It is currently Fri Dec 15, 2017 9:24 pm

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 19 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: The current situation with credit cards
PostPosted: Fri Jul 17, 2015 3:12 am 

Joined: Thu Nov 22, 2007 5:46 am
Posts: 2455
Location: S.F. Bay Area
This is an article I originally wrote for internal consumption but I'm posting it here, as others may find it interesting.

What is the risk to you if you take credit cards, with these new hacking threats? Target, Home Depot, Staples, Kmart now, and the like. Generally when it hits a small business, it bankrupts them 80% of the time. What does it is the cost of the post-incident PCI-DSS audit, shock of having your credit card revenue stream frozen, paying for fraud losses, card replacements ($50 each! youch!) and penalties.

This new threat is a convergence of several things. Malware/cracking tools (software and gadgets) have been packaged to require less technnical skill. So now you have meth-heads sticking skimmer boards inside gas pumps (turns out they all have the same key) or tapping the card swiper's phone line. The hack devices often have WiFi so the hackers can collect purloined data while literally "driving by". Or if your swipers or point-of-sale (POS) PCs are on the Internet or local WiFi, they can attempt penetration that way, or by convincing a staff member to put a USB stick into a PC. POS systems are mission-critical, so merchants are reluctant to change them. Microsoft dropped security support for XP. Mafias have gained skill at "turning credit card data into cash".

The credit industry says "Merchants, meet us halfway. Practice Payment Card Industry Data Security Standards." (PCI-DSS) This standard applies to:
- every PC/device/phone/tablet that handles unencrypted credit card data
- any network it's on
- every other PC/device and network on that network
Essentially anything that could eavesdrop or spread a virus to it. And you have to certify that you're following industry best practices in security, network topology, software updates, physical access, the works.

What does compliance involve? Start with the Self-Assessment Questionnaire. (I don't mean for you to actually do it, I just am illustrating that it is very burdensome.)
https://www.pcisecuritystandards.org/me ... t_form.php
Youch. You may be money ahead to find an alternative that avoids PCI-DSS entirely.


And that is where I'm going with this article. As a side-effect, it will avoid creating a traditional merchant account. I am writing this to a novice audience. So this may rub raw against your experience with traditional merchant accounts. Sorry, but things in your reality (batches, mid-qualified etc.) are not universal, as you'll see.

If you want to stick with a traditional merchant account, you will need to comply with PCI-DSS. That means completing that questionnaire. Really, it means fixing every one of the things in your business which resulted in a "red flag" answer. Lying will get you in even bigger trouble if there's an incident.

A very large business (not any railway preservation group but perhaps NPS at large) needs to complete a larger questionnaire and also do pre-emptory technical audits at their own expense.

So how do we avoid all that?

-----------------------
Walkup and online transactions

> Wouldn't Paypal be secure?

Yes. For walkup transactions, Square or PayPal Here with the triangular headphone jack fob is an excellent way to avoid PCI-DSS issues entirely. Why them? Because the swiper fob (itself) has an embedded microprocessor and is capable of a secure, encrypted link called "Point to Point encryption" (P2PE) with PayPal's servers. The phone itself only handles the encrypted traffic and cannot decode the credit card numbers. As a midpoint in a P2PE link, the phone and your network is exempt from PCI-DSS.

Provided you don't hand-key credit card numbers into the phone. If you did, it would throw the phone, the network, everything into PCI-DSS. No such thing as a little bit pregnant!

And by "phone" I mean tablet. You can get cellular data for a tablet as low as $25 per 3 months with no contract at all.

----------------
Web site sales, donations, online ticketing etc.

For web sales and donations, I suggest PayPal and Amazon. Again all the credit card handling happens on servers in California, and they deal with PCI-DSS. I recommend both, because almost everybody has one or the other but many are resistant to signing up for the one they don't have.

Instead of hand-keying credit card numbers for phone sales, I suggest getting their email address and sending a PayPal invoice (or Square or Amazon equivalent). They do not need to create a Paypal account for a one time payment. Better yet, have PayPal or Amazon "Buy" buttons on your site for anything they might want to get!

Paypal also allows people to charge memberships and have those charges recur annually. Which is kinda cool.

For online ticketing, I recommend a vendor who does not require you to have your own merchant account. Using your merchant account on their system makes you liable for PCI-DSS compliance on their system … a system you cannot audit. Awkward!

-----------------
Merchant accounts

Now if all you're doing is using an old "swipe and dial" credit card machine, that's probably pretty safe assuming your phone isn't tapped by one of the new hacker gadgets. But soon (or already) you'll be pushed into a swiper with an ethernet port. And then some clever volunteer will decide to sever the $50/month dedicated landline, and plug it into your network. Whoops.

Generally when people talk about merchant accounts, it’s about price. That's because almost all discussion of merchant accounts comes from salesmen who get paid $600 commission to get you to switch providers... and they sell exclusively on price. And I think that's a serious mistake because of the severity of the hacker threat. This is no time to save 0.13%. So like I say, this discussion will rub raw people inculcated in that thinking.


First let me tell you the rates for Square and PayPal Here. Otherwise you won't believe me lol! Square is 2.75%. Fee on a $4 sale is 11 cents. PayPal Here is a smidge cheaper at 2.70%. Traditional merchants are going "Yeah but what about..." No. Really. The rates are THAT simple.
http://www.cardfellow.com/blog/paypal-here-vs-square/

Now compare to the traditional merchant accounts (just try to watch this): https://www.youtube.com/watch?v=JHv-OyEYLCw
(ok and since I wrote this, the guy privatized the video. It’s very byzantine.)
Whaaaaaaaa------?

Can we get to brass tacks? Look at the first example in the vid.
> Find the gross sales - $3722.14
> Find total fees - $185.18, top of page
> Divide. I get 4.98%. That's ridiculous!!! Probably because pages 2-3 have per-month fees for machine rental etc. and too little business to spread them across. Also the auth fees really hurt when your transactions are small. (101 transactions, so $37 average transaction size.) But that is typical of rail museums. When the auth fees are 35 cents, that's 1% of $37 right there!

Even if we ignored the monthly fees, looking at only the Mastercard fees on the first page, I see $31.40 fees on $1198.80 gross, or 2.62%. That's only slightly below PayPal Here's 2.70% rate and Square's 2.75. In fact if he had Square, his bill would be $102 instead of $185.

The second example is like a furniture store. Only 13 transactions, $6000 total, nearly $500 per sale. And only a $9.50 monthly fee. No machine rental so he purchased it (ouch) and that's not in his total costs of 2.1%. PayPal Here would have cost him $37 more, but that's pretty cheap for bulletproof anti-hacking insurance.

-------------------
Square, PayPal Here, etc.

The credit card security working group has taken the position that if it goes on a smartphone, it better have P2PE from the fob to the servers (as PayPal Here always did, and the new Square readers now do). If not, your devices, networks etc. will be subject to PCI-DSS.

The swiper devices are a great bargain - free! At least for the first few. An excessive number of them will cost you $10-15 each.

The swipers and apps are generic: not wired to your account until you log in. That means if you have a cashier who also uses PayPal Here in his private life, he can use his same phone and swiper simply by logging in with his railroad account.

Create separate logins for each cashier. You set any privileges you want: ring up sales, refund (to original customer/card only), see reports, etc. If that person goes rogue, or a password is compromised, it tightly limits the damage they can do.

So far we've relied on members with smartphones. If the railroad wanted to own its own, don’t get a phone, get a tablet. You can buy a 4G tablet without contract for $350 or less. Then buy your data seasonally. I pay AT&T $25 and get 1 gig with 90 days to use it, more than plenty for official purposes (credit cards, ticket scanning/management).

The apps for PayPal Here and Square have "point of sale" or "smart cash register" features which let you set up inventory items and quickly ring up 3 adults 2 children and 5 cans of soda. Customers get receipts either via email or text message.

The field is moving very fast right now and several things are emerging.

Chip cards. This uses a wired connection (i.e. brushes) to communicate with a “smart chip” in the card, which makes “card present” transactions much more secure. Banks are issuing them already and the industry is 100% behind it. But it requires a different reader. Traditional merchants will have to buy an expensive swiper/printer. Square and PayPal will have dual-mode or tri-mode readers coming out quite soon in the $30 range. The official cutover date is October 1, 2015 - right in the middle of our fall seasons, joy.

Near Field Communication - it’s bigger than Apple Pay. This is like chip-and-pin except with a wireless connection to a much more expensive customer-owned device such as an iPhone 6. This is not as certain as chip cards, but Apple does have the market power to make ‘fetch’ happen. It’s not clear to me if the new chip-and-pin card readers also have a near-field-communication antenna on board. If not, we may soon need to replace our readers again.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Fri Jul 17, 2015 5:35 am 
User avatar

Joined: Mon Aug 05, 2013 2:42 am
Posts: 1679
Location: Seattle, WA - Land of Coffee
Robert,

Very interesting info, and thanks for sharing. Regarding chipped cards, from what I've heard and read, the U.S. had fallen behind Europe and Asia, where these more secure cards are already the norm, and this has been a factor in the widespread transaction hacking issue the last several years.

_________________
Ted Brumberg


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Fri Jul 17, 2015 10:54 am 

Joined: Fri Jan 08, 2010 10:08 pm
Posts: 253
Location: Amherst, Oh
I can chime in a bit.

- NFC and EMV are different technologies and are not co-dependent. Meaning an EMV reader may or may not also have NFC.

- Apple Pay is a type of NFC. In breaking from typical Apple fashion instead of designing their own standard they're just using an exist one. Good job, Apple!

- Is EMV safer? Yes, but not fool proof. One of the big reasons that EMV is being pushed is because it shifts liability. Right now if my card is hacked I go to the bank and they take care of it. Once EMV is around the bank is going to ask "do you have an EMV card?" and if I do then the liability will shift to the merchants and/or customer. This means that if one of your customers has an EMV card but you don't accept EMV then you could be liable if their account is hacked.

http://usa.visa.com/merchants/grow-your ... -shift.jsp


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Fri Jul 17, 2015 1:04 pm 

Joined: Mon Aug 23, 2004 3:01 pm
Posts: 1442
Location: SouthEast Pennsylvania
What do you do for customers who want a printed receipt because they don't have e-mail or text phone? Is there a secure solution besides refusing the sale?
Are you required to have a network to accept credit and debit cards?


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Fri Jul 17, 2015 1:10 pm 

Joined: Fri Jan 08, 2010 10:08 pm
Posts: 253
Location: Amherst, Oh
We've never had somebody ask for a receipt. We offer to email it to them or tell them it'll appear on their statement. Everybody (so far) has been okay with those options.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Fri Jul 17, 2015 10:44 pm 

Joined: Sat Apr 15, 2006 9:55 pm
Posts: 255
Location: San Diego area
Any credit card transaction I make, I always ask for a receipt. Once a $50.00 transaction showed up on my statement as $500.00. With the receipt it was very easy to get the statement corrected. Without a receipt, who knows how long it would have taken to get squared away.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Sat Jul 18, 2015 1:15 am 

Joined: Thu Nov 22, 2007 5:46 am
Posts: 2455
Location: S.F. Bay Area
JimBoylan wrote:
What do you do for customers who want a printed receipt because they don't have e-mail or text phone? Is there a secure solution besides refusing the sale?

Yes, there are several printers that can attach wirelessly to smartphones and tablets, and some are battery powerable. There are also point-of-sale solutions built around Square and competitors. I've never lost a sale over inability to print.

Security is not a factor in printing receipts, since there isn't sensitive data on the receipts.

Quote:
Are you required to have a network to accept credit and debit cards?

Nope, just a cellular signal. They all carry data now. You'll use a Square or competitor device with any of these:
- smartphone
- tablet with cellular ability ($100 extra to buy) and data service ($25 per quarter, no contract).
- A MiFi hotspot allowing your WiFi-only devices to attach ($50/month when you want it, no contract.)
- WiFi being fed from a wired network line

If your ticket office is in a cellphone reception pit, then you'll need to provision a wired internet connection of some kind and attach a WiFi router. Routers can be chained if you have to cover a large area.


Jim, if you had an issue with a transaction with any entity I'm involved with, just ASK... I'll bend over backwards to get you the data you need, even printing out a receipt and sticking it in an envelope. That's not altruism. Electronic transactions save us a LOT of time and trouble, so having our customers be at ease with them is worth more than the $450 we might trick out of you. Also, you'll eventually win, and I don't want the bookkeeping annoyances of having refunds cross tax years or settlement periods... having to convince the Board to send a check to the ticketing company because a refund was issued after our last payout for the year... etc.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Sat Jul 18, 2015 5:58 am 

Joined: Thu Apr 14, 2005 9:34 pm
Posts: 1896
Location: Copenhagen, Denmark
I used to have a mail order business where I accepted credit cards.

The cost of accepting credit cards is much lower than it used to be 20 years ago, and the ease of managing the process is much better. You can shop around and find merchant banks that will give you whatever package best suits your needs. Terms will differ according to volume and whether you physically place the card in your reader.

It used to be you had to pay an outrageous rental fee for the card reader, but there are many of these in circulation used now, and you should try to buy your own, say on eBay. Car readers that attach to mobile phones are very common now, but I have not priced them or their service contracts.

There may be merchant banks that charge a higher fee for swiping the magnetic strip of a card which is chip equipped. Which means the older car readers are now obsolete, and you will have to buy a new card reader. However, I have recently seen a very compact chip card reader with a PayPal logo. Wireless card readers with attached printers are very popular here in Europe, but I never see them in America.

Security and liability

The primary security risk occurs in situations where you store the card and customer information. Most retail shops have no reason to do this. Only big stores that are saving this information for purchase analysis or ongoing customer accounts do this (like when they want to look up receipts based on your credit card).

If you have a basic card reader, and you process a retail transaction, you are not saving the customer information. There is no database of customer data for a hacker to break in to. And you are certainly not collecting name, address, etc. and linking it to credit card numbers.

So to switch customers to some other payment method out of fear of crime is not a reasonable improvement in security nor very helpful to the customer.

By the way, a handwritten receipt to your customer is perfectly reasonable, and it does not need to have the credit card number written on it. The receipt is not for you, it is for the customer to prove what the correct bill amount was, as someone else noted, so really all it needs is amount, vendor, and date. Maybe some transaction id in case the same customer runs multiple transactions on the same day.

Generally, in the event of a dispute, credit card users have all the protection, and can pretty easily get their payments to you reversed. I once had a customer that simply forgot they had made the purchase. They made a complaint to their bank, and the transaction was reversed and the money debited from my account before I even received notice! I had to call the customer and get them to agree to run the charge again. With credit cards, you have to really work and document things if you feel customers will renege on their purchases, but in most of our businesses we can rely on a high good faith in our customers.

Some percent of your transactions will be disputed or fraudulent, and you have to budget for that in you plan. You have to decide how much your time and energy is worth in preventing these or fighting disputes.

The power relationship is significantly different for debit cards, and transactions are not easily reversed, and this is a weakening of consumer protections, but it does allow the transaction fee to be lower for debit purchases.

###

_________________
Steven Harrod
Lektor
Danmarks Tekniske Universitet
Institut for Systemer, Produktion, og Ledelse


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Sat Jul 18, 2015 7:35 am 

Joined: Thu May 24, 2012 1:37 pm
Posts: 907
Quote:
Generally, in the event of a dispute, credit card users have all the protection, and can pretty easily get their payments to you reversed. I once had a customer that simply forgot they had made the purchase. They made a complaint to their bank, and the transaction was reversed and the money debited from my account before I even received notice! I had to call the customer and get them to agree to run the charge again.


Complicating this: for legal reasons the notice of a chargeback will be mailed to your address of record, and usually there is only a day or two to respond. Your response will have to be by fax or mail (not e-mail with attachments).

When there is a dispute like this, as noted the 'usual response' is to perform the chargeback immediately. One key here is to keep good records about what particular charges are for, ideally including access to receipts that show the transaction ID, etc. Even when there is no 'paper receipt' your service provider should be able to generate a receipt using one of the 'reports' functions. Another key is to call the 'bureau' handling the process PROMPTLY, and establish a personal contact with someone who will be handling the inquiries.

BTW: at least one of the local 'tablet-based' POP systems can produce paper receipts, from what looks like a typical 'calculator-tape' printer, when the client asks for it. I can find out details if anyone wants them.

_________________
R.M.Ellsworth


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Sat Jul 18, 2015 11:07 am 

Joined: Thu Apr 14, 2005 9:34 pm
Posts: 1896
Location: Copenhagen, Denmark
p.s. you probably will have different policies for different sales. Ticket sales for the train ride have a very low documentation, but if you sell a $995 Marklin train set from the gift shop, you are going to want to really document that credit card transaction (and get a signature).

_________________
Steven Harrod
Lektor
Danmarks Tekniske Universitet
Institut for Systemer, Produktion, og Ledelse


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Sun Jul 19, 2015 10:22 am 

Joined: Wed Oct 22, 2008 8:18 pm
Posts: 2097
its back to cash, no hacker can take it, virtualizing money is the first step to hacker money fun.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Mon Jul 20, 2015 3:14 am 

Joined: Thu Nov 22, 2007 5:46 am
Posts: 2455
Location: S.F. Bay Area
softwerkslex wrote:
I used to have a mail order business where I accepted credit cards.

The cost of accepting credit cards is much lower than it used to be 20 years ago, and the ease of managing the process is much better. You can shop around and find merchant banks that will give you whatever package best suits your needs. Terms will differ according to volume and whether you physically place the card in your reader.

It used to be you had to pay an outrageous rental fee for the card reader, but there are many of these in circulation used now, and you should try to buy your own, say on eBay. Car readers that attach to mobile phones are very common now, but I have not priced them or their service contracts.

It's quite a bit different for mail-order, because that is a "card not present" transaction. In any case, in this day and age most of your sales will be web based with a web store and shopping cart, and your processing will be bundled with that.

Do not buy a used reader. They are obsolete and may have security or hacking issues. Chip card readers will be mandatory as of October 1 2015, so buying a non-chip reader is insane.

By "mandatory" I mean fraud liability is being transferred to merchant AND processor jointly if you don't have a chip reader. So your processor is going to make you upgrade.

And your next reader should also support NFC (Apple Pay and competitors). Also, you should ONLY accept a P2PE device. If your processor wants too much for that, you are too small for traditional processing to be cost-effective for you. You should be on Square or competitors.

You can go swipe-or-chip for $30 https://squareup.com/shop/reader
or chip-and-NFC free (or $49) when it ships. https://squareup.com/apple-pay

They include an elegant POS and they "scale up" modularly - printer, secure stand, cash drawer, barcode reader, etc. For a merchant's price for a chip+NFC reader, you could have a pretty deluxe Square station. And be mobile.

And in the off chance you didn't believe the 2.70% for PayPal Here...
Attachment:
Screen Shot 2015-07-19 at 7.11.21 PM.png
Screen Shot 2015-07-19 at 7.11.21 PM.png [ 28.9 KiB | Viewed 3181 times ]

That is "all in" . All fees included: nonqual, approval fees (notice the 8 cent fee for a $3 transaction), batch fees (none), PCI-DSS fees (none), monthly fees (none), machine rental (it's free) etc.


Quote:
Security and liability

The primary security risk occurs in situations where you store the card and customer information. Most retail shops have no reason to do this.

Nope, "stolen laptop/hacked server" was last decade. I discussed the new threat in OP. An Internet-connected credit crad swiper machine is also vulnerable, as it is a small PC with Windows CE usually, or Linux, and all the security flaws of Windows. (who runs 'software update' on a credit card machine?) They get spyware with a keylogger on there, and it's curtains. This new threat is why PCI-DSS and P2PE are a big deal.

Quote:
Only big stores that are saving this information for purchase analysis or ongoing customer accounts do this (like when they want to look up receipts based on your credit card).

If you have a basic card reader, and you process a retail transaction, you are not saving the customer information. There is no database of customer data for a hacker to break in to. And you are certainly not collecting name, address, etc. and linking it to credit card numbers.

NO NO NO! You're saying security is only a "big store" problem. Nope, it can nail any small business, and when it does, 80% of them go bankrupt.

It is totally OK to store CC#'s proper. Target was storing OTHER numbers, specifically mag-stripe data or CVV2, which you're not allowed to store. Recurring payments don't require a CVV2 on following payments. But that was only a sidecar. The real issue is - as could happen to any of us - Target's network was hacked, which means the thieves could have skimmed the data in-real-time, and probably were too.

The big companies get in trouble because they think if they send enough of their security people to DefCon and Blackhat conferences, they can make their networks secure. They cannot. Neither can you. See OP.

Quote:
So to switch customers to some other payment method out of fear of crime is not a reasonable improvement in security nor very helpful to the customer.

I agree with your sentiments here, but credit card processing IS dangerous and can kill your business, unless you take the three essential steps:
1) use P2PE readers
2) Don't key numbers. Don't swipe after October 1. Use chip or NFC.
3) For online transactions always use a safe third party like PayPal, Amazon Payments, Square Payments, JustGive, Kickstarter, etc.

We use a commercial ticketing company (WhistleTix; BrownPaperTickets) for all our advance ticket sales. We use their merchant account, not our own, for a small surcharge. This makes us immune to PCI-DSS.

Quote:
By the way, a handwritten receipt to your customer is perfectly reasonable, and it does not need to have the credit card number written on it. The receipt is not for you, it is for the customer to prove what the correct bill amount was, as someone else noted, so really all it needs is amount, vendor, and date. Maybe some transaction id in case the same customer runs multiple transactions on the same day.

Excellent advice, I have to admit I never thought of that. Most people settle for email or text receipts, but I'll have to develop a paper receipt.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Mon Jul 20, 2015 9:40 am 

Joined: Thu Apr 14, 2005 9:34 pm
Posts: 1896
Location: Copenhagen, Denmark
Robert seems to have the most recent information, and it looks pretty darn easy to me.

Robert shows for $49 you can buy a super deluxe secure card reader. Back in 1997 I had to sign a three year lease on a telephone line reader and I think it was like $50 PER MONTH, NON CANCELLABLE. Then when the lease ended I think they made me pay $250 to buy out the device.

And I think my transaction fee was like 3.95% in the beginning, plus a $0.45 processing charge. And Discover card had like a 5% fee. By 2000 I had a better deal and I think the fee got down below 2%, but I had a good merchant credit history.

So, in summary:

1) get a good, modern card reader
2) Use a reliable, strong merchant bank
3) Don't integrate all this stuff with your internal data systems
4) The bank fee is the cost of doing business (safely and correctly). Make sure that fee means they are taking responsibility for the risks.

AND DON'T TAKE CHECKS! You will never get the money, even if you have complete, accurate identification on the check writer.

_________________
Steven Harrod
Lektor
Danmarks Tekniske Universitet
Institut for Systemer, Produktion, og Ledelse


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Mon Jul 20, 2015 1:11 pm 

Joined: Sat Sep 04, 2004 10:54 am
Posts: 743
Location: Tucson, Arizona
JimBoylan wrote:
What do you do for customers who want a printed receipt because they don't have e-mail or text phone? Is there a secure solution besides refusing the sale?
Are you required to have a network to accept credit and debit cards?


In our office (government), we print out a receipt for the filing fee that is generated by our case management system. No financial information is input other than the amount paid and the method of payment. The credit card processing system is standalone and only transmits the credit card information to the bank. Our customers get both a receipt printed by the cc processing system and a receipt printed by the case management system.

All of our card readers have been upgraded to accept chip embedded cards. Operationally there is no difference from any other POS reader other than you insert the card into it and leave it inserted until the machine tells you to remove it. The system we have is slaved to the magnetic strip reader which also has the printer built in.

_________________
"When a man runs on railroads over half of his lifetime he is fit for nothing else-and at times he don't know that."- Conductor Nimrod Bell, 1896


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Mon Jul 20, 2015 8:34 pm 

Joined: Thu Nov 22, 2007 5:46 am
Posts: 2455
Location: S.F. Bay Area
And I'm getting heat from my organizations to have a single, integrated cash register and card reader, so they don't have to cross-key the sale amount into a different machine. (Which is about time more than anything else). For that, you either need to be at the huge IBM-grade POS machines like big-box stores use (which have severe security issues) -- Or the new-fangled Square and competitors, which have P2PE in the reader.


The $50 for the Square reader, they will kick it back to you in reduced or waived transaction fees. And while I really like the pending Square reader, I am absolutely in love with this new PayPal reader. Like Square, it is completely separate and wireless, so it can go "out front" while your tablet is out of reach.
https://gigaom.com/2015/03/02/paypal-ac ... e-readers/

It has a keypad. Now in America, chip-and-PIN is actually being implemented as chip-and-signature, because marketers have determined Americans don't want to remember yet another number. You might still need to take a PIN for foreign customers or for someone using an ATM card in ATM mode. The reader has a keypad, so customers will enter it there where it is secure via P2PE, rather than on your insecure tablet/phone.

The device is wireless via bluetooth, which receipt printers also use. It does have its own battery and needs to be charged nightly. Reading chips takes more power than a phone can supply up a headphone jack.


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


 Who is online

Users browsing this forum: Bing [Bot], Clyde Putman, Dennis Daugherty, Exabot [Bot], Google [Bot], jmlaboda, Mount Royal, PMC, Yahoo [Bot] and 53 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: