Category Archives: EMV PCI

Feature – EMV Self-Service Update for Self-Order Kiosks 2018

EMV Update for Self-Order Kiosks

EMV deadlines have arrived, but many choose to skip the upgrade. EMV is still split into two big camps. One that is compliant and the other which will  be, but not yet.   Our prime supporting sponsor for this update is KioWare. Thanks!

EMV card reader
Ingenico is the largest provider of self-service EMV for unattended and contributed to this resource article.

By Richard Slawsky contributor

Richard Slawsky is an Educator and freelance writer, specializing in the digital signage and kiosk industries.Louisville, Kentucky Area

Which costs more, complying with new regulations or not complying and hoping for the best?

The question is particularly relevant when it comes to kiosk deployers complying with Europay, Mastercard and Visa (EMV) regulations. Invest in upgrading equipment, or run the risk of being hit with chargebacks and fines in the event of fraud?

Although the lack of clear incentives or financial impacts have prompted some to skip those upgrades, it may be wiser to begin the planning process now. When the inevitable kiosk fraud case makes headlines, it will likely set off a compliance rush that may leave some deployers waiting months or years to get their devices upgraded and certified.

Meeting EMV deadlines

The Wikipedia entry for EMV defines it as “a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.” EMV “smart cards” store their data on integrated circuits in addition to the traditional magnetic stripes.

The Path to EMV
  • CC readers as keyboard wedge. They take input & then act like a keyboard echoing out the numbers thru port.
  • Credit companies keep data on unprotected and unencrypted servers.
  • Europe sees better way & requires solid encryption paired with a PIN (aka Chip and Pin).
  • The US defers requiring that for time being and does not follow Europe’s lead.
  • Growth of Internet and rise of credit cards Mastercard and VISA in US agree that encryption is a good thing. Maybe even a PIN…
  • EMV liability timetable put in motion. ATMs hugely affected (in US only) as are retailers.
  • CC readers add encryption in advance. Magtek and IDTech good examples. Instead of open Keyboard Wedges we now have encryption capabilities. No chip, though, and no PIN.
  • Deadline nears – everybody knows it is time to use chips, assuming liability for not doing so is above profit threshold. Somebody that does relatively small transactions will never be a target for stolen credit cards (Redbox e.g.). Does liability outweigh cost of upgrading, and affecting bottom line and potentially share price?
  • Signature used or zip code as presumed id token.
  • Data systems becoming more secure with better firewalls, less physical access, and encryption but most are not.
  • Big incidents (Target) increases pressure to upgrade all systems. Target’s backend was entry point via a vendor with free malware.
  • Nowadays EMV means getting a chip reader. It means securing the back end (ask Equifax…).
  • It used to mean signature too but no more.
  • Does not mean a PIN. With some consumers carrying multiple cards, it is impossible for them to use a secure PIN for each card because they’ll never remember.
  • Card data remains relatively safe on the front end (with CHIP) though there are many who still swipe (40%?) and IT Departments pay more attention to security on back end. One could argue penalties for breaches be increased as money is best motivator. See HIPAA privacy.

Because the chips are supposedly impossible to clone, smart cards offer vastly improved security compared with magstripe-only cards. But while smart cards include a magstripe along with the integrated circuit for backwards compatibility, the improved security only applies when used with an EMV-compliant card reader.

Although EMV compliance is an ongoing process in the United States, EMV technology has been standard in Europe for years with chip-and-PIN standard and contactless payment cards exploding.

“The card I use for business is probably 60% chip and pin 40% contactless by number of transactions, and I don’t think I’ve ever been asked to confirm a contactless payment by providing my pin,” said Nigel Seed, who runs KioWare Europe now. “A lot of people simply mistrust contactless and refuse to ever use it, in fact some people contact their bank and tell then to send them a replacement card without that facility, but busy metro type professionals typically do use it more than the average.”

To incentivize businesses to upgrade their card readers to EMV-compliant devices, the four major U.S. credit card issuers – Visa, MasterCard, American Express and Discover – established Oct. 1, 2015 as the deadline when credit card fraud liability will shift to merchants or processors if they do not have an EMV payment system ready.

If fraudulent card use occurs at a merchant that has not upgraded their equipment to EMV technology, the merchant eats the cost of the chargeback along with any fines or fees that may be levied. If that merchant’s processor has not made an EMV-compliant solution to the merchant, or if the card issuer has not issued EMV-compliant cards to its cardholders, the processor or card issuer assumes the liability.

Despite that deadline, though, deployers of self-service devices have been slow to bring those devices into compliance with EMV, in part due to the complexity and cost of upgrading. Making a kiosk or other self-service device EMV-compliant isn’t simply a matter of swapping out a card reader. Along with upgrading the payment terminal and software, other infrastructure involved in the transaction, such as data storage devices, must be upgraded as well.

EMV compliance affects all systems involved in the payment process, not just the payment terminal. Data warehouses are likely the biggest target of all and the eventual destination of data provided at a public terminal. If a retailer takes that highly encrypted data and then stores it as plain text on some in-house data warehouse that thru the vagaries of Microsoft networking is accessible via a simple vendor logging into a portal, they are vulnerable to EMV compliance issues.

In addition to upgrading hardware, compliance also involves the processor and the card issuers certifying that transactions are originating from an EMV-certified device, and that all software and middleware is PCI-DSS complaint as well as being compliant with international operability standards established by EMVCo, the consortium that manages EMV standards. That process could take several months.

What About A Pin Pad?
When do I need a PIN pad? Here are the basics:

The United States has historically had two kinds of Cardholder Verification Methods (CVM); PIN for debit transactions and signature for credit transactions at attended terminals. A signature was not valid for unattended scenarios under the logic that a kiosk can’t check an ID or signature.

In recent weeks card brands declared Signature to be obsolete and optional in the United States. This really had no impact on unattended as the standard for unattended credit purchases was No CVM.

The vast majority of debit cards issued in the US are called “dual application,” meaning they also carry one of the card brand logos and as such can be used on both debit networks (with PIN) and credit networks (optional signature). Think of the phrase ”Visa check card.” The transaction is performed on the credit network, but the money really comes out of your checking account as opposed to a line of credit.

Acceptance of PIN debit at a kiosk is optional, although there are cases where acceptance of debit is beneficial, such as bill pay kiosks where transactions could be potentially very large. This would be advantageous to a bill pay kiosk businesses when you consider a debit transaction has a fixed cost, while a credit transaction has a percentage of the sale amount fee.

From the perspective of fraud protection it is sort of a non-factor because crooks don’t go around paying their bills with stolen cards. In the case of a kiosk in the mall selling $200 headphones, though, it would be advantageous from a cost of transaction perspective as well as the prevention of card fraud and product loss.

Deciding if having a PIN pad on the kiosk is right for you really comes down to a few factors:

What is the average sale amount, and considering that amount does the potential savings of the fixed cost of a debit transaction vs the % cost of a credit transactions justify the increased hardware cost of adding a PIN pad for debit acceptance? Essentially, what is the ROI of the PIN pad and ability to accept debit?

What is the risk and true cost of loss of product at my kiosk, and does that warrant the cost of a PIN pad?

As an example, let’s say a photo kiosk sale amount maxes out at $50, and using an estimated credit transactional cost of 3.5% as a baseline, transactions will cost $1.75 to run as credit. Given debit transactions typically hover around $1.25/$1.50, the outcome of the financial decision tree says maybe the increased solution cost of the kiosk with PIN pad isn’t showing a strong ROI, or at least one that cannot be realized in the short term.

Furthermore, the risk and cost of lost product is low, and it will take selling a lot of prints to make up for the cost of the PIN pad. In this example it would make sense to forgo PIN debit acceptance at the kiosk and instead process debit cards over the credit network.

“Each payment processor generally drives their own certifications, so timing varies pretty dramatically between payment processing certification teams,” said George Hudock, who handles business development with Datacap Systems, a developer of integrated payment systems.

“Most kiosk providers will use a third-party payments solution to avoid the on-going EMV certifications and maintenance, so most are able to avoid the EMV certifications directly,” Hudock said. “However, EMV certifications for unattended devices generally take 3-5 months once queued.”

Although it’s difficult to tell how many non-EMV-compliant kiosks are out in the field, experts say 50-60 percent of point-of-sale terminals aren’t EMV compliant. It’s likely that the percentage of non-EMV-compliant kiosks is similar. Still, experts say it could be several years before the vast majority of self-service devices in the marketplace are brought in line with EMV regulations.

Overall, the EMV migration in the United States is proceeding as well and as speedily as anyone could reasonably expect considering the somewhat tortured circumstances in which it was launched and the technical complexity and costs of its implementation, said Leland Englebardt, Practice Leader, Financial Services at New York-based UpshotAdvisors.

“Remember, it was not long after Dodd-Frank was enacted, which required many significant changes in payment card infrastructure, economics and rules,” Englebardt said.

“We are beginning to see the results in less counterfeit card fraud, which is good for everybody,” he said. “However, the security of EMV is materially enhanced by adding point-to-point tokenization and encryption. As cyber-crime is now the most active and challenging area of payments fraud, it’s possible that in the near future we will see more mandates and/or liability shifts for those technologies.”

EMV confusion still reigns

Part of what seems to be hampering EMV compliance is a lack of clarity on the part of deployers over where kiosks fall under EMV regulations. Is there a difference between attended and unattended devices? What about those that accept or dispense cash?

According to Visa’s Transaction Acceptance Device Guide Version 3.1, the term Unattended Cardholder Activated Terminal (UCAT) refers to an acceptance device managed by a merchant that dispenses goods or services, at which the card and cardholder are present, but the functions and services are provided without the assistance of an attendant to complete the transaction. These devices include cardholder activated fuel pumps, self-service vending units, and self-service payment devices in parking garages or at parking meters.

Devices that support cash dispensing and provide goods and services must comply with the Visa rules and regulations appropriate to the transaction:

• When dispensing cash, the device is considered an ATM and, therefore, must adhere to the Visa rules and regulations for ATMs.
• When dispensing goods or services, the device is considered a UCAT and must adhere to the Visa rules and regulations for unattended purchases.

Although unattended devices (e.g., ATMs, UCATs) may dispense goods and services as well as cash, transactions involving a purchase with cash back are not allowed. In other words, an unattended device may dispense either cash or goods and services in a single transaction but not both. In addition, UCATs that dispense scrip are not addressed because the Visa rules and regulations prohibit Visa card products from being used for scrip transactions. (Scrip is a two-part paper receipt redeemable for goods, services or cash.)

Attended Cardholder Activated Terminals, such as self-checkout terminals in supermarkets, are not considered UCATs and therefore are not required to meet UCAT requirements.

The guide also mentions a third category, “semi-attended,” to describe Semi-Attended Cardholder Activated Terminals in the Europe Region.

Semi-Attended Tips
If you want to benefit from low cost EFT like Verifone VX820 series (<200USD) and you want to install in Semi-Attended environment you should cover unneeded and unwanted functions by a plastic form.

Pyramid did it for instance in the McD Europe case. The customer can benefit from the low cost EFT and the “white” form embeds the EFT in an elegant and ergonomic way and in same time it covers the magnetic card function on the side of VX820 which would be not needed and would only make customers unsecure which way to use the device. With our embedded form, that ensures that the customer uses or NFC or Chip Card function.

McDonalds EFT
Click for full size

“This has resulted in self-service manufacturers creating a third optional semi-attended solution, in conjunction with VISA, for those situations,” said Frieder Hansen, co-CEO of Germany’s Pyramid Computer. “Instead, for example, a plain IPP350 or 820 being used (attended), or for purposes of a UCAT using Ingenico 250 series, the third solution would be using an inspectable key-lockable option with a terminal like a 350.”

There is a perception that kiosks are always considered unattended from an EMV perspective, said Allen Friedman, VP of Payment Solutions at Ingenico Group.

“This is not always true,” Friedman said. “Some self-service implementations in attended environments where employee assistance is available, like at the grocery store, can be considered attended devices. If there is any time period where no assistance is available, then it is considered an unattended solution.”

There is also a card brand requirement for unattended devices to make a printed receipt available to cardholders for transactions above $15, Friedman said.

“Designs for kiosks intended to provide merchandise or services above that amount should include a receipt printer with their models to insure compliance,” he said.

Taking the risk

Although kiosk deployers are still asking for non-EMV compliant solutions, kiosk manufacturers seem to be coming down firm on needing EMV-compliant payment solutions for any custom deployment. New projects are likely to take EMV into account throughout the process.

On the other hand, some deployers are likely to stick with non-EMV compliant kiosks to the end of their lifespan.

“Deployers aren’t as educated on this as they need to be,” Laura Miller with KioWare said. “They think it doesn’t apply to them, aren’t aware of the risk or think that the risk isn’t high enough to warrant the additional cost.”

EMV-certified options are also still relatively limited, so kiosk providers’ preferred payments providers may not yet have an EMV-certified option for unattended applications.

“Kiosks are also expensive to upgrade to EMV due to a required change in casework to accommodate the updated EMV device,” Hudock said.

EMV & Cloud Services
EMV credit transactions thru the cloud makes things easier. Keyboard wedge changed to HID changed to USB and now changes to Ethernet. A hospital environment with a copay for example in old days would require direct integration between the check-in device and the credit terminal. Which payment processor becomes an issue along with who writes the code.Nowadays you can offload the credit portion via cloud services and all that is required on the check-in or check-out terminal is simple HTTP and JSON call for authorization. The credit device takes over, conducts the transaction (thru preferred provider) via EMV certified kernel and then notifies the check-in/check-out that the transaction is complete.

You eliminate the development cost, and the credit devices can be leased monthly to reduce the upfront cost of going EMV.

You do need an ethernet connection though.
EMV Cloud Service

“The kiosk industry is more fragmented than retail/restaurant,” Hudock said. “This means that there are often multiple constituents involved in delivering the kiosk that need to be involved in the upgrade process, including hardware OEMs, software developers, payments middleware providers, payment processors and installers. Kiosk upgrades tend to take a little more time and planning than retail/restaurant due to the number of involved parties.”

Some of the reluctance for kiosk deployers to adopt EMV is understandable. If the kiosk is near the end of its life cycle, a deployer may choose to ride it out until it’s time to replace the entire device. In addition, the relatively low transaction averaged for many kiosks translates to less overall chargeback risk, which in turn means less incentive to upgrade.

Should a deployer choose to skip making their units EMV compliant, though, at the very least they should place additional attention on security to minimize the possibility of fraud. Those steps could include data clearing technology and secure browsers, end session on a particular page, session timeouts and so forth. In addition, point-to-point encryption and tokens are valuable security measures. P2PE ensures that card data is encrypted at the time of card insertion and maintains that encryption until it’s routed offsite. Tokens ensure that card data is not stored locally for voids or recurring transactions.

“There is less risk of internal compromise of data for a kiosk due to the hardened nature of the casework, but the largest card data security problem facing kiosks is likely card skimmers,” Hudock said. “Because these are generally placed on top of an existing reader, the card is skimmed before security measures like encryption or EMV would have any impact. Merchants need to periodically check their kiosks to confirm that they haven’t been tampered with.”

And as EMV cards and terminals become ubiquitous, banks’ authorization parameters may evolve to limit fallback approvals.

“A kiosk operator who doesn’t upgrade to EMV may find it harder and harder to get a positive mag stripe authorization,” Englebardt said.

“Notwithstanding the liability shift, banks seek to avoid the risk of counterfeit card chargebacks that trigger replacement/reissuance costs and cardholder attrition,” he said. “So revenue erosion is an additional long term business risk for kiosk operators not adopting EMV.”

Other Problems with EMV
So you reside in U.S. and all your cards (for the last year) are the sturdier Chip cards right? And no problems since right?Well, not exactly. The process of manufacture still has kinks. Personally two of my cards have failed just due to electronic failure (both of them from Chase). So malfunctioning cards are a problem.

My Chip cards have needed to be replaced due to fraud instances twice (rarely did before). I am a low volume very restricted credit card user (except for online accounts). Why the increase of breaches?

At the end of the day, though, what’s likely to motivate deployers to upgrade their devices will be the news of a major chargeback and fine associated with a device that wasn’t EMV-compliant.

“There are beginning to be some fines but not publicized and none that would be considered punitive by any measure,” said Geoff Leopold, division manager with Heartland Payment Systems. Still, it’s likely just a matter of time before a major incident occurs.

In addition, some payment processors have begun charging their customers EMV non-compliance fees. Those fees can vary, coming as a flat monthly or annual charge or a percentage of the deployer’s processing volume.

“The bottom line is that processors and banks want you to move to EMV equipment because it’s more secure for everyone,” write Ellen Cunningham in an article on the website CardFellow.com. “If you’ve been holding off on EMV-capable equipment you may want to think about upgrading before more processors begin imposing expensive fees.”

EMV Resources

How EMV works.

EMVCo manages EMV specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. EMVCo is a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.

US Payments Forum — The U.S. Payments Forum (the “Forum”) is a cross-industry body focused on addressing issues that require broad cooperation and coordination across many constituents in the payments industry.  Part of Secure Technology Alliance (see below).

The EMV Connection website provides up-to-date EMV migration information and educational resources. One of those is Chip Cards Facts-at-a-Glance.  It is now US Payments Forum.

EMV Resources page of the Card Acquiring Service (CAS). Offers information and links to helpful EMV information, including the federal government’s move to EMV chip and PIN-enabled card acceptance.

Secure Technology Alliance — The Alliance brings together leading providers and adopters of end-to-end security solutions designed to protect privacy and digital assets in a variety of vertical markets

EMV Contributor Acknowledgements

Thanks to all from us!

 




For more information contact Kiosk Industry

Ingenico EMV Q&A – EMV adoption in the self-service industry: What’s taking so long?

ingenico kiosk

EMV adoption in the self-service industry – Q&A With John Menzel of Ingenico

Editor’s NoteThis article originally appeared in ATM Marketplace and just recently in Kiosk Marketplace . Thanks! For more information on EMV options we suggest you visit the Ingenico Unattended Self Service website.

Industry observers agree the unattended sector has lagged attended retail in adopting EMV. Payment equipment manufacturers have introduced a number of EMV-compliant devices, but many terminals have yet to implement them.

John Menzel, senior self service solutions manager at Ingenico Group, a leading payment equipment manufacturer, recently offered his insights on progress in the self service sector toward EMV compliance.

Following are Menzel’s answers to questions posed by Kiosk Marketplace.

Q: What is the current state of EMV adoption in self-service?

A: EMV adoption in the self-service industry is still in the beginning stages of adoption. However, there are steps being taken from both a hardware and software perspective to increase the security of the payment devices deployed in self-service.

This includes PCI-certified devices running in a point-to-point-encrypted environment with secure read encrypted device capability, known as SRED. In this manner, all card data is encrypted at the time of the transaction to ensure security. This is an interim step before full EMV compliance.

Q: How do EMV compliance regulations affect kiosk operators?

A: Gaining EMV compliance is a process which needs to be completed any time a new combination of payment device, software and gateway/processor is created. The steps taken include utilizing PCI-certified devices, working with qualified security assessor auditors, working with certified payment gateway providers and changing the flow of the software applications to support EMV tags, etc.

So it is a step-by-step process that is a different motion and requires different partners than operating in a nonsecure world. Couple this with the fact that many operators don’t feel the need to upgrade, since they are not currently liable for fraudulent transactions under $20.

Q: What are the benefits of EMV technology?A: There are many benefits of utilizing a PCI-certified EMV solution, including insuring not only end-to-end security of the payment transaction, but insuring rogue devices and skimmers can’t be inserted or card readers removed without anti-tamper switches going off.From a consumer perspective, it gives them confidence to utilize their payment cards when making a purchase at an EMV-enabled self-service kiosk, which provides a similar experience to that which they are used to at a brick-and-mortar retailer.

From an operator perspective, it gives them the future protection of being EMV compliant, especially as higher ticket items are being offered from unattended solutions, like Best Buy’s kiosks.

Q: How does EMV acceptance improve the customer experience?

A: The more the self-service industry can emulate the brick-and-mortar experience, the better. Consumers are now used to inserting their chip cards into EMV readers at supermarkets, retail stores, quick-serve restaurants and more. Consumers understand EMV use — dipping their chip card into a reader — is supposed to be more secure. Implementing EMV at self-service gives them that security and confidence.

Q: How can kiosk operators seamlessly make the switch to EMV?

A: I wouldn’t call it a seamless experience to upgrade from non-PCI compliant, non-EMV solutions. It is more an evolution with incremental steps being taken.

This includes utilizing PCI-certified payment devices, upgrading the software applications to be EMV compliant, utilizing payment gateways that can operate in P2PE manner and undergoing quality security assessor audits of the end-to-end solution.

The future state of self-service is turning the kiosk into a stand-alone store, and secure payment is one of the services that needs to be offered and integrated into the solution for it to be effective.

 


Elliot Maras
 is the editor of KioskMarketplace.com and FoodTruckOperator.com.




For more information contact Kiosk Industry

Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market

EMV Solution by Apriva

ROSH PINNA, Israel, Feb. 12, 2018 /PRNewswire/ — Apriva & OTI Partner for Exclusive Client-Friendly Payment Solution in the North American Market

Source: www.prnewswire.com

“This partnership delivers an affordable, semi-integrated EMV solution for self-service markets,” said Scott Dowty, chief revenue officer at Apriva. “Kiosk retailers, micro-markets, vendors and other self-service merchants can increase their revenues by accepting more forms of cashless payments, easily integrated via Windows or Linux SDK, and reducing their PCI scope through end-to-end encryption.”

 

The interactive self-service OTI kiosk payment solution is available in the U.S. through OTI’s Las Vegas-based distributor, Unattended Card Payments Inc.




For more information contact Kiosk Industry

White Paper – Payment Processor for Kiosks

payment gateway
EMV Kiosk

The Value of Payment Gateways for Kiosks

When a merchant wants to accept payments through their unattended kiosk, they are faced with many processing choices and industry complexities.  Whether forming multiple direct integrations to processors or utilizing one-to-many processing solutions provided by middleware or gateways, kiosk operators and merchants have a lot to consider.

A payment integration to a gateway or processor can require a great deal of time and resources.  Kiosk operators also need to assess ongoing remote maintenance and how to support multiple integrations.  In addition, there are various industry, regulatory and compliance requirements (like EMV and PCI DSS) to follow, as well as value-added security features such as end-to-end encryption or tokenization for recurring payments to consider.  The payment process and user interface must attract and retain the customer through the entire payment process.  As most kiosk users are untrained, transaction abandonment is common with a slow or cumbersome user interface.

This whitepaper will evaluate the benefits and costs of integrating payments via a gateway versus via direct processor connections, plus explore the other potential value points a gateway partner can provide kiosk operators and merchants.

Gateways and Payment Processors Defined

With the payment landscape growing more complex every year, merchants are seeking more sophisticated technologies to help them accept diverse forms of payment and integrate payment data with their other systems, such as inventory management, accounting and more.  Kiosk operators need systems designed for ease of use, speed and security, and payment gateways and payment processors are two of the most widely used solutions for payment acceptance.

A gateway is essentially a secure cloud-based platform that connects credit card payments from merchant points of sale (POS) to their processors, thereby facilitating the authorization and settlement of payment transactions.  Why have a gateway in the middle of this important relationship?  The short answer is for security and flexibility, but the details and other benefits will be expanded below.

A payment processor is a company (often a third party) appointed by a merchant to handle transactions from various channels, such as credit cards and debit cards for merchant acquiring banks.  They are usually two types: front-end and back-end processors.  Front-end processors have connections to various card associations and supply authorization and settlement services to merchants.  Back-end processors accept settlements from front-end processors and move money from issuing bank to the merchant bank.

Pros and Cons of Leveraging a Gateway

Gateways provide several benefits to kiosk operators that are integrating payments into their offerings:

  • A single connection to a gateway leverages that gateway’s multiple connections to many processors, enabling kiosk operators to have more freedom to choose their processor partners and accommodate a broader customer base with very different payment needs.  Connecting once to access multiple payment processors is much more cost-effective and efficient than creating multiple direct processor connections.
  • Access to the gateway provider’s reseller base, which gives kiosk operators connections to potential channel partners and greatly increases growth opportunities.
  • PCI DSS compliance of each processor connection, securely routing card data from the POS system to the processor of choice—again all delivered via the single connection to the gateway.
  • Access to PCI scope-reduction tools, like end-to-end encryption, EMV and tokenization, which limit the kiosk operator’s exposure to handling sensitive card data and potential fraud.
  • Lower upkeep and maintenance costs due to the fact that the gateway provider handles the bi-annual card brand releases and enhancements required by card brands and processors.

The price of leveraging these gateway benefits is typically a gateway transaction fee—an expense in addition to the interchange fees charged by processors.  While the gateway fee is typically nominal, the expense can add up over time as transaction volumes grow.

Pros and Cons of Direct Connections

The main benefit of direct connections is that they eliminate incremental transaction fees typically associated with gateways, because direct processor connections cut out the “middle man” with a select processor.

However, there are additional costs in both funds and time accompanying direct processor connections:

  • Merchant have fewer choices for payment processors—typically only the one processor is directly connected.
  • Kiosk operators are personally responsible for PCI compliance, which is an ongoing and labor-intensive process.  Even when using a PCI DSS-compliant level one service provider, the kiosk operator will still need to adhere to any applicable PSI DSS obligations set forth by their acquirer, based on processing environment, volume of transactions and policies/procedures.
  • It takes a substantial amount of work (and, therefore, cost) to certify and maintain each individual connection, comply with PCI data security standards, and perform necessary updates for card brand and processor bi-annual releases.  This can result in a very expensive, time-consuming and resource-intensive effort for kiosk operators who wish to handle payments processing development themselves.

Integrating with direct connections and certifying EMV transactions for every chosen processor requires several steps, each of which can each take weeks or months to complete:

  1. Submitting and getting approval from the payment processors for an EMV Application Request
  2. Assigning a Certification Analyst and acquiring Magnetic Stripe Reader (MSR) Certification
  3. Completing pre-certification EMV Testing
  4. Completing subsequent EMV certification with individual card brands (These certifications are device- and processor-specific, and separate for Visa, MasterCard, Discover and AMEX)

Repeating this process for each connection is extremely costly to initiate and maintain.  Kiosk operators must certify each desired hardware to each desired processor, and any alterations to the payment application requires a new EMV certificate.

EMV for Kiosk Operators

With the implementation of EMV cards in the U.S., kiosk merchants are seeing improved security for consumers and decreased fraud for merchants.  With these benefits, come a few challenges, the first of which is that kiosks are usually unattended devices.  Since the kiosks are not using a basic POS terminal, an original equipment manufacturer approved for unattended use is needed for Level 1 EMV compliance.  Level 1 EMV compliance relates to the hardware housing the terminal, which must have a higher degree of security to prevent people from accessing the keys to the data.  The next stage of EMV compliance (Level 2) refers to the software. Transactions happen between the POS device and bank exclusively, removing liability from the kiosk operator.  

EMV compliance can be complicated and costly, but it marks a significant shift in liability in the U.S.  Using a secure payment gateway can help to streamline this process for kiosk operators and remove the burden of securing EMV certifications for each payment type.

Other Benefits of Gateways for Kiosk Operators

While direct integration can be time-consuming and expensive, integrating with a gateway provides kiosk operators with several key benefits that reduce ongoing operational costs, labor and maintenance.

  • More Options and Flexibility

Gateways typically enable the ability to connect to more processors than direct connections so merchants have the freedom to choose the partners that work best for their business.  The more connections and channel partners that your gateway provider offers, the more flexible payment options that are available for kiosk merchants.  With customer analytics growing quickly, kiosk merchants can provide a customized experience for their users, including user recognition through card number, email address and more.

  • Top-Notch Security

Be sure to select a gateway provider that has a reputation for top-notch safety and security.  Features to look for include advanced security features like end-to-end encryption, tokenization and hosted payment screens, in addition to EMV compliance for a comprehensive layered security approach.

  • Industry-Specific Solutions

Gateway technology can be tailored for a variety of niche markets like vending, parking, car washes, golf courses, and ticketing, plus a wide array of traditional payments terminals, so look for a provider that meets your specific vertical market needs.

  • Semi-Integrated Solutions to Save Time and Effort

Semi-integrated solutions allow kiosk operators to add EMV support quickly and easily using their existing payment solutions, saving significant time, effort and resources.  EMV reduces the liability for kiosk merchants, shifting more liability to the cardholder’s bank, significantly reducing risk to the kiosk merchant.

  • Increased Growth Potential

Gateway providers sometimes have a large reseller base.  For those that do, granting kiosk operators access to the gateway’s reseller base gives those kiosk operators connections to potential channel partners, greatly increasing growth opportunities.

  • Speed & Service

Gateways should provide a consistent level of service to enhance the payment process for the customer.  Speed of a transaction is especially important during heavy use.  A slow system can drive customers away during the payment process and reduce the sales volume. Kiosks must be able to function well at a high volume without the system slowing or shutting down.

  • Dynamic Routing for Fast and Easy Payment Device Management

Gateways should feature dynamic routing across platforms and services, meaning devices are boarded once and can send transactions anywhere.  This consolidates payments and data from different platforms into one simple, easy-to-use interface, and translates across reporting, risk management and billing for all devices, which dramatically reduces the work required to maintain these connections.  As kiosk users are generally untrained, a fast, reliable experience is required to maintain current users and gain new users. Sales are often abandoned due to system delays or an interface that is not user friendly. Look for a gateway provider that allows acquired portfolios of devices to easily be added, and supports functions like recurring billing.

  • Preferred Rates

Some gateways can convey preferred rates for small-ticket Visa and MasterCard transactions, further validating the ROI of connecting to a gateway, especially for kiosk markets with lower average sales tickets.

  • Flexibility to Support New Technology

Gateway providers continually add support for new payments technologies as they emerge, which helps future-proof solutions and keep them compliant with updated PCI regulations.  Ensuring the kiosk merchants can utilize the latest mobile options, such as Apple Pay, Wallet and more with a future-proof solution.

Which Integration Path is Right for You?

Establishing and maintaining individual connections with processors may seem more empowering and cost-effective at first glance, but it can be quite costly and resource-intensive over the long term.  Many payments solution providers are turning to gateways to provide their merchants (and customers) with more options.  However, each kiosk provider or merchant must weigh the pros and cons, and choose an integration path that works best for their business.

By Justin Passalaqua
Director of Sales at Apriva, LLC
[email protected]
(480) 423-7724

For more information on payment gateways and processors visit Apriva website.




For more information contact Kiosk Industry

Ingenico Releases iUC150B Contactless Reader

New reader is smaller with higher level of security.

ingenico contactless kiosk reader
Click to see full image

FAQ’s
What is the iUC150B availability?
 It is available now for kiosk integration with both RBA and UIA applications.

What is the intended iUN configuration for the iUC150B?
 It is intended to work with: IUP250 V3.0 & iUR250 V3.0. It is fully backward compatible with PCI V3.0
components. In the future when the iUP250 V4 and iUR250 V4 are available it will also work with them.
The PCI certification level is on a per component basis.

What are the primary differences between devices and the benefits of the iUC150B?
 Major differences are the smaller form factor (allowing kiosk real estate savings) and PCI V4.0 certification
(higher security, SRED compliant).

Which SDK’s support the iUC150B? Any other special requirements?
 Yes, SDK Core = 9.26.2.01 Addon Unattended = 6.4.0.01. Please see your SE for complete requirements.

When is the iUC150 EOL ?
 The current plan is to announce the iUC150 EOL in January 2017.

Ingenico Contactless Kiosk Reader PDF

ingenico-iself-iuc150b-update-nov-2016




For more information contact Kiosk Industry

Highlights from Money20/20 2016 (with images, tweets) · ingenico

ingenico self-serviceThe world’s largest payments event closed its doors last week. During the 4 days, Ingenico Group showcased its most innovative payment solutions, empowering in-store, online and mobile commerce, and revealed the winner of Money20/20 hackathon. Here are the best moments of the event!

Source: storify.com

iSMP4 Companion, Moby/3000 bluetooth 4.0 mPOS, Android Pay, Connected Screens and TapHero




For more information contact Kiosk Industry

Ingenico Launches Unique Enterprise Class mPOS Solution

The iSMP4 Companion, multi-bay docking station and universal tablet enclosure offer enhanced mobile use for the most demanding, fast-paced payment environments

Source: www.ingenico.com

From Money 20/20 in Vegas new mPos tablet iteration from Ingenico

ismp4 brochure

More info

L: 116

W: 72

Depth 18.5

 

ismp41

ismp41b

ismp42

ismp43




For more information contact Kiosk Industry

EMV Kiosk – Livewire Kiosk Adds FreedomPay & Ingenico

EMV Kiosk – Livewire Adds FreedomPay EMV Processing

October 19, 2016 – YORK, PA.  Livewire Kiosk is pleased to livewire digitalannounce the integration and certification of the FreedomPay EMV payment processing system.  The FreedomPay solution offers EMV compliance using Ingenico’s iSelf Series of unattended devices with processors including Heartland, First Data, and Elavon.  Bundled with Livewire’s Self-Service Commerce platform and eConcierge®  Content Management System, the FreedomPay/Ingenico integration provides fast processing of EMV-compliant payments while eliminating the merchant’s and consumer’s risk of credit card fraud.

The FreedomPay integration joins a list of other payment solutions that have been integrated into Livewire’s kiosk software, including Network Merchants, Authorize.net, First Data’s Payeezy, Frontstream, Credit Call, and Tempus.  Livewire’s Transaction Processing Engine powers solutions worldwide such as event ticketing, token purchases, duty tax payment, product vending, gift card exchange, and entertainment systems.  Initial deployments utilizing FreedomPay include cover charge collection kiosks for an upscale night club in Boston and a state vehicle registration renewal kiosk.

About Livewire Kiosk

Livewire is the Power to Connect, creating integrated software solutions for kiosks, digital signage, web sites and mobile applications, all managed from its eConcierge® Content Management System. Livewire’s transactional solutions increase revenue and productivity for its customers, while lowering overhead and providing seamless integration. Livewire provides cutting-edge software, hardware, and system integration, bringing the necessary puzzle pieces together to increase customer engagement and create a secure end-user experience. Learn more at LivewireDigital.com

More Livewire News & Commentary




For more information contact Kiosk Industry

EMV Compliance vs. PCI Compliance

Ingenico iSelf-Series Kiosk EMV DeviceWhat’s the difference between EMV compliance and PCI compliance?  The short answer is they’re both guidelines for protecting cardholder data for the purpose preventing fraud, but they focus on different elements of the credit card transaction.

“To clarify it even further and more simply, PCI is about making sure the card data doesn’t get stolen and is secure in the first place and EMV is making sure if the data IS stolen that the content is rendered useless.” – CPI PCI and EMV: What’s the difference?

My goal for this article is to give a brief overview of each of these standards for protecting cardholders so you have an idea how they impact how you accept credit card payments at your self-service kiosk or POS.

EMVCo logoEMV Compliance:

  • The goal of EMV is to ensure the security and global interoperability of chip-based payment cards.
  • Includes robust cardholder verification (i.e. Chip and PIN).  The particular verification method that is used depends on the card issuer as well as the POS where you make a purchase.
  • Prevents cards from being cloned through the use of microprocessor on the card which produces unique encrypted output each time the card is used to defeat card skimming.
  • Requires EMV certification between EMV capable hardware and the processor.
  • President Obama signed an executive order that requires all government-issued credit cards and readers to come equipped with EMV technology starting 2015.
  • Has a US liability shift coming in October 2015
  • The EMV specifications are managed by the privately owned corporation EMVCo LLC and was first published in 1995 through a joint effort by Europay, MasterCard, and Visa (hence EMV).

PCI Compliance:

  • The goal of PCI is to protect cardholder data that is processed, stored or transmitted by merchants.
  • Follows common sense steps that mirror best security practices including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy.
  • Requires regular vulnerability scanning by an ASV of Internet-facing environments of merchants and service providers.
  • Allows organizations to “self-assess” in many cases.  Different Self-Assessment Questionnaires (SAQs) are specified for various business situations.
  • The PCI specifications are administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

Andrew Savala

Andrew Savala

Andrew Savala is the CEO of RedSwimmer Inc., creators of the kiosk lockdown software KioskSimple. Andrew has been developing kiosk software since 2007, with an emphasis on self-service retail payment applications.



For more information contact Kiosk Industry

Parabit Adds Mobile NFC / Contactless EMV Access Control to secure ATM Lobbies with Overlay and RFID Skimmer Detection

ROOSEVELT, N.Y., Sept. 21, 2016 /PRNewswire/ — Parabit Adds Mobile NFC / Contactless EMV Access Control to secure ATM Lobbies with Overlay an

Source: www.prnewswire.com

Parabit has received commitments from 7 of the top 20 Commercial US Banks for 10,000 plus units over the next two to three years. Over the last 4 weeks 3 US Commercial Banks have upgraded their ACS-1E systems with MMR’s or installed MMR’s with our ACS-1E ATM Lobby Access Control System at over 400 ATM Lobby locations.




For more information contact Kiosk Industry

Unattended Retail Tracker Has UCP #2 Behind Ingenico

We try and highlight members and UCP has been scored as #2 in the PYMNTS Unattended Retail Tracker, only exceeded by Ingenico who is #1.  Pretty good company to be in.. PYMNTS.com Unattended Retail Tracker™, powered by USA Technologies, serves as a bimonthly framework for

The PYMNTS.com Unattended Retail Tracker™, powered by

unattended retail self service
click to see full image

USA Technologies, serves as a bimonthly framework for the space, providing coverage of the most recent news and trends, as well as a provider directory to highlight the key players contributing across the segments that comprise the expansive unattended retail ecosystem.

The PYMNTS.com Unattended Retail Tracker™, powered by USA Technologies, serves as a bimonthly framework for the space, providing coverage of the most recent news and trends, as well as a provider directory to highlight the key players contributing across the segments that comprise the expansive unattended retail ecosystem.

Unattended Retail Tracker TM

The PYMNTS.com Unattended Retail TrackerTM is a bimonthly report designed to give an overview of the trends and activities across the unattended retail/vending market and the players who are delivering on those services.

The tracker will also include the latest news and highlights and will be organized into a framework that showcases a directory of the key players and information about their capabilities and unattended retail solution offerings.

Scoring

We evaluate companies based on the markets they serve, the technologies they offer, the type of payments accepted and the security standards they have accomplished.

The companies included in the scoring support unattended retail and payments for the following segments within the self-service industries: Food & Beverage, Service Vending, Remote Retail, Parking and Restaurant & Hospitality.

Regarding technologies evaluated, we assess the depth of solutions supported. For example:

NFC (Near Field Communication)
EMV
Magnetic Stripe
QR Code
BLE (Bluetooth Low Energy)
Smart Cards

Payments accepted include a depth and breadth of payment types. For example:

Credit/Debit Cards
Private Label or Closed Loop Solutions
Digital Wallets (Apple Pay, Android Pay, Samsung Pay, PayPal, and more)
We also give credit to solutions for security compliance such as PCI.

Unattended-Retail-Tracker-June-2016

Unattended retail self service




For more information contact Kiosk Industry

UCP has Ingenico iUC285 Beta units

iUC285 Ingenico EMV Reader for Unattended Self Service

Unattended Card Payments Inc. Begins Shipping the iUC285 in the U.S. As main Ingenico VAR for unattended hardware, UCP Inc. announces they have received first shipment of iUC285 beta units.

Source: www.ucp-inc.com

These units are designed for unattended and are being certified with multiple processors as we speak.

Here is spec sheet.

iUC280 product info




For more information contact Kiosk Industry

EMV Kiosk – Creditcall KioskSimple EMV Case Study

EMV Kiosk Case Study

Great EMV kiosk case study by Creditcall on our KioskSimple integration with their EMV Payment Gateway. RedSwimmer was looking for a way to provide EMV compliance to users of their kiosk software, KioskSimple. The Challenge RedSwimmer was looking for a way to provide EMV compliance to users of their kiosk software, KioskSimple. Many of RedSwimmer customers are … Continue reading “Creditcall KioskSimple EMV Case Study”

Source: blog.kiosksimple.com

Their kiosk or POS applications were developed as a web app and used the KioskSimple software which acts as middleware, providing a JavaScript API which can easily be called by a web application and thereby add support for accepting EMV payments via Creditcall’s payment gateway solution ChipDNA using the Windows SDK.

How the EMV Kiosk Works

Both developers and business owners realized the need for an outside party in activating EMV compliance and this is where ChipDNA supported RedSwimmer’s client initiatives.

ChipDNA provided the interface to Ingenico’s iPP350PINpad and handled all the complicated behind-the-scenes magic of EMV compliance. This process allowed RedSwimmer to focus on the JavaScript front end which is their expertise. The larger challenge with RedSwimmer was to find a way to make ChipDNA accessible from a web app.ChipDNA works well with native applications but lacked a JavaScript API.  Thanks to Creditcall’s expertise, RedSwimmer was able to use developer-friendly JavaScript front-end language with ChipDNA through the use of KioskSimple.




For more information contact Kiosk Industry

SlabbKiosks inks partnership to deploy EMV-enabled bill payment kiosks

Kiosk manufacturer SlabbKiosks has partnered with Ingenico Group to deploy EMV-enabled bill payment devices. SlabbKiosks will integrate Ingenico’s payment system into its kiosks.

Source: www.mobilepaymentstoday.com




For more information contact Kiosk Industry

SlabbKiosks partners with Ingenico Group to provide EMV-enabled unattended payment devices

SlabbKiosksLas Vegas, March 29, 2016 – SlabbKiosks, a leader in self-service technology, announced today that it has partnered with Ingenico Group, the global leader in seamless payment, to bring secure, EMV-enabled unattended payment devices to the market. SlabbKiosks, well known for its customized kiosk solutions, will utilize Ingenico Group’s unattended payment solutions, and become a member of the company’s Unattended Partner Program.

According to Mike Masone, Sales Director at SlabbKiosks, “Ingenico Group’s iSelf series represents a departure from typical payment devices. The solutions were designed from the ingenico kioskground up for unattended environments, and Ingenico Group provides unparalleled support, by making in-house engineering and support personnel available to our customers. These customers are spread across many verticals but their needs remain the same – to have simple and secure payment applications developed for their unattended applications.”

Ingenico Group’s Unattended Partner Program will allow SlabbKiosks to provide secure, EMV- and NFC-enabled unattended self-service payment solutions via its various kiosk models and customized hardware solutions. The Program was designed to facilitate integration among partners allowing them to offer turnkey unattended solutions for a wide variety of uses with secure EMV and NFC payment acceptance built in.

Bruce Rasmussen, Director of Strategic Verticals for Ingenico added, “We’re seeing high demand for unattended payment solutions. Companies such as SlabbKiosks want to protect their customers from post-EMV deadline fraud liability, while enabling consumers to pay using the latest payment methods, including Apple Pay and Android Pay. We’re looking forward to working closely with SlabbKiosks to bring its new turnkey solutions to market.”

About SLABBKIOSKS

SlabbKiosks is a leading international manufacturer and distributor of cost effective, interactive kiosks. The company has installed and customized interactive kiosks for thousands of clients in over 150 countries and distinguishes itself from the competition by offering the latest in technological advancements including the wireless kiosk, while utilizing high quality components with designs that facilitate quick and efficient maintenance of their units.

Additional information can be found at:

http://www.slabbkiosks.com

For further press information about this release, please contact:

Kisha Wilson (Marketing Manager)
SlabbKiosks

Tel: 702-605-4845
Email: [email protected]

Full release of SlabbKiosks partners with Ingenico_v2.1




For more information contact Kiosk Industry

Using the Creditcall EMV Virtual Terminal With KioskSimple

The Creditcall EMV Virtual Terminal is a convenient way to test your EMV implementation without requiring a physical EMV terminal.

Fortunately the Creditcall EMV Virtual Terminal is designed to emulate an EMV terminal.  This makes for a quick and affordable way to test EMV contact and contactless NFC payments in your application without purchasing EMV hardware.

In this article we’re going to cover how to use the Creditcall EMV Virtual Terminal with KioskSimple kiosk software.

Step 1: Register for a Creditcall WebMIS Sandbox Account

This article will cover how to use the Creditcall EMV Virtual Terminal with KioskSimple.

The first step is to register for a WebMIS sandbox account (aka test account) with Creditcall.  This will allow you to make test transactions without actually charging your credit card.

Once you’ve completed the registration process you’ll receive an email with your WebMIS Terminal Id and Transaction Key.

Step 2: Install the KioskSimple Creditcall EMV Payment Gateway Plugin

The KioskSimple Creditcall EMV Payment Gateway Plugin allows you to access the Creditcall EMV payment gateway via the KioskSimple EMV JavaScript API.

If you haven’t done so already, download and install the free demo of KioskSimple.

Next run the KioskSimple Configuration Tool and navigate to the PLUGIN STORE.

Install the Creditcall EMV Payment Gateway Plugin.  The configuration tool will restart and some dependencies will be installed.

You should now see a menu option called CARD READERS.  Navigate there and select the Creditcall EMV Payment Gateway Plugin and then press CONFIGURE.

Step 3: Configuring the Creditcall EMV Virtual Terminal

The Creditcall EMV Payment Gateway Plugin comes pre-configured to work with the Creditcall EMV Virtual Terminal.

The only configuration necessary is to enter your WebMIS Terminal Id and Transaction Key under the Transaction Settings tab.  As you can see in the screenshot below, the Terminal ID and Trans ID (Transaction Key) just need to be populated.

We’ve went ahead and included screen shots of the Device Settings and Server Settings tabs for your reference, but you shouldn’t need to change these values in order to use the Creditcall EMV Virtual Terminal.

Creditcall EMV Virtual Terminal Transaction Settings. The Terminal ID and Trans ID still need to be populated.

Creditcall EMV Virtual Terminal Device Settings

Creditcall EMV Virtual Terminal Server Settings

Step 4: Configuring KioskSimple to Show the Creditcall EMV Virtual Terminal

By default, KioskSimple blocks popup windows and 3rd party applications from running to ensure a smooth user experience at your kiosks or POS.

We’ll want to disable this feature in order to use the Creditcall EMV Virtual Terminal since it’s a 3rd party application.

This can easily be accomplished by changing the setting Enabling Closing Popup Windows to OFF as shown below.

Popup blocking disabled in KioskSimple

Now that we’ve configured KioskSimple to not block the Creditcall EMV Virtual Terminal we need an easy way to switch to it while KioskSimple is running.

I prefer to disable the filtering of the Windows hotkey ALT-TAB as shown below, which allows you to easily switch between open applications.

Disabling the ALT-TAB hotkey in KioskSimple

Step 5: Launching the Creditcall EMV Virtual Terminal

The Creditcall EMV Virtual Terminal gets installed automatically when you install the Creditcall EMV Payment Gateway Plugin in KioskSimple.

The Creditcall EMV Virtual Terminal is located here…

C:\ProgramData\RedSwimmer\KioskSimple\Plugins\8c43efed-7611-42ec-9942-874798728c88\ChipDNA Virtual PINpad\ChipDNAVirtualPINpad.exe

Running the Creditcall EMV Virtual Terminal

Step 6: Running an EMV Test Transaction in KioskSimple

Now you’re ready to test the Creditcall EMV Virtual Terminal with KioskSimple.  The easiest way to do this is to run our Creditcall EMV JavaScript API example.Running a Creditcall EMV test transaction in KioskSimple

Once the example is setup, you can take the following steps to launch KioskSimple and run some EMV test transactions.

  1. Start KioskSimple.
  2. Select “Try the Demo” and then “Test Mode”.
  3. Now you’ll see the EMV JavaScript API website example shown above.  Press “Get Status” and you should see the status of the Creditcall EMV Virtual Terminal.  You can also enter a dollar amount and press “Start Authorization” to begin your transaction then ALT-TAB over to the Creditcall EMV Virtual Terminal.
  4. When you’re done press ESC and any password will work while KioskSimple is unregistered.

Got Questions?

Please contact us and we’ll get you up and running quickly.  We offer free phone and email technical support for all of our code examples.  Try finding that anywhere else in this industry.

We’re dedicated to making your next kiosk or POS project a success and are happy to hold your hand through the hardware integration.




For more information contact Kiosk Industry

Holiday shopping season malware targeting

New sophisticated software takes advantage of lack of end-to-end encryption in many retailer backends and getting card data, including EMV, from consumers. Cyber criminals never sleep.

Source: www.theexaminer.com

This new ModPOS malware has taken advantage of a flaw in the internal in-store processing of debit and credit transactions still using magnetic stripes as well as using the new EMV Chip and Pin cards; the processing flaw, now known to the retail industry, is that the internal processing systems utilized by many major retailers does not support end-to-end encryption, and does not also properly encrypt data in memory, allowing that data to be captured and sent to distant cyber crooks. According to iSIGHT, “Criminals can then reuse card data, even from EMV cards, to make online (card-not-present) transactions.”




For more information contact Kiosk Industry

For retailers, confusion reigns after EMV rollout

More than a month after the October 1 deadline, some reports estimate that only a third of merchants have migrated to EMV-capable credit card readers. At the same time, larger retailers say the new standard doesn’t go far enough.

Source: www.cio.com




For more information contact Kiosk Industry

Kiosk Software – The latest version of KioWare for Windows simplifies the kiosk set up process.

Newest KioWare for Windows Released

Highlights are:

  1. New KioWare Classic Importer Tool.  KioWare has added an importer tool that allows users of KioWare Classic for Windows to import their configuration settings easily for use with the new KioWare for Windows (nice feature for existing user base).
  2. Super easy/simple attract screen set up.  KioWare has added a new option to make it extremely easy for users to set up an attract screen with multiple images.  Good as Attractor and call to action but also to reduce burn-in on your screen.
  3. EMV support via Credit Call’s Chip DNA.  There are a number of new devices being added, one of which is an EMV ready magstripe device, making it easy for customers to create and configure EMV compliant and certified kiosks using KioWare.  This is the only EMV solution and the savings are substantial when you consider QSA and recertification costs.
  4. HTML keyboards available for more than 50 language locales.

Here is the full press release

Tuesday, October 06, 2015

New KioWare Kiosk Software for Chrome BrowserThe latest version of KioWare for Windows simplifies the kiosk set up process. 

With a new import tool to transition your KioWare Classic configuration file, an easy drag and drop attract screen tool, and other new features and customization options, KioWare for Windows makes it easy to display – and secure –browser-based applications using the Chromium browser engine. 

Analytical Design Solutions Inc. (ADSI) has released an update for the new KioWare for Windows (Version 8.2), focusing on simplifying the configuration process and providing more customization capabilities.  This update is available to existing KioWare for Windows and KioWare Classic for Windows license holders (with current support).

Key new features of KioWare for Windows Version 8.2 include:

A tool to import KioWare Classic for Windows xml files into a usable KioWare for Windows configuration file (JSON).  This feature is a valuable time saver for existing KioWare Classic for Windows users as they transition to the new KioWare for Windows. Import a current configuration file into the tool and out comes a new configuration file for use with KioWare for Windows 8.2.import KioWare Classic config to KioWare for Windows config

A simplified attract screen drop downallows users to drop attract screen assets into a specified folder in order to easily create a custom, auto playing, attract screen via simple drag and drop.

The Configuration Tool layout and design has been modified in order to improve user experience, particularly when used on a touch screen device.

Using the pop up color picker, you can now customize tab colors and background colors to create an end user experience that is fully integrated with your brand, website, or application styles.

New HTML keyboards are now available for more than 50 language locales.

Pop up dialogs can now be customized and styled to create a cohesive experience for end users.

New options have been added to the “open new window” scenario.  By default, KioWare automatically determines if a new url should be opened via new tab or pop up (based on size).  KioWare can be set to open new urls all in new tabs or (new feature) allin new pop up windows.

Users now have the ability to set a timeout warning dialog for users before session restarts due to inactivity.  Called “Show inactivity warning”, the custom text box appears, and can be modified, below the selection.

Newly added to KioWare for Windows, command line install options can be used for unattended/scripted installation.

Users can now import both settings files and package files to KioWare for Windows (previously only package files were supported).

KioWare Basic for Windows and KioWare Full for Windows also offer device support. 

The following new devices have been added.  ChipDNA, already supported in KioWare Classic for Windows, is now supported by new KioWare for Windows.  ChipDNA (1.7) supports a variety of different EMV PINpads and communication protocols for those PINpads.  This addition makes KioWare for Windows a great solution for EMV compliant credit card processing.

Also added is the Code Corp Code Reader™ 1000 (CR1000), a compact, cabled barcode reader that takes up limited workspace.

The Sankyo SHT1610-0730 Dispenser is also now supported. This dispenser handles a variety of card options, allowing for dispensing of cards to end users.

The new KioWare for Windows has one single installer for all models (Lite, Basic, & Full) of the product. Potential and current customers can download KioWare for Windows and determine which model is needed before purchasing the appropriate license.

KioWare for Windows Version 8.2 is available for download and purchase: http://www.KioWare.com/windows.aspx.  Licensing is perpetual and annual support is recommended in order to maintain access to the most recent version of the product.  If you would like to convert your licenses from KioWare Classic for Windows to the new KioWare for Windows, log into your customer account, select a transaction, and click the “transition license(s)” button.

All KioWare kiosk software products secure devices such as tablets, desktops, and smartphones running Android or Windows Operating Systems.  KioWare kiosk software products lock down your device into kiosk mode, which secures the overall operating system, home screen and usage of applications.  KioWare Kiosk Management tools (KioCloud, KioWare Server, & KioWare Server ASP) allow for remote kiosk management, usage statistics, reporting, monitoring kiosk health, content management and more.

Read this important article about Flash, Java and the changes to this function in KioWare 8.2.

All of these products are available as a free trial with nag screen.

About KioWare:

KioWare kiosk software secures your application or website on Windows or Android devices, restricting user access to approved behaviors and protecting user and network data.  KioWare is fully customizable and offers solutions ranging from browser lockdown to full server-based kiosk management.  From simple out of the box configurations to more complex integrations, KioWare is trusted by developers, IT professionals, marketers, Fortune 100 corporations, and small business owners. The KioWare team is based in York, Pennsylvania, with an office located in Reading, UK.  Choose the best KioWare product for your self-service project and download a fully functioning free trial at KioWare.com.

Contact:
Laura Miller
KioWare Kiosk Software
Analytical Design Solutions, Inc.
+1 717 843-4790 x220
[email protected]
http://www.kioware.com




For more information contact Kiosk Industry

Industry Insight EMV Kiosk – Getting past the Finish Line

EMV Kiosk – Getting Past the Finish Line

If you concern yourself with the kiosk industry enough to read this Cost of PCI Integrationarticle it probably isn’t the first time the terms “chip and pin” or “EMV” have come up in your workweek. In this write-up I hope to address some common misconceptions about EMV and how it effects kiosk manufacturers, ISOs, and kiosk business owner/operators. By the end you should have a good idea of what it takes for all of these groups to get their products past the “EMV capable” finish line.

It is not just the hardware:

EMV hardware manufacturers and distributors have spent the last few years focused on educating ISV/ISOs and hardware integrators that EMV is not just a matter of buying a new piece of hardware. A true solution is dependent on a marriage of hardware and software; and as marriages go it also entails a commitment. More on that to come…

EMV Levels:

EMV Level 1 means that a device physically meets EMV specifications for chip (contact), and in some cases NFC (contactless).

EMV Level 2 means that the firmware on a device performs to EMV processing specifications.

Both EMV Level 1 and Level 2 are the responsibility of terminal manufacturers. This hardware can be described as “EMV ready.”

Level 3 is achieved when a developer marries a device meeting the aforementioned Level 1 and 2 EMV specifications with their software, and commits to certifying it with a processor or processors, and then the card brands. This fully developed and certified solution can be described as “EMV capable.”

The cost and level of commitment:

The cost of this commitment can definitely set you back more than a designer engagement ring, depending on the ring of course. The cost and level of commitment varies greatly depending on the developer’s goals.

A developer can choose to pursue a direct certification with a processor (fully integrated) or decide to use a payment gateway which has already made a commitment to certifying a piece of hardware with a processor(s) (semi-integrated).

Fully integrated vs. semi-integrated:

A fully integrated approach to EMV is a time consuming a very costly endeavor and the end solution is fully within PCI scope. Chip DNA PCI EMVHistorically speaking a fully integrated solution can easily take 8 to 12 months to develop and certify. The cost will be well over $100K all-in considering time, tools, and certification testing. Then rinse and repeat for each processor you want to certify with.

A semi-integrated approach allows you to leverage the commitment of another company to complete your solution in a matter of weeks, and at an enormously reduced cost. In addition to the cost factor a semi-integrated solution also allows you to piggyback on your gateway partner’s PCI-DSS compliance. A semi-integrated approach eliminates your need for full-blown PCI and EMV evaluation. In most cases semi-integrated system architecture will allow for a PCI Self Assessment Questionnaire (SAQ) to obtain your attestation of compliance.

Conclusion:

I hope after reading this you have a better understanding of why just picking a piece of hardware that meets EMV Levels 1 and 2 doesn’t make a EMV capable solution. The Liability Shift is coming in October and we are here to help you prepare. For more answers to your questions, and for information on middleware available to you, please contact Unattended Card Payments Inc. at (702) 802-3504 or by emailing [email protected]




For more information contact Kiosk Industry

EMV Liability Shift – ‘Vast majority’ of Americans have yet to receive chip cards

EMV Liability Shift

Despite the October 1st liability shift deadline looming, only 10 per cent of Americans have received the new chip-enabled cards, and nearly a third don’t know how to use them.

Source: www.paymenteye.com

The survey, conducted by the GfK Public Affairs for Associated Press, found that out of 1004 Americans polled, only one in every ten have received the new cards.

Furthermore, out of those people who have received the cards just one-third (35 per cent) say they actually use them as intended on the new card readers.

Moreover, of the people who have received the chip cards, 70 per cent said they know how to use it, meaning nearly a third of people do not understand.




For more information contact Kiosk Industry

EMV is Coming to Self-Service Kiosks in 2015

Thanks to Andrew Savala of KioskSimple

If you’ve been watching the news lately you’ve probably heard about the credit card security breach at Target and all the buzz around “Chip and PIN” or “EMV.”  In the case of Target, while hackers could have stolen the information from EMV capable cards the data would have been worthless.  This is because EMV cards contain a microprocessor which produces unique output each time the card is used, unlike traditional magstripe cards.  This makes the EMV cards difficult to replicate and removes the incentive for hackers to steal information from EMV card transactions.

If you operate a self-service kiosk which accepts credit card payments then you’ll want to learn more about the security benefits of EMV designed to prevent fraud.  There are some mandates coming in October of 2015 which you’ll want to pay attention to also.  Read on to learn more.

What is EMV?

EMV is designed to help prevent credit card fraud through the use of robust cardholder verification (i.e. Chip and PIN), card authenticity verification and issuer risk management parameters.  EMV provides multiple cardholder authentication options for card issuers (Chip and PIN, Chip and Signature, etc..) and also prevents EMV cards from being replicated by card skimming.

The EMV specifications are managed by the organization EMVCo.

“EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. Today there are EMV Specifications based on contact chip, contactless chip, common payment application (CPA), card personalization, and tokenization.

This work is overseen by EMVCo’s six member organizations—American Express, Discover, JCB, MasterCard, UnionPay, and Visa—and supported by dozens of banks, merchants, processors, vendors and other industry stakeholders who participate as EMVCo Associates.”

How does EMV affect my self-service kiosk?�

If your kiosk accepts credit card payments then you will be affected by the fraud liability shift in October 2015.  In layman’s terms, if credit card fraud occurs at your kiosk through the use of an EMV capable card and your kiosk does not support EMV then you will be responsible for the fraud.  In case you’re wondering how an EMV capable card could be used at a kiosk that doesn’t support EMV then look no further than the magstripe on the back of the card.  EMV capable cards still have a magstripe for backwards compatibility.

“Visa intends to institute a liability shift in the U.S. for domestic and cross-border counterfeit transactions effective 1 October 2015. Visa’s global POS counterfeit liability shift policies are designed to encourage EMV chip card issuance and acceptance in participating geographical regions, effectively creating a more secure environment for transactions within and between each participating Visa region. Note: The liability shift encourages chip transactions because any chip-on-chip transaction (i.e., a chip card read by a chip terminal) provides dynamic authentication data, which helps to better protect all parties. �

With this type of liability shift, the party that is the cause of a chip-on-chip transaction not occurring (i.e., either the issuer or the merchant’s acquirer) will be financially liable for any resulting card-present counterfeit fraud losses. When a transaction occurs using chip technology, any liability for counterfeit fraud, though unlikely, would follow current Visa Operating Regulations.�

The policy assigns liability for counterfeit fraud to the party that has not made the investment in EMV chip cards (issuers) or terminals (merchants’ acquirers). The policy encourages wider deployment of EMV cards and terminals.”

How can my kiosk become EMV compliant?

In short, by using kiosk EMV capable hardware and by completing an EMV certification at each kiosk.  There are payment gateways like CreditCall which can shortcut this certification process for you.  The payment gateway acts as a proxy and allows you to select from a wide variety of credit card processors (i.e. FirstData, Chase, etc…) and EMV hardware.  When selecting EMV hardware for your kiosk you’ll want to use EMV hardware designed for an unattended environment.  If you’re a KioskSimple user you can take advantage of our kiosk software support for EMV coming in early 2015.




For more information contact Kiosk Industry

Kiosk EMV Compliance vs. PCI Kiosk Compliance

With thanks to Andrew Savala of KioskSimple

EMV Compliance vs. PCI Compliance

Ingenico iSelf-Series Kiosk EMV DeviceWhat’s the difference between EMV compliance and PCI compliance?  The short answer is they’re both guidelines for protecting cardholder data for the purpose preventing fraud, but they focus on different elements of the credit card transaction.

“To clarify it even further and more simply, PCI is about making sure the card data doesn’t get stolen and is secure in the first place and EMV is making sure if the data IS stolen that the content is rendered useless.” – CPI PCI and EMV: What’s the difference?

My goal for this article is to give a brief overview of each of these standards for protecting cardholders so you have an idea how they impact how you accept credit card payments at your self-service kiosk or POS.

EMVCo logoEMV Compliance:

  • The goal of EMV is to ensure the security and global interoperability of chip-based payment cards.
  • Includes robust cardholder verification (i.e. Chip and PIN).  The particular verification method that is used depends on the card issuer as well as the POS where you make a purchase.
  • Prevents cards from being cloned through the use of microprocessor on the card which produces unique encrypted output each time the card is used to defeatcard skimming.
  • Requires EMV certification between EMV capable hardware and the processor.
  • President Obama signed an executive order that requires all government-issued credit cards and readers to come equipped with EMV technology starting 2015.
  • Has a US liability shift coming in October 2015
  • The EMV specifications are managed by the privately owned corporation EMVCo LLC and was first published in 1995 through a joint effort by Europay, MasterCard, and Visa (hence EMV).

PCI Security Standards Council logo

PCI Compliance:

  • The goal of PCI is to protect cardholder data that is processed, stored or transmitted by merchants.
  • Follows common sense steps that mirror best security practices including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy.
  • Requires regular vulnerability scanning by an ASV of Internet-facing environments of merchants and service providers.
  • Allows organizations to “self-assess” in many cases.  Different Self-Assessment Questionnaires (SAQs) are specified for various business situations.
  • The PCI specifications are administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

Be Sociable, Share!



For more information contact Kiosk Industry

Japan’s MUJI Department Stores Installing NCR’s New Concept for Self-Checkout – NCR

NCR, the global leader in consumer transaction technologies, announced today that the NCR SelfServ 90 will be deployed by Ryohin Keikaku Co, Ltd. in Japan.

Source: www.ncr.com

This is the latest unit that NCR debuted at NRF 2015. Here is link for brochure




For more information contact Kiosk Industry

Becoming EMV Ready: Shortcuts for the Certification Process

If you are still in the early stages of converting your hardware and systems to an EMV compliant solution, you will want to consider the following shortcuts and hints to a painless EMV solution.

For those that have relatively new hardware. . . Find out if your existing hardware will be updated or supplemented to provide chip reading capabilities.  Depending on the age of your hardware, you may find that vendors are offering updates to allow your device to read “chip” technology.  If your hardware vendor will not be providing hardware updates, you will need to select a hardware option that is chip ready.  Chip ready hardware can be purchased via companies like UCP (Unattended Card Payments).

Use your existing application or website.  While you may find that this is an opportune time for an update, you may find time savings by using your existing application with a few modifications to hardware and payment processing.  There is no need to reinvent something that works effectively and is not in need of an update. There are simple hardware and software solutions that do not require a complete system redesign.

Upgrade your hardware (if necessary) & use pre-configured payment communication options.  Certainly, your hardware needs to not only be chip ready,  but it must also accommodate secure data transfer via software and payment gateway.  By selecting hardware and software that can become compliant with the flip of the proverbial switch, you can upgrade your system without the need to make complex changes later, to finalize the update.  It may be a challenge to identify companies that are prepared to go live with EMV via the flip of the proverbial switch. Finding those that are already integrated can be an enormous time saving from implementation to certification.  Payment gateway Credit Call offers ChipDNA, which allows hardware to communicate financial information to Credit Call via KioWare kiosk software using the ChipDNA API.  KioWare’s configuration (available in Version 7.3.0 and higher) offers a simple drop down with no programming required.

Take advantage of EMV pre-certified solutions.  EMV compliance is not just the act of making a system secure, but also obtaining the official certification that verifies that your system is secure.   the entire system Credit Call ChipDNA/KioWare system is EMV certified without requiring the paperwork and processing time that other solutions may require.

Other systems may also come with EMV pre-certification.   Additional information can be found here:

Six Tips for becoming EMV Compliant

What Can US Retailers Learn from UK about Chip & Pin

KioWare’s ChipDNA Solution

 




For more information contact Kiosk Industry

Kiosk Manufacturer