Why Your New #Chip-and-Pin Card Reader Might Not Be Ready For Use

Whoops — that chip and pin terminal you purchased last year ahead of everybody else, to be prepared for the new standards coming in October of this year, may not be entirely ready. In actuality, it might need to be sent to a licensed center to get certain encryption information”injected” into the terminal.

What???? The salesman said it was prepared? Perhaps so, but it still might need to be returned to a licensed secure service centre to be injected with a few exceptional data so as to be usable.

The Point of Sale News ™ talked with Beatta McInerny past week. Ms. McInerny is the Business Development Manager of Payments for ScanSource POS and Barcode and has a history of ten years in the payment sector.

We asked about the condition of the business and the access to various credit card terminals, and also asked about the injection of encryption keys.

First on gear –“there’s somewhat of a backorder from the industry. The two largest producers, Ingenico and Verifone, are ramping up. The most popular versions are the Verifone 915 and 925 for tier one and tier two (the biggest of merchants ), and the Ingenico 250 and 480 versions are available.”

As of last week, they had not personally had an EMV transaction occur. “Processors aren’t taking them live yet.”

The Global Awarded Magento POS – 2021 Stevie Awards Product Innovation winner provides you witha powerful Magento 2 POS extension as well as 24/7 support

Ms. McInerny commented that she expected there to be more gear issues in October.” Don’t feel that all of a sudden there is going to be a flood of equipment available on the market.” Retailers will need to think of a plan.”

See also  Loss Leaders -- The Must Do's

See sources:

  1. shopify-pos/
  2. woocommerce-pos
  3. magento-pos
  4. bigcommerce-pos

According to this and opinions from vendors like Verifone, retailers should think about obtaining a solution in place today — even if it isn’t exactly what they’d like and then possibly a year in the future, once the situation has eased, consider switching to another kind of terminal. Consumers are increasingly conscious of chip-and-pin and aren’t likely to be indifferent to using older, unsecure gear. Point-to-point encryption provides a superb solution for retailers. The unit is outside and the credit card information completely bypasses the POS solution. While it could be slightly less convenient, it’s significantly more secure than swiping a mag-stripe card by means of a keyboard reader.

Moving to Key Injection

Key Injection Service is the secure process by which payment hardware (credit card terminal/ reader/ pin pad) gets loaded with the encoded Debit and Data keys that in effect”marries” the terminal into the merchant’s processor and bank to produce the device functional and protected. This approach is mandated by PCI (Payment Card Industry) to conceal and protect card holder information throughout the transaction. A debit key is necessary to scramble the trap data and a data key is necessary to scramble card information. A debit card key is mandatory if a client would like to accept debit cards. Customers accepting only credit won’t need key injection. (1)

Just an ESO (Encryption Service Organization) can execute the crucial injection support to be PCI compliant. ScanSource is a certified ESO.

During this ESO designation, ScanSource provides key injection services in at its secure facility. Along with onsite key injection, its ESO certificate enables them to give remote key injection services from vendors like Magtek and VeriFone.

A debit key encrypts the customer’s debit card personal identification number (PIN) when entered through the tender procedure at the point of sale. The debit card key is loaded into the terminal with an ESO, like our key-injection facility, and permits the transaction terminal to complete a debit transaction by securely authenticating the PIN with the issuing bank. This key isn’t used during a”credit” transaction where a signature is used for authentication or to encrypt the card information. This key is always required if you’re accepting debit transactions due to PCI standards. (1)
A Point-to-Point Encryption (P2PE) key encrypts the client’s card info when swiping a debit or credit card at the point of sale. Additionally it is commonly referred to a data key or end-to-end encryption (E2EE). This functions separately from the debit key. P2PE keys are recommended but aren’t required by current PCI standards. P2PE keys reduce the risk of unauthorized interception of sensitive card information during the transmission from the payment terminal to the payment processor. P2PE keys have to be injected through an ESO like debit keys. (1)

Ms. McInerny also pointed out that just about half of the equipment has been sent with encryption, and at precisely the exact same time, business is growing exponentially. “Point-to-point encryption is an outstanding solution because of its safety. P2P is a terrific workaround and shields the merchants.”

“Resellers should enable the end user today, and not await the chips to inform them what to do.”
Now — final crucial point — apparatus purchased this past year, or early in 2015, may have been sent without the closing encrypted keys set up.
Retailers should learn NOW if their device needs injection and make plans to have it done remotely, or to send their terminal to a licensed center. Retailers with gear should contact their own provider about it. Retailers who’ve changed banks or chips may also need to have their gear re-injected with the new key. 
More information

Cloud POS

Cloud POS software for your retail store. Cloudbasepos.com is a powerful cloud-based POS to sell your products in-store & on-the-go using any device, for any outlet.

Leave a Reply

Your email address will not be published.