Why Your New #Chip-and-Pin Card Reader Might Not Be Ready For Use

Whoops — that chip and pin terminal you purchased last year ahead of everybody else, to be prepared for the new standards coming in October of this year, may not be entirely ready. In actuality, it might need to be sent to a licensed center to get certain encryption information”injected” into the terminal.

What???? The salesman said it was prepared? Perhaps so, but it still might need to be returned to a licensed secure service centre to be injected with a few exceptional data so as to be usable.

The Point of Sale News ™ talked with Beatta McInerny past week. Ms. McInerny is the Business Development Manager of Payments for ScanSource POS and Barcode and has a history of ten years in the payment sector.

We asked about the condition of the business and the access to various credit card terminals, and also asked about the injection of encryption keys.

First on gear –“there’s somewhat of a backorder from the industry. The two largest producers, Ingenico and Verifone, are ramping up. The most popular versions are the Verifone 915 and 925 for tier one and tier two (the biggest of merchants ), and the Ingenico 250 and 480 versions are available.”

As of last week, they had not personally had an EMV transaction occur. “Processors aren’t taking them live yet.”

Ms. McInerny commented that she expected there to be more gear issues in October.” Don’t feel that all of a sudden there is going to be a flood of equipment available on the market.” “Retailers will need to think of a plan.”

See sources:

1. shopify-pos/
2. woocommerce-pos
3. magento-pos
4. bigcommerce-pos

According to this and opinions from vendors like Verifone, retailers should think about obtaining a solution in place today — even if it isn’t exactly what they’d like and then possibly a year in the future, once the situation has eased, consider switching to another kind of terminal. Consumers are increasingly conscious of chip-and-pin and aren’t likely to be indifferent to using older, unsecure gear. Point-to-point encryption provides a superb solution for retailers. The unit is outside and the credit card information completely bypasses the POS solution. While it could be slightly less convenient, it’s significantly more secure than swiping a mag-stripe card by means of a keyboard reader.

Moving to Key Injection

Key Injection Service is the secure process by which payment hardware (credit card terminal/ reader/ pin pad) gets loaded with the encoded Debit and Data keys that in effect”marries” the terminal into the merchant’s processor and bank to produce the device functional and protected. This approach is mandated by PCI (Payment Card Industry) to conceal and protect card holder information throughout the transaction. A debit key is necessary to scramble the trap data and a data key is necessary to scramble card information. A debit card key is mandatory if a client would like to accept debit cards. Customers accepting only credit won’t need key injection. (1)

Just an ESO (Encryption Service Organization) can execute the crucial injection support to be PCI compliant. ScanSource is a certified ESO.

During this ESO designation, ScanSource provides key injection services in at its secure facility. Along with onsite key injection, its ESO certificate enables them to give remote key injection services from vendors like Magtek and VeriFone.