UCP-Inc

Unattended Card Payments Inc. (UCP Inc.) is dedicated to providing EMV compliant Hardware and Payment Gateway solutions for Unattended card payment terminals in the North American market.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts
10
Jul
0

We Have Expanded to a New Location!

Posted by on in Uncategorised

We are excited to announce that UCP Inc. has moved to a larger facility to make room for our growing staff and ever increasing inventory of self-service and retail payment solutions. If you are in the Las Vegas area and would like to come by the new offices just let us know. We would be happy to show you around!

 

UCP Inc. - Specialists in Self-Service Cashless Payment Solutions 

6655 S. Tenaya Way Suite 180

Las Vegas, NV 89113

Tel: (702) 802-3504

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. 

Continue reading
Last modified on
Hits: 51
18
May
0

Acronyms in EMV: what do they all mean? Edition 4 DUKPT

Posted by on in Uncategorised

       Today we are going to discuss DUKPT (Derived Unique Key  Per Transaction). The DUKPT is created using an initial master key also known as the BDK. The initial key and KSN (Key Serial Number) are injected into the device. Once the initial key is injected into the device it creates a group of future encryption keys. DUKPT generates a one-time encryption key for each transaction from the secret master key (BDK). The one time keys are discarded after each transaction, and the encrypted data has to be decrypted at the other end of the transaction (at the gateway or processor). The master key is shared with the decrypting device, but the master key isn't actually used for encrypting and cant be recoverable from the one time encryption key. DUKPT is a great and useful tool to help keep your clients card information secure.

Continue reading
Last modified on
Hits: 104
16
May
0

Could electric car charging be the next big thing for unattended EMV?

Posted by on in Uncategorised

            You might have noticed car charging stations recently in many garages or parking lots that you have been in. Electric cars are becoming more affordable, and providing a longer range between charges. The global EV charger market is expected to grow to more than 12.7 million units by 2020 according to the IHS. Auto manufacturers are constantly making new advancements. Porsche is working on technology now that will enable you to charge a vehicle up to 240 miles in just 15 minutes. This is a rapidly growing industry, and the charging stations are using EMV technology to collect payments. Interactive kiosks will play a large role in this new industry doing everything from collecting payments to displaying a business advertisement on the screen. ABB the world’s leading manufacturer of auto charging stations has implemented EMV technology into their charging stations already.

            EMV smart chip technologies insure that the user’s financial data is more secure. The NFC (Near Field Communication) gives users extra security through their smart phone payment platform such as Apple Pay or Android Pay. A large portion of EV drivers are very into technology and this makes the experience more convenient for them. The OTI Trio is a perfect set up for this growing industry. The Trio has a small compact size and is a 3-IN-1 device that allows you to use the EMV chip, Mag stripe, and also NFC contactless payment methods. The Trio is also very durable and can be used indoors and outdoors. Unattended EMV technology has already become common place in retail, and restaurant settings but one of the next major industries to use this technology will be the EV charging stations!

 

For more information on the choices available to you please contact us!

 Unattended Card Payments Inc.

 This email address is being protected from spambots. You need JavaScript enabled to view it.">This email address is being protected from spambots. You need JavaScript enabled to view it.

 Tel: (702) 802-3504

 

Continue reading
Last modified on
Hits: 131
09
May
0

The Impact EMV Has On Kiosk Owners

Posted by on in Uncategorised

   b2ap3_thumbnail_dbr__EMV_Shift.jpg

The Impact EMV Has On Kiosk Owners

As a kiosk owner you may be wondering what the impact of EMV will have on your kiosk business. To answer this we need to analyze what being EMV enabled means, and what will happen if you’re not upgraded. EMV (Europay Mastercard and Visa) is a global payment standard created by the major credit card brands. EMV uses the embedded microprocessor chip on your new credit card. This chip is replacing the old magnetic stripe as the means to convey your account information to a terminal. The mag-stripe cards are less secure, and the information on the mag-stripe can be easily retrieved and replicated. This leaves cardholders at risk for their account information being used to create cloned fraudulent cards.

EMV is technically a choice for merchants.  With that being said, a merchant who has not implemented this technology will be liable for fraudulent mag-stripe transactions performed at their kiosks. The liability deadline was October 2015, but most experts don’t expect the majority of merchants to be upgraded for another 3-4 years. Last summer merchants handling low value transaction (under $25.00) were given a grace period for liability. This includes many kiosks and vending machines. When this grace period ends you need to make the upgrade to EMV. Card issuers will hold you liable for fraudulent credit card charges if your payment equipment is not EMV compliant.

 

Many businesses have experienced challenges while trying to implement EMV technology, and because of this credit card issuing companies have given businesses more time to comply. The credit card companies want to support merchants, and help reduce credit card fraud. Kiosk operators have been slower to comply with this than larger companies. Seventy-six percent of the 200 largest merchants are now able to accept cards with EMV chips. Don’t feel overwhelmed as a kiosk owner. Payment equipment manufacturers have created many EMV compliant devices, and there are many pre-certified software solutions available to integrate these devices to your kiosk’s application. The easiest way for businesses to begin the compliance process is to find a technology partner that they can trust.

 

For more information on the choices available to you please contact us!

Unattended Card Payments Inc.

This email address is being protected from spambots. You need JavaScript enabled to view it.

Tel: (702) 802-3504

Continue reading
Last modified on
Hits: 132
0
06
Jan
0

UCP To Attend Retails Big Show NRF 2017

Posted by on in Uncategorised

b2ap3_thumbnail_1477224827239.png

Unattended Card Payments will be attending the National Retail Federation's annual Big Show at the Jacob Javits Center in New York. Will you be there? Contact us to schedule a meeting to discuss your self-service payment needs. 

Unattended Card Payments Inc.

Contact:

This email address is being protected from spambots. You need JavaScript enabled to view it.

or

(702) 802-3504

Continue reading
Last modified on
Hits: 309
0
01
Jul
0

UCP Gets 2nd Place in Unattended Retail Tracker June 2016 Report

Posted by on in Uncategorised

b2ap3_thumbnail_Screen-Shot-2016-07-01-at-9.04.04-AM.png

Unattended Card Payments Inc. earned a total of 83 points to come in second place in PYMNTS.com's Unattended Retail Tracker June 2016 report. The coveted number one position was earned by multinational hardware manufacturer Ingenico with a total score of 88. Congratulations to Ingenico and all the others who made the cut.

To learn more and download the report go click HERE

UCP Inc.

This email address is being protected from spambots. You need JavaScript enabled to view it.

Tel 702-802-3504

6635 S. Tenaya Way Suite 100

Las Vegas, NV 89113

Continue reading
Last modified on
Hits: 642
0
16
Jun
0

UCP has Ingenico iUC285 Beta units

Posted by on in Uncategorised
b2ap3_thumbnail_iUC285.jpg
 
Unattended Card Payments Inc. Begins Shipping the iUC285 in the U.S.
 
As a value added reseller of Ingenico unattended hardware, UCP Inc. is pleased to announce that we have received the first shipment of iUC285 beta units and are ready to supply this new payment device to interested integrators. The iUC285 is an all-in-one chip, contactless, and magnetic stripe reader. It is competitively priced and outdoor rated, making it an ideal payment terminal for self-service solution providers. The iUC285 is part of the Telium family of smart terminals, making it a good fit for integrators looking to cut down on complexity by using a comprehensive manufacturer provided Integration Kit.  “We are excited to have this device on our shelves and look forward to seeing them working in the field.” -Rob Chilcoat, President of North American Operations.  
 
To learn more and download the product brochure click here.  
 
Unattended Card Payments Inc.
Tel 702-802-3504
This email address is being protected from spambots. You need JavaScript enabled to view it.
www.ucp-inc.com
Continue reading
Last modified on
Hits: 1005
0
12
May
0

UCP to Distribute oti EMV Solutions in the North American Unattended Payments Market

Posted by on in Uncategorised

ROSH PINA, ISRAEL and LAS VEGAS, NV -- (Marketwired) -- 05/11/16 -- On Track Innovations Ltd. (oti) (NASDAQ: OTIV), a global provider of near field communication (NFC) and cashless payment systems, has partnered with Unattended Card Payments (UCP), a Las Vegas-based provider of self-service payment solutions, to offer oti's SATURN 6500 TRIO readers and CONNECT 3000 telemetry controller as part of UCP's standard portfolio of products for the North American unattended payments market.

As an Independent Sales Organization (ISO), UCP specializes in unattended payment solutions across various market verticals, including the leading EMV-focused total solution provider in the North American self-service market.

oti's SATURN 6500 TRIO is an innovative modular reader that provides multiple payment options to the unattended market segments. TRIO can be installed modularly, allowing self-service operators a simple retrofitting option with a variety of configuration choices, including:

  • Contactless only;
  • Magnetic stripe only;
  • Combined magnetic stripe and contactless;
  • EMV contact only;
  • EMV contact and contactless; and
  • EMV contact, contactless and magnetic stripe (three-in-one).

"oti's innovative product line offers a comprehensive combination of certified-EMV solutions and reliable performance at a competitive price," said Rob Chilcoat, President of North American Operations of UCP. "This is particularly important for our customers because it allows them to quickly and affordably comply with EMV standards, while reducing their liability for fraudulent transactions. The multi-modal payment functionality also lets them capture the maximum amount of sales possible, as consumers transition from card to mobile payments."

Gonen Ziv, president of oti America, added: "Our partnership with UCP reaffirms the fact that our technology, functionality, and security in the payments industry is an ideal solution for many self-service operators. These benefits are the reason why many self-service solution providers continually turn to oti for our best in class product offerings. We look forward to working closely with UCP in furthering the reach of our EMV solutions in the American market." 

About UCP
UCP Inc. is dedicated to providing EMV compliant payments solutions for the self-service market in North America. For more information, visit www.ucp-inc.com

About oti
On Track Innovations Ltd. (oti) is a leader in contactless and NFC applications based on its extensive patent and IP portfolio. oti's field-proven innovations have been deployed around the world to address NFC and other cashless payment solutions, petroleum payment and management, cashless parking fee collection systems and mass transit ticketing. oti markets and supports its solutions through a global network of regional offices and alliances. For more information, visit www.otiglobal.com.

UCP Contact:
Rob Chilcoat
President of N. American Operations 
(702) 802-3505
Email Contact 

oti Investor Contact:
Scott Liolios or Matt Glover
Liolios Group, Inc.
949-574-3860
Email Contact 

oti Press Contact:
Neil Barr
Director of Marketing
+972-4-686-8004
Email Contact

Source: On Track Innovations Ltd.

http://investors.otiglobal.com/phoenix.zhtml?c=144733&p=irol-newsArticle&ID=2167424 

Continue reading
Last modified on
Hits: 592
0
22
Oct
0

Digital Wallets: Why should you take them?

Posted by on in Uncategorised
b2ap3_thumbnail_contactless-image.jpg
 
As new payment technologies are taking hold in the American market, one big question that merchants have is what the benefits of accepting contactless payments are. Studies show that there are many benefits to both consumers and merchants. In this blog article we will examine those benefits and hopefully help you decide if accepting contactless payments is the right choice for your business.
 
Benefits to your customers:
 
Some of you may remember the first contactless payment method that was introduced in this country. It was done by Mobile gas stations and billed as the "Speed Pass.” It was launched in 1997 and the commercials showed happy consumers waiving a key fob past their iconic Pegasus logo which magically lit up indicating the customer was ready to pump. Convenience is something the American consumer looks for in all things. Industry research has shown that contactless transactions are faster than traditional credit card transactions and far faster than cash transactions. Shorter transaction times ultimately leads to shorter lines and greater customer satisfaction. 
 
Aside from being the “speedier” option for payment, it also can help with security concerns. With contactless payments, the card (or device) never has to leave the customers hand. The fact that they don’t have to hand it off to a cashier, or insert it into a chip card reader to complete the transaction greatly reduces the chances of lost or left behind cards. It also addresses the possibility of a dishonest cashier or waiter covertly swiping the magnetic stripe of a card through a skimming device to steal account numbers. Mobile wallets like ApplePay and AndroidPay utilize the same NFC (near field communication) technology that contactless cards use. Merchants who are able to accept contactless payments will be well positioned to accept these digital wallet payments which are already very popular amongst younger and affluent consumers. Aside from being the new "cool kid on the block," digital wallets also use advanced security features like tokenization and biometric user authentication making them especially attractive to the occasional consumer suffering from identity theft paranoia. 
 
Benefits to your business:
 
The quicker transaction times we touched upon above definitely help your business by keeping wait times down and your customers happy; but it can also help increase your overall revenue due to potentially not needing as many cashiers on duty during peak business times. By properly educating your customers and staff on the benefits of contactless payment technology you can improve operational efficiency in your business.
 
Research suggests that consumers with contactless payment cards and devices often exhibit greater loyalty to the retailers that accept them. By implementing contactless integration into your existing loyalty programs you can motivate customers to purchase more frequently through cross platform incentives. Enabling your POS system to accept mobile phone based contactless payments represents a multitude of marketing opportunities by using personalized mobile couponing, and location-based marketing campaigns to communicate sales and incentives to consumers inside or nearby your locations. 
 
Find out more about contactless payment acceptance by contacting us today!
Tel: 702-802-3504
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.ucp-inc.com 
Continue reading
Last modified on
Hits: 998
0
18
Sep
0

Do you know what it takes to get past the EMV finish line?

Posted by on in Uncategorised

b2ap3_thumbnail_THE-COST--LEVEL-OF.png

 

Getting Past the EMV Finish Line

If you concern yourself with the kiosk industry enough to read this article it probably isn’t the first time the terms “chip and pin” or “EMV” have come up in your workweek.  In this write-up I hope to address some common misconceptions about EMV and how it effects kiosk manufacturers, ISOs, and kiosk business owner/operators.  By the end you should have a good idea of what it takes for all of these groups to get their products past the “EMV capable” finish line.

It is not just the hardware:

EMV hardware manufacturers and distributors have spent the last few years focused on educating ISV/ISOs and hardware integrators that EMV is not just a matter of buying a new piece of hardware. A true solution is dependent on a marriage of hardware and software; and as marriages go it also entails a commitment.  More on that to come…

EMV Levels:

EMV Level 1 means that a device physically meets EMV specifications for chip (contact), and in some cases NFC (contactless).

EMV Level 2 means that the firmware on a device performs to EMV processing specifications.

Both EMV Level 1 and Level 2 are the responsibility of terminal manufacturers. This hardware can be described as “EMV ready.”

Level 3 is achieved when a developer marries a device meeting the aforementioned Level 1 and 2 EMV specifications with their software, and commits to certifying it with a processor or processors, and then the card brands. This fully developed and certified solution can be described as “EMV capable.”

The cost and level of commitment:

The cost of this commitment can definitely set you back more than a designer engagement ring, depending on the ring of course. The cost and level of commitment varies greatly depending on the developer’s goals.

A developer can choose to pursue a direct certification with a processor (fully integrated) or decide to use a payment gateway which has already made a commitment to certifying a piece of hardware with a processor(s) (semi-integrated).

Fully integrated vs. semi-integrated:

A fully integrated approach to EMV is a time consuming a very costly endeavor and the end solution is fully within PCI scope. Historically speaking a fully integrated solution can easily take 8 to 12 months to develop and certify. The cost will be well over $100K all-in considering time, tools, and certification testing.  Then rinse and repeat for each processor you want to certify with.

A semi-integrated approach allows you to leverage the commitment of another company to complete your solution in a matter of weeks, and at an enormously reduced cost. In addition to the cost factor a semi-integrated solution also allows you to piggyback on your gateway partner’s PCI-DSS compliance. A semi-integrated approach eliminates your need for full-blown PCI and EMV evaluation. In most cases semi-integrated system architecture will allow for a PCI Self Assessment Questionnaire (SAQ) to obtain your attestation of compliance.  

Conclusion:

I hope after reading this you have a better understanding of why just picking a piece of hardware that meets EMV Levels 1 and 2 doesn’t make a EMV capable solution. The Liability Shift is coming in October and we are here to help you prepare. For more answers to your questions, and for information on middleware available to you, please contact Unattended Card Payments Inc. at (702) 802-3504 or by emailing This email address is being protected from spambots. You need JavaScript enabled to view it.

Continue reading
Last modified on
Hits: 1168
0
28
Jul
0

Creditcall and Discover Expand Diners Card Acceptance

Posted by on in Uncategorised

b2ap3_thumbnail_03_bsm_emv_smbmerchants_pic.jpg

RIVERWOODS, Ill. & NEW YORK--(BUSINESS WIRE)--Creditcall, a payment gateway provider and EMV migration specialist, and Diners Club International, a business unit of Discover Financial Services and part of the Discover Global Network have announced a signed agreement that will expand the acceptance of Discover and Diners Club cards worldwide.

“This agreement will increase the number of merchants that card members have access to in over 30 countries.”

This agreement is part of Discover Global Network’s overall strategy to partner with key payment solution providers, such as Creditcall, to help drive increased Discover and Diners Club card acceptance. The agreement also means that Creditcall will, as standard, certify new solutions for Discover across future processor certifications, widening the reach of card acceptance for both parties. Creditcall is a leader in a number of sectors – from transportation ticketing and parking to vending, retail and hospitality. Some of the largest UK transit system providers - such as Atos and Cubic, already use Creditcall’s payment gateway.

“Working with Creditcall is an important step in securing card acceptance at merchants around the globe,” said Gerry Wagner, vice president, Discover Global Network. “This agreement will increase the number of merchants that card members have access to in over 30 countries.”

Discover Global Network is the third largest payments network in the world and the largest merchant acceptance network in Asia-Pacific. With more than 30 million merchant acceptance locations and one million ATM and cash access locations across 185 countries and territories, Discover Global Network includes Discover, Diners Club International, PULSE and affiliated networks.

Creditcall’s range of payment solutions includes in-store, online and mobile card payment acceptance as well as products to simplify and speed up EMV migration, helping countries transition from magnetic stripe card acceptance to the Chip and PIN. Creditcall works across a range of industries where secure, reliable and trusted payment capabilities are essential, including parking, vending, transportation, hospitality and retail.

“Creditcall is pleased to be strengthening its relationship with Discover through this joint initiative which benefits Creditcall’s past, present and future customers, giving them a wider, enhanced offering,” said Sian Bosley, commercial director of Creditcall. “We look forward to working closely with Discover to help expand their card acceptance across Europe. This is a great example of a leading card scheme recognizing that Creditcall is a global leader in the payments industry and can contribute to their success.”

About Creditcall Limited

Creditcall makes card acceptance simple from any device, anywhere. No matter if in retail, hospitality, parking or transportation, our award-winning EMV-ready Payment Gateway and EMV Kernels are at the very heart of our clients’ business. Whether in-store, online or mobile, we ensure payments flow securely, all day, every day.

Creditcall is a global payments service company with offices in North America and Europe. To learn more, visit us at www.creditcall.com or engage with us on Twitter @Creditcall.

Unattended Card Payments

www.ucp-inc.com

"EMV kiosk hardware"

"chip and pin kiosk hardware"

"unattended EMV"

Link to original content: http://www.businesswire.com/news/home/20150728005138/en/Discover-Global-Network-Partners-Creditcall-Corporation-Expand#.VbfxTWCslPQ

Continue reading
Last modified on
Hits: 1065
0
20
May
0

Fully-integrated or Semi-integrated? What is the difference?

Posted by on in Uncategorised

b2ap3_thumbnail_UCP-logo.png

I found myself writing this rather lengthy answer to a question posed by a potential client and thought I should share it.

Because this was originally written as an email, please accept it as more of a discussion, and less of a formal piece of writing. Nevertheless, I hope you find it informative. 

Fully integrated - In this scenario the entire payment system is within the merchants owned and maintained infrastructure. The POS machines, the terminals, the servers, the firewalls, everything. In this scenario the entire system is also within PCI scope. Any change in a part of the system affects the other parts. They are all connected and communicating with each other as a whole point of sale and payment processing environment. Encrypted card holder data and transactional data is being stored on the system, and being sent for processing through their internet connection. Historically to build a fully integrated EMV payment system from scratch you are looking at 12 to 18 months of a qualified person’s time, and likely a few hundred thousand dollars in software development and hardware. If you are a tier one retailer, and you are processing millions of transactions a minute, escaping middleware/gateway fees which are usually assessed on a cents per transaction basis one can see the benefit of building and maintaining a fully integrated system in the long run. So once you have invested all this time and money in building this system, you need to get it certified with a processor. Which will also cost well into the tens of thousands when its all said and done. Furthermore, you are now married to the system you have built, and any changes, even down to the manufacturer and model of the terminal will cause a ripple effect, and the system will have to be re-evaluated and re-certified. Independent of changes to the initial architecture you built the system on, it is a full time job to maintain the system and keep it up to date with never ending PCI mandates. An example of that would be the POODLE vulnerability that was recently discovered with SSL connections. Consequently SSL connections were replaced with TLS connections to eliminate that vulnerability. You can see how maintaining a fully integrated system would be a full time job.
 
Semi-integrated - In this scenario you have partitioned the POS or kiosk application in a way. By using a gateway/middleware allowing the terminal to talk directly to the gateway switch through either an isolated software agent on the host PC, or through a dedicated secure connection, the only real surface area that is in PCI scope is the SDK you have integrated with your application. We are talking about something like .001% PCI security exposure, compared to 100% of a fully integrated solution being in PCI scope. Furthermore, the SDK and its associated gateway switch comply with PCI-DSS standards. So in a semi-integrated scenario you can do a self assessment questionnaire for your attestation of PCI compliance and be done with it in most cases. No encrypted card holder data ever passes through the POS application or is stored anywhere on the system locally. Your application never “sees” any card holder data. Most gateway software also supports tokenization. Tokenization has many uses, but the simplest to understand is recurring billing. The terminal can send the encrypted card data to the gateway which then generates and returns a unique token to the POS/kiosk application. That token can then be used again and again to bill that card. The beauty of tokenization is that a token is worthless to anyone except the gateway that generated it. So even if someone was able to hack into the POS/kiosk application and steal the token, you couldn’t turn it into a fake credit card. It is a totally useless string of numbers that can only be matched up to the card data associated with it at the payment gateway data centers. Data centers which are the gateway partner's responsibility to protect from hackers or physical security threats. Also maintaining and updating the system is their responsibility, so for example when the POODLE vulnerability was identified, Creditcall discontinued support for SSL connections and went to what is now the industry standard (TLS) in a matter of a week or so to let current customers also update to the new more secure connection type on their side. It is their job to maintain and re-certify the system, and run security checks regularly to ensure their customers that card data is protected. A partner like Creditcall also puts a disaster recovery system in place. They have four data centers (two in the US, and two in Europe) that are all set up for system redundancy, ensuring that if a fire breaks out at one data center the other three are there to pick up the slack. This allows them to ensure their customers 99.996% system uptime, and that they can continue processing thousands of transactions a second all around the world. 

 

Unattended Card Payments Inc.

Las Vegas, NV

This email address is being protected from spambots. You need JavaScript enabled to view it.

www.ucp-inc.com

"EMV kiosk hardware"

 

Continue reading
Last modified on
Hits: 4379
0
18
May
0

Why You Need To Talk To SMB Merchants About EMV

Posted by on in Uncategorised

With just four months left until the October 1 liability shift, it’s imperative to help your clients make informed decisions about EMV technology now.

To give VARs some perspective on SMBs’ progress in the transition to EMV-enabled payment technology before the Oct. 1, 2015, liability shift date, BSMinfo.com reported the results of the survey, SMB Preparedness for the Transition to Chip-Based Credit Cards, by Software Advice, a research and reviews website for IT security software. The survey revealed that as of late last year, only 11 percent of SMB merchants had terminals capable of accepting EMV payments made with integrated circuit or “chip” cards to authenticate transactions. The report also included the reasons SMBs hadn’t yet installed EMV terminals: 30 percent said they are unnecessary, 17 percent said they are too expensive, 16 percent said they had no time to research or implement them — and 26 percent said they didn’t know what they are.

At the time the survey was released, there were about 10 months until the October 1 liability shift — when liability for fraudulent payment card transactions shifts to the party with the least EMV-compliant technology. Now, with only a little more than 100 days until that date, your SMB merchant clients might still be in the dark about this impending change.

Business Solutions asked VARs if they’ve seen progress among their SMB clients since the survey — or if 26 percent are still unaware of EMV.

“It’s worse. It’s more like 80 percent here,” says Bob Medina, the owner of Aztec Eagle Systems, a Lawton, OK, VAR. To help change that, Medina provides his SMB clients and prospects with informational handouts and lists of online resources related to EMV. He explains, “If they don’t make the transition, they leave themselves open to fraud with noncompliant devices. Merchants do not understand that the onus is on them if they continue to use noncompliant devices.”

Paul Leduc, president of Globe POS Systems, based in Brampton, Ontario, says he executed a similar strategy prior to the liability shift in Canada in 2011. Of all of the information available to merchants, he boiled it down to two basic points: the liability shift and the security aspects of EMV. “I had a two-page synopsis. I carried it with me, and I left it behind. It’s really all the merchant cared about: the liability shift and security.”

When your conversations with SMBs progress from the liability shift and security to purchasing EMV technology, it’s beneficial to continue to educate your clients. Rob Chilcoat, president of North American operations for Unattended Card Payments, a hardware and payment gateway solutions provider, says, “I find the best way to present value is to explain that these sophisticated pieces of hardware have processors and intelligence of their own, unlike the simple mag stripe readers most automated retailers are used to — which typically just do simple keyboard emulation of the data on the magnetic stripe. EMV terminals, using an application hosted locally on the devices along with encryption keys, secure data at the point of interaction, and send it to the gateway/processor through a secure connection, which is why we call them terminals and not just ‘readers.’”

With merchants aiming to provide the best customer experience to stay competitive, you can also explain to SMBs Subscribe to Business Solutions magazinehow EMV technology can contribute to a positive experience by protecting consumers’ payment cards — and their accounts. Chip cards create a unique transaction code — so if data were stolen, a payment attempted with that one-time code would be denied, and the cards can’t be duplicated.

In addition, says Chilcoat, “With a chip card, the issuing bank can send updates to the card through any EMV-capable terminal. So if a potential breach of that card’s account number had occurred elsewhere, the next time the card is put into a terminal, it can have security updates sent to the chip. The card becomes an active part of monitoring the account for suspicious activity.” For example, if a chip card is used repeatedly in a short period of time at a kiosk that doesn’t require online authorization, the chip can tell the terminal not to accept the next transaction without online approval.

For merchants, having EMV-enabled systems protects them from chargebacks for fraudulent card transactions. Your conversation with an SMB merchant could evolve into a math exercise of how many fraudulent transactions they experience now and how that compares to the cost of upgrading their payment systems. That calculation, however, might not be a good predictor of ROI for some merchants who could see an uptick in fraud after October 1 if they don’t install EMV-compliant solutions.

Patty Walters, SVP of EMV corporate strategy for Vantiv and vice chair of the 2015-16 EMV Migration Forum Steering Committee, urges, “If you serve retail, supermarket, fuel, or drugstore merchants, understand that EMV integration is absolutely critical to protect them.” She explains those merchants — selling gift cards, electronics, or jewelry — will be targets of fraud if they do not have EMV-enabled systems after the transition.

Chris Martyniuk, CTO of etixnow, a provider of e-ticketing solutions, based in Edmonton, Alberta, Canada, adds that beyond saving the cost of chargebacks, you should discuss the other ways EMV can protect your merchant clients. “You cannot put a price on the ability to escape being blamed for fraudulent purchases. The returns are immediate. Reputations are fragile — no merchant can afford to be in that position,” he says.

“When the landscape is split between merchants who accept EMV and those who don’t, customers will gravitate toward those that are perceived to be more secure,” Martyniuk comments. He says, for example, now that Canadian consumers are accustomed to EMV transactions at restaurants with wireless tableside terminals, they “are loath to let their Visas out of their hands in American restaurants, when the server takes the card to swipe.”

“Losing sight of your card feels instantly like, ‘It will be stolen. I will be defrauded.’ The same trend will take hold in the U.S., and merchants without EMV upgrades will be left on the side of mistrust,” Martyniuk says.

Walters stresses that however you want to carry out the EMV conversation with your SMB clients and prospects, definitely and with urgency, start it. “There is absolutely a real need for merchants to protect themselves, and time is of the essence.”

She adds you might not only be helping your clients protect their businesses, but you could be protecting your own: “If a merchant’s legacy solutions provider doesn’t provide EMV solutions, they could reach out to someone else — and that could be a risk to your business.”

 

LINK TO ORIGINAL CONTENT: http://www.bsminfo.com/doc/why-you-need-to-talk-to-smb-merchants-about-emv-today-0001?atc~c=771%20s%3D773%20r%3D001%20l%3Da

Continue reading
Last modified on
Hits: 1739
0
07
May
0

Point to point encryption explained in short video. P2PE and identifying points of vulnerability.

Posted by on in Uncategorised

Watch this short video to understand how point to point encryption (P2PE) safeguards your customer's card data. 

Continue reading
Last modified on
Hits: 1088
0
20
Apr
0

UCP and Creditcall at the NAMA OneShow

Posted by on in Uncategorised

UCP and Creditcall will be in booth #1945 at the NAMA OneShow. The show will be held at the Las Vegas Convention Center April 22nd through April 24th. Stop by to learn more about the payment solutions we can offer your self-service company.  Be ready for the future and the coming EMV liability shift. You can email us at This email address is being protected from spambots. You need JavaScript enabled to view it. or call us at 702-802-3504. We look forward to seeing you there! 

b2ap3_thumbnail_nama_logo.jpg

Continue reading
Last modified on
Hits: 1103
0
23
Mar
0

UCP to attend PIE 2015

Posted by on in Uncategorised
b2ap3_thumbnail_PIE-logo.png
UCP Inc. will be attending the Parking Industry Exhibition (PIE) 2015 in Chicago. Contact us if you will be at the show or in the Chicago area March 29th - 30th and would like to learn more about EMV hardware. We would welcome the opportunity to discuss what the coming EMV liability shift means for your company. Email us at This email address is being protected from spambots. You need JavaScript enabled to view it. or call (702) 802-3504 www.ucp-inc.com
“Chip and PIN kiosk hardware”
Continue reading
Last modified on
Hits: 1055
0
28
Jan
0

Ever Wondered What Happens in the Seconds it Takes to Process a EMV Card Transaction? - Infographic

Posted by on in Uncategorised

In this blog I will outline the steps an EMV card present transaction goes through from start to finish. This excellent infographic does a great job of illustrating all of the steps card issuers and processors have put in place to help fight fraud. Enjoy!

Step 1: Transaction initiated by point-of-sale. This can be done by way of an attendant or by a user at an unattended self-service kiosk.

Step 2: Card inserted into PIN entry device or PED. This is done by the customer at the register or user of the kiosk.

Step 3: Card application is selected. EMV cards can run multiple applications due to the development of a common EMV application identifier (AID) to support routing between the credit and debit networks, as well as PIN and signature networks.

Step 4: Offline card check. This step is used to validate that the card being used is a genuine card.

Step 5: Card holder verification. In a chip and PIN environment the user enters a PIN to authenticate their identity. 

Step 6: Terminal decision. Based on the type of terminal, the installation scenario, and the value of the transaction, the terminal decides if the transaction can be completed offline, or if online authorization with the bank is required.

Step 7: Card decision. In EMV the card ultimately decides whether the transaction should go online or not. It can override the terminals previous decision. Chip cards are active in their own monitoring and can require an online transaction or a PIN entry if it determines that it has been used in a suspicious manner recently.

Step 8: If the transaction goes online a ARQC is generated which is a cryptogram that acts as a digital signature of the authorization request.

Step 9: The processor and acquirer ensures that the encrypted information makes it all the way to the card issuer.

Step 10: The ARQC is verified by the issuer and a risk evaluation is preformed on the transaction.

Step 11: If approved the issuer generates a APRC, which is an encrypted authorization response. 

Step 12: The decision from step 11 is passed all the way back to the terminal and informs it of the decision from the issuer; authorize or decline.

Step 13: At this point any updates the issuer sent along with its decision can be written to the chip negating the need for issuers to send out new cards when updates are needed as previously done with magnetic stripe technology.

Step 14: The user removes the card from the reader and the decision is passed back to the POS or self-service kiosk.

Step 15: The transaction is complete!

b2ap3_thumbnail_Screen-Shot-2015-01-28-at-1.56.04-PM.png

For more information contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or visit us at www.ucp-inc.com

Rob Chilcoat "Chip & PIN kiosk hardware"

Unattended Card Payments Inc.

(702) 802-3504 Tel

Continue reading
Last modified on
Hits: 2901
0
27
Jan
0

Security Concerns Will Dominate Payments Space In 2015

Posted by on in Uncategorised

Security Concerns Will Dominate Payments Space In 2015

 

By Thierry Denis, President, Ingenico Group North America

Payment Security Is Brand Security

Ingenico Group works closely with merchants of all sizes in the U.S., and one of the most frequent questions we get from reseller and managed services partners is, “What is the key concern among your merchant customers that we need to address?”

Without a doubt, that key concern is preventing breaches and protecting consumers’ card data.

There were a multitude of large, well-publicized card data breaches in 2014. Some of that may be the natural consequence of the U.S. being the last developed country in the world relying on mag stripe technology. With the impending October 2015 EMV liability shift coming, at long last U.S. merchants are upgrading their payment infrastructure for chip cards, and that may help stem the tide of card reproduction fraud. But merchants are still very concerned, and are looking to ensure that they’re doing everything they can to protect customers’ data and their own reputations.

Stage Stores is one such merchant. This leading neighborhood retailer delivers brand-name family apparel in 40 states across the U.S. The company has implemented point-to-point encryption (P2PE) for its almost 900 stores. Now customers shopping at Stage Stores’ five brands (Bealls, Goody’s, Palais Royal, Peebles and Stage) will conduct their payment transactions on Ingenico terminals that encrypt from the moment the transaction enters the terminal. Stage Stores CIO Steven Hunter says that securing customers’ information is the company’s #1 priority in 2015.

P2PE and tokenization are the best weapons a merchant has against card fraud. P2PE is about protecting data in flight, and tokenization is about protecting data at rest. Every merchant needs P2PE; most (but not all) need tokenization. We believe that virtually all Tier 1 and 2 merchants will have implemented one or both by the end of 2015. Here’s why:

P2PE: Although chip cards make card cloning very difficult, they do not immediately address card data in flight. P2PE is a security solution that helps protect card data while in transit to the merchant’s processor. In a P2PE environment, card data is encrypted at the point of entry so that raw card data is never exposed to internal systems or legible to would-be criminals. It is not decrypted until it reaches the point of processing. When implemented properly, P2PE can help merchants reduce their PCI DSS scope but more importantly it reduces overall risk — which is why it’s so effective.

A simple concept, yet many merchants did not consider implementing P2PE until recently — when bad publicity over card breaches made it dangerous to ignore. It is also a good insertion point for P2PE as many retailers are analyzing their POS systems and terminals in preparation for EMV acceptance.

Tokenization: In the payments world, tokenization is a solution that replaces a customer’s debit or credit card number with a surrogate value (called a token). The token is returned post authorization by the merchant’s payment processor or transaction service provider. Tokens eliminate the need for merchants to store customer card data in their own systems. Many merchants rely on this data for legitimate business reasons like recurring billing and automated returns, but do not want the risk of stored card data as a consequence. Instead, unique tokens are stored and used in place of a card number to process subsequent transactions. Thus, in the event of a merchant data breach, criminals are not able to access actual card data — just encrypted tokens that are meaningless to any entity except the original card processor.

Tokenization has gained interest recently due to its use in Apple Pay as a security feature that substitutes your actual card number in the iPhone with a token that is used when you present a payment. While many are under the impression that Apple invented tokenization, this is not so. Tokenization has been used in the electronic payment and e-commerce worlds for many years. Apple Pay has brought attention to tokenization, which we believe is a good thing, because now both merchants and cardholders are asking about it.

Most payment solutions vendors and processors offer some flavor of P2PE and/or tokenization, making it easy for you to add them to your portfolio. Look for solutions that are already proven in the field and certified for EMV Level 1 & 2 and PCI PTS 3.0 or higher.

Merchants are actively looking for these technologies — in fact they shouldn’t seriously consider a payment solution that doesn’t incorporate the latest security features. That means resellers and managed service providers need to ensure they can provide it.

Thierry Denis is President of Ingenico North America.  He has 20+ years’ experience in the payments technology space. At Ingenico Group, he works closely with merchants, processors and acquirers to help them implement secure and seamless end-to-end payment solutions.

 

Link to original content: http://www.bsminfo.com/doc/security-concerns-will-dominate-payments-space-in-0001 

Continue reading
Last modified on
Hits: 1118
0
10
Jan
0

How Using an EMV Payment Gateway Saves Time and Money

Posted by on in Uncategorised

How Using an EMV Payment Gateway Saves Time and Money

 
If you are like most self-service kiosk providers EMV has been a hot topic around the office for the last year or so. With the coming liability shift in October 2015 kiosk software providers and kiosk owner/operators are sifting through all the information available online to figure out their best approach to EMV migration. 
 
The two options are fairly straight forward, but what the complexity and cost of the the options are less so. This blog post aims at giving you an understanding of the challenges and benefits of both.
 
The direct integration with a processor/acquiring bank approach:
 
Depending on your business model and operating cash this approach may be suitable for you. If you maintain ownership of all the kiosks in you fleet and want them all to share the same merchant account, a direct integration may work for you. However, if you sell or lease your kiosk solution and intend for your client to own the merchant account associated with the kiosk this may not be the best or most marketable solution. Your clients may want the flexibility to choose the processor they work with. Clients may already have a merchant account with a processor and they would like to add the kiosk to it. With a direct integration your clients won’t have that option and will be required to use the processor or processors you have integrated with. 
 
In addition to the restrictive nature of doing a direct integration with only one or two processors, there is also the time and cost associated with building the solution from scratch. You will need to pick one or more hardware terminals and find a suitable software architect. Programmers capable of creating a custom direct integration do not come cheap. The person you hire or contract to do the work will need to be a PCI and EMV expert. Historically this phase one process will take 3+ months, and come with a price tag well into the tens of thousands of dollars. Phase two involves hiring a third party QSA (Qualified Security Accessor) to evaluate the solution and confirm that it meets current PCI-DSS and PA-DSS requirements. Phase two also comes with a hefty price tag.  After the solution is created and evaluated by a QSA, there still remains the phase three task of certifying your new payment application with each payment device you plan to use, with each of the processors individually. Each processor you plan to integrate with will require their own evaluation and certification, and this too comes with a fee well into the thousands. It is reasonable to expect phase three to take at a minimum three months with each processor. As we approach the EMV liability shift in the US, the queues for certification with the various processors are getting longer and longer. Since most of the processors don’t have their own EMV infrastructure finalized, certifications have not yet begun in most cases. In reality, if you aren’t already engaged in the phase one process you are likely a year or more away from your goal of achieving EMV payment processing. 
 
While evaluating this as your best method of achieving EMV payment processing, you should also keep in mind that your integration will need to be reevaluated and certified every three years. So take everything stated above, “rinse and repeat” every 36 months! 
 
The EMV payment gateway approach:
 
There are a number payment gateway products on the market to choose from. CreditCall offers a processor agnostic, PCI pre-certified solution called ChipDNA that easily integrates with your existing Windows or Linux based application. ChipDNA removes the need to hire or contract a costly software architect who is well versed in PCI and EMV requirements. Their ChipDNA product supports a number of both attended and unattended hardware devices. Using ChipDNA can make your migration to EMV as easy as picking a piece of hardware, integrating the ChipDNA API with your application, and setting up a merchant account. You will never need to worry about re-certifying the solution either. CreditCall re-certifies their solution annually, so you don’t have to. ChipDNA's Terminal Maintenance System (TMS) ensures your terminal is always up to date with the latest PCI requirements. 
 
ChipDNA is integrated with the largest payment processors in North America, giving you and your clients the flexibility to choose the processor that is best for you. ChipDNA’s feature, EMV Easy Start, enables you to deploy EMV ready hardware now, and run transactions via the magnetic stripe reader of the terminal until such time that your chosen processor is ready to begin processing EMV transactions. A simple remote update is all it takes to change the terminal’s default from magnetic stripe to chip, a concept referred to as “EMV future-proofing."
 
With ChipDNA also comes WEBMIS, CreditCall's online account reconciliation portal. Through WEBMIS you can view transactions in real time and create groupings of terminals based on your own criteria. WEBMIS also offers Simple Object Access Protocol (SOAP) which will allow you to port transactional information into a backend accounting section of your application. 
 
Consistent with their culture of innovation, CreditCall announced on January 8th, 2015 that they now provide for download a preview version of their SDK called ChipDNA Lite. You can now try it before you buy it. Using this sample SDK you can begin evaluating how easy they can make your EMV migration. Contact us today to learn more! 
 
Rob Chilcoat
“Chip and PIN Kiosk Hardware”
UCP Inc.
(702) 802-3504 Tel
This email address is being protected from spambots. You need JavaScript enabled to view it.
 
Visit us at NRF! Ingenico booth# 1743.
b2ap3_thumbnail_nrf-big-show2015.png

 

Continue reading
Last modified on
Hits: 2429
0
29
Dec
0

Unattended Card Payments Inc. to attend NRF as Ingenico VAR

Posted by on in Uncategorised

UCP Inc. will be attending the 104th Annual National Retail Federation's "Big Show” as a Value Added Reseller of the Ingenico iSelf product line. We will be in the Ingenico Group booth (#1743). Come by the booth for information on the latest in attended and unattended EMV compliant payment hardware. Let us be your EMV experts and guide you through the complexity of readying your self-service solution before the coming 2015 EMV liability shift. We can offer comprehensive consulting on the hardware and software solutions that best meet your requirements. We can help you reduce the time and cost associated with migrating your solution from traditional magnetic stripe transaction processing to the future of EMV smart card and mobile payment acceptance at self-service kiosks. 

 
UCP’s parent company, Hemisphere West Europe (www.hweurope.com), has been selling EMV compliant unattended payment hardware and gateway services since the adoption of the technology in the UK, and throughout Europe. With a wealth of knowledge and experience stemming from our parent company, UCP is in uniquely positioned to offer advice to US companies looking to future-proof their solutions today for compliance with the coming standards in card holder data security (PCI-DSS). 
 
To set up a time to meet at the show please e-mail This email address is being protected from spambots. You need JavaScript enabled to view it. or call (702) 802-3504.
b2ap3_thumbnail_nrf-big-show2015.png
Continue reading
Last modified on
Hits: 1402
0

Our Partners


Hemisphere West Europe Ltd are specialists in attended and unattended payment solutions for the UK and European markets.

Visit website www.hweurope.com

Contact Us

6655 South Tenaya Way Suite #180
    Las Vegas, Nevada 89113

Tel: 702 – 802 – 3504

E-mail: Send Inquiry

Sales Inquiries: Rob Chilcoat

Tel Office: 702 – 802 – 3504
    Cell: 619-964-3596