Next month I am participating as a panelist at the MAG Annual Conference. The session is titled – POS Paranoia – catchy eh?
In any event, all panelists were asked to submit questions / topics that we thought the audience might find interesting. With POS and Paranoia in mind, I have offered the following question / topic as something merchants should absolutely be paranoid about:
Are there any new considerations associated with the operation of a retail payment solution once EMV, NFC or other emerging payment technologies are introduced into the environment?
To get to the answer to this question, we really need to understand how a typical payment system works today with either an integrated magnetic stripe reader (e.g. one that is built into the POS system) or an external card reading device (e.g. a VeriFone Vx 820 or other similar tethered card accepting device that hands card data to the POS). In both of these cases, the card reader is essentially a slave to the POS. That is to say that the POS will tell the reader to wake up and be ready for a card swipe and then once a card is swiped, the device will then send the credit card information over to the POS.
While the Vx820 is obviously a more complex solution that supports more features and functions than an integrated mag stripe reader, both of these solutions can generally be deployed and left in the field with little to no maintenance for years on end. To that end, the original integrated magnetic strip readers actually couldn’t even be replaced in the field as they were expected to live as long as the POS terminals they were built into.
With the introduction of EMV, NFC and the associated ‘Wallets’, and other emerging payment technologies like PayPal, the card accepting device will no longer be a deploy and forget solution. Rather these devices are going to require ongoing care. This ongoing care is a result of the architecture of the EMV solutions as well as the divergent nature of the wallets and emerging payment solutions.
In regards to EMV, EMV accepting terminals fundamentally must have at least three components in order to operate.
- First, they need to have hardware capable of sending and receiving data to and from the card either through a contact or a contactless based interface.
- Second, the device will need to have the core EMV application. This is the software that ensures interoperability of any EMV issued card to any EMV accepting terminal.
- And third, the terminal will need to support the individual card brand kernels, which ultimately facilitate the unique behavior of the specific, Visa, MasterCard, Amex or other card which has been presented to the device.
Now here is the catch – the EMV application and the card brand kernels can and do change over time. These changes are made to support either new EMV standardized functionality or specific features as implemented by one of the card brands. While in practice many of these updates have not been required by the brands for continued acceptance, support for the new features ensures that merchants get the benefits of the latest security updates and operational programs.
While ‘wallets’ and other emerging payment technologies don’t have particular standards to work by, they each have their own kernel like application which has to reside on the card accepting device in order for that payment type to be accepted. As one would expect from any new technology, these new payment types are evolving rather quickly and as such the application on the card accepting device has to be updated to support these product evolutions.
As detailed by these two examples, the concept of ‘deploy and forget’ in an EMV and NFC world is simply no longer the case. Rather, if a merchant wants to support these emerging technologies, card accepting terminal software maintenance (often called Estate Management) has to be one of the issues that must be sorted well before the first pilot site.
Further, it should be noted that this maintenance will need to be facilitated by passing files through the POS, or the card accepting device will need to be able to directly receive the files. Thus either new POS software infrastructure will be needed or a secure mechanism to transmit files directly to the device will need to be created. Clearly either option adds a layer of complexity we haven’t had to deal with before.
All in all, with the adoption of EMV and NFC, merchants will need to have both an Estate Management solution as well as a deployed infrastructure capable of handling the transmission of files down to a card accepting device. These new, not so frequently discussed complexities might just be enough to make a merchant paranoid.
VeriFone VHQ
VeriFone has already addressed the terminal maintenance issue with VeriFone Head Quarters (VHQ). VHQ is a full feature device, content and diagnostics management solution built specifically to address the evolving needs of the merchant community. More information regarding VHQ can be found here.
These are all valid points, but most have been addressed in the many countries around the world that have migrated their POS terminal infrastructure to support EMV cards. Proven hardware and software products and systems are available to help merchants migrate. The card schemes are also ready to support EMV migration (contact, contactless and mobile).