The heavy lifting to accommodate EMV formating will not be done by POS applications, but rather by the EMV device itself!
To my friends:
We are one of the many POS vendors who have been drifting along with periodic updates on our software making them ever so secure with each release.
We all by now are aware of the EMV liability shift that is occurring by October 1, 2015. The group that I have been calling the “I’ll take my chances crowd” are now starting the herding impulse running to make sure that all merchants have the new equipment in place. Estimates range from six to eight billion dollars worth of equipment sales and service will be what the American businesses have to absorb soon to meet with the compliance mandates.
The technical shift that few are talking about (excluding the terminal manufacturers) is the amount of processing power that EMV requires and the amount of change that is required for this paradigm shift of processing. The "I’ll take my chances crowd" will try to make the world the same as it has always been. EMV is a game changer. It is not a mere change on two or three blobs of data.
It requires most POS Integrators to entirely rewrite their applications.
The primary tact for the industry using stand-alone terminals is what I call “replacement strategy!” Replace the magstripe terminal with a terminal that is EMV certified. For a factor of 2X-3X the current price for units in the market—you get EMV certification. This works but not for the Integrators!
But as the POS vendors and integrators are discovering is that EMV requires a full functioning computer to read the IC chips, negotiate the communications, and pass results to and from a Payment processor. Add NFC for ApplePay and Google Wallet and you have an industrial strength high end (high memory addressable) device. That little EMV chip will be flashable using this new computer.
The processing that used to be done purely in the POS application side is now shifting to the POS device (computer). This shift once realized is adding time for POS vendors to learn and ultimately will mean that POS vendors will be late to the party with their newly integrated systems.
Receipts will be different. Storage and retrieval of token ID’s will be different. The reading of IC chips is different, The protocols and related libraries will be different. Even the primary security protocol is changing to “TLS/SSL!” Merchant agreements will be rewritten in some part due to gateways and payment processors who are “approved” to handle EMV transactions. Change ....change....change.
In other words, throw out the software applications that have been evolving over 30 years now, start fresh, and shift to the new ways. Simplify and let the heavy lifting be done with the device.
As Steve Jobs once told technical resource people at a developers conference “once you arrive at the new place or destination, burn the boats! There is no turning back now!
For the little guy......
To my friends:
After speaking to so many Merchants, Resellers, ISO's. and Agents. I thought to write a brief article about EMV issues. There is a new phenomena I will call "default land." This is the mystical place where the things you do not understand about EMV and the related changes fall into this bucket of someone else's responsibility. What you don't know will hurt you.
I am biased to the First Data world as well but some of the core concepts will be applicable to other Payment Processors.
There are many differing kinds of vendors. In the end, these vendors either resell stand-alone devices, or usually sell integrated POS systems in a bundle of some sort. At the end of the day, you need to be compliant with the EMV mandates in terms of equipment that the merchant uses, as well as the practices that are new as a result of EMV formatting. I will address the topics that might appear in the checklist.
There will be a number of additional fields that will be required for certification due to the token number that will be sent back along with the transactional information. No more padded cc numbers. Your clients will need to redesign their receipts to handle all of these token-related fields. Your token id number should have the same last 4-5 digits as the original card but look like nothing like standard card numbers. More fields will be required.
Current Terminal type and number
The Replacement Process where a one-to-one relationships occurs for Stand-Alone terminals will be matched by replacement EMV terminals that read the EMV chip and pin.
This is an ideal time to sell-up and add possible functionality to simple stand-alone terminals. A breakout of each terminal by device number and specific functions would be helpful for large accounts that have an agreement for swapping our devices.
There are devices that will support Ethernet and wireless that you replace that may give the merchant additional functionality when they get this device.
Current POS systems
This is complex. Most vendors of integrated POS systems have been working on supporting the new EMV standard as it is captured using a number of devices:ApplePay NFC data, EMV readers stand-alone, EMV all-in-one devices, and Portable devices.
This is a great opportunity to sell-up but it requires in some cases to gather information, like installation date, machine type, OS level, drivers used, and current card readers. It may be that the current Integrated POS systems go back 25 years using very simple and direct coding styles that propose a security risk. This is an opportunity to resell large bundles of Hardware, Software, and Support to clients that want to use this time as a meaningful upgradeto their legacy systems.
There is going to a be lot of capital flowing into these aforementioned areas. Any agent or ISO or vendor who inventories the target market will be better prepared to handle the 2015 crush that will be happening in the next two months.
Lastly, training for the new systems. Unlike before, there is going to be a lot of new orientation time to get people familiar with the replacement equipment and the new functionality.
"Default land" will disappear as the industry embraces the reality that EMV introduces. Business as Usual Myth #1.
For the little guy.....
We have been working with various payment processors and the newest of technologies for the last 12 years. We have discovered that there is a direct way to move the older technologies forward without paying exorbitant costs to move to the new EMV paradigm. It wasn't easy and it required discipline, but we can do this for you with the right people in the room.
In doing this, it required us to provide a unique approach that was streamlined and allowed our customers to speak in business English. No technical mumbo jumbo.
Our approach also allowed our customers an option of taking the existing code base that the VAR reseller or ISV currently uses and plug-into our solution that connects these older code frameworks to the new stratagem-EMV Chip-based technology.
We continue to use our Systems Integration technology called "Parallel Systems Integration Methodology™" and allow customers to move only the necessary code to make sure they are in compliance with the new mandates. We scale this to the size of the scope of the project.
The other option was to "burn the boats" and start anew with a fresh application approach whereby your company could leverage their market share, and yet simplify the coding necessary tor making the whole project go smoothly by using our AuthPayX EMV inside™ technology.
We have taken a hybrid approach to minimize time to market and bring the best of technology, people, and methodologies so that rather to experiment and discover, you are patiently ushered through our process where all of the aspects of integration and implementation are covered, independent of language, OS, or prior coding efforts. Technology is the easy part, getting the customer experience right is the key.
This is all done with the mind to having a peaceful ("secure") LAN environment in each of your store locations.
For the little guy......