this as they need to be,” Laura Miller with KioWare said. “They think it doesn’t apply to them, aren’t aware of the risk or think that the risk isn’t high enough to warrant the additional cost.”

EMV-certified options are also still relatively limited, so kiosk providers’ preferred payments providers may not yet have an EMV-certified option for unattended applications.

“Kiosks are also expensive to upgrade to EMV due to a required change in casework to accommodate the updated EMV device,” Hudock said.

EMV & Cloud Services
EMV credit transactions thru the cloud makes things easier. Keyboard wedge changed to HID changed to USB and now changes to Ethernet. A hospital environment with a copay for example in old days would require direct integration between the check-in device and the credit terminal. Which payment processor becomes an issue along with who writes the code.Nowadays you can offload the credit portion via cloud services and all that is required on the check-in or check-out terminal is simple HTTP and JSON call for authorization. The credit device takes over, conducts the transaction (thru preferred provider) via EMV certified kernel and then notifies the check-in/check-out that the transaction is complete.

You eliminate the development cost, and the credit devices can be leased monthly to reduce the upfront cost of going EMV.

You do need an ethernet connection though.
EMV Cloud Service

“The kiosk industry is more fragmented than retail/restaurant,” Hudock said. “This means that there are often multiple constituents involved in delivering the kiosk that need to be involved in the upgrade process, including hardware OEMs, software developers, payments middleware providers, payment processors and installers. Kiosk upgrades tend to take a little more time and planning than retail/restaurant due to the number of involved parties.”

Some of the reluctance for kiosk deployers to adopt EMV is understandable. If the kiosk is near the end of its life cycle, a deployer may choose to ride it out until it’s time to replace the entire device. In addition, the relatively low transaction averaged for many kiosks translates to less overall chargeback risk, which in turn means less incentive to upgrade.

Should a deployer choose to skip making their units EMV compliant, though, at the very least they should place additional attention on security to minimize the possibility of fraud. Those steps could include data clearing technology and secure browsers, end session on a particular page, session timeouts and so forth. In addition, point-to-point encryption and tokens are valuable security measures. P2PE ensures that card data is encrypted at the time of card insertion and maintains that encryption until it’s routed offsite. Tokens ensure that card data is not stored locally for voids or recurring transactions.

“There is less risk of internal compromise of data for a kiosk due to the hardened nature of the casework, but the largest card data security problem facing kiosks is likely card skimmers,” Hudock said. “Because these are generally placed on top of an existing reader, the card is skimmed before security measures like encryption or EMV would have any impact. Merchants need to periodically check their kiosks to confirm that they haven’t been tampered with.”

And as EMV cards and terminals become ubiquitous, banks’ authorization parameters may evolve to limit fallback approvals.

“A kiosk operator who doesn’t upgrade to EMV may find it harder and harder to get a positive mag stripe authorization,” Englebardt said.

“Notwithstanding the liability shift, banks seek to avoid the risk of counterfeit card chargebacks that trigger replacement/reissuance costs and cardholder attrition,” he said. “So revenue erosion is an additional long term business risk for kiosk operators not adopting EMV.”

Other Problems with EMV
So you reside in U.S. and all your cards (for the last year) are the sturdier Chip cards right? And no problems since right?Well, not exactly. The process of manufacture still has kinks. Personally two of my cards have failed just due to electronic failure (both of them from Chase). So malfunctioning cards are a problem.

My Chip cards have needed to be replaced due to fraud instances twice (rarely did before). I am a low volume very restricted credit card user (except for online accounts). Why the increase of breaches?

At the end of the day, though, what’s likely to motivate deployers to upgrade their devices will be the news of a major chargeback and fine associated with a device that wasn’t EMV-compliant.

“There are beginning to be some fines but not publicized and none that would be considered punitive by any measure,” said Geoff Leopold, division manager with Heartland Payment Systems. Still, it’s likely just a matter of time before a major incident occurs.

In addition, some payment processors have begun charging their customers EMV non-compliance fees. Those fees can vary, coming as a flat monthly or annual charge or a percentage of the deployer’s processing volume.

“The bottom line is that processors and banks want you to move to EMV equipment because it’s more secure for everyone,” write Ellen Cunningham in an article on the website CardFellow.com. “If you’ve been holding off on EMV-capable equipment you may want to think about upgrading before more processors begin imposing expensive fees.”

EMV Resources

How EMV works.

EMVCo manages EMV specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. EMVCo is a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.

US Payments Forum — The U.S. Payments Forum (the “Forum”) is a cross-industry body focused on addressing issues that require broad cooperation and coordination across many constituents in the payments industry.  Part of Secure Technology Alliance (see below).

The EMV Connection website provides up-to-date EMV migration information and educational resources. One of those is Chip Cards Facts-at-a-Glance.  It is now US Payments Forum.

EMV Resources page of the Card Acquiring Service (CAS). Offers information and links to helpful EMV information, including the federal government’s move to EMV chip and PIN-enabled card acceptance.

Secure Technology Alliance — The Alliance brings together leading providers and adopters of end-to-end security solutions designed to protect privacy and digital assets in a variety of vertical markets

EMV Contributor Acknowledgements

Thanks to all from us!

 

Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market

EMV Solution by Apriva

ROSH PINNA, Israel, Feb. 12, 2018 /PRNewswire/ — Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market

Source: www.prnewswire.com

“This partnership delivers an affordable, semi-integrated EMV solution for self-service markets,” said Scott Dowty, chief revenue officer at Apriva. “Kiosk retailers, micro-markets, vendors and other self-service merchants can increase their revenues by accepting more forms of cashless payments, easily integrated via Windows or Linux SDK, and reducing their PCI scope through end-to-end encryption.”

 

The interactive self-service OTI kiosk payment solution is available in the U.S. through OTI’s Las Vegas-based distributor, Unattended Card Payments Inc.

OTI Receives Purchase Orders for Thousands of Payment Systems to be Installed at Leading U.S. Food Chains and Kiosk Operators

OTI Receives Purchase Orders for Thousands of Payment Systems to be Installed at Leading U.S. Food Chains and Kiosk Operators

Source: www.broadwayworld.com

Pretty nice device and it is used quite a bit. Not sure about gist of this press release.