UCP-Inc

Unattended Card Payments Inc. (UCP Inc.) is dedicated to providing EMV compliant Hardware and Payment Gateway solutions for Unattended card payment terminals in the North American market.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

Uncategorised

28
Jan
0

Ever Wondered What Happens in the Seconds it Takes to Process a EMV Card Transaction? - Infographic

Posted by on in Uncategorised

In this blog I will outline the steps an EMV card present transaction goes through from start to finish. This excellent infographic does a great job of illustrating all of the steps card issuers and processors have put in place to help fight fraud. Enjoy!

Step 1: Transaction initiated by point-of-sale. This can be done by way of an attendant or by a user at an unattended self-service kiosk.

Step 2: Card inserted into PIN entry device or PED. This is done by the customer at the register or user of the kiosk.

Step 3: Card application is selected. EMV cards can run multiple applications due to the development of a common EMV application identifier (AID) to support routing between the credit and debit networks, as well as PIN and signature networks.

Step 4: Offline card check. This step is used to validate that the card being used is a genuine card.

Step 5: Card holder verification. In a chip and PIN environment the user enters a PIN to authenticate their identity. 

Step 6: Terminal decision. Based on the type of terminal, the installation scenario, and the value of the transaction, the terminal decides if the transaction can be completed offline, or if online authorization with the bank is required.

Step 7: Card decision. In EMV the card ultimately decides whether the transaction should go online or not. It can override the terminals previous decision. Chip cards are active in their own monitoring and can require an online transaction or a PIN entry if it determines that it has been used in a suspicious manner recently.

Step 8: If the transaction goes online a ARQC is generated which is a cryptogram that acts as a digital signature of the authorization request.

Step 9: The processor and acquirer ensures that the encrypted information makes it all the way to the card issuer.

Step 10: The ARQC is verified by the issuer and a risk evaluation is preformed on the transaction.

Step 11: If approved the issuer generates a APRC, which is an encrypted authorization response. 

Step 12: The decision from step 11 is passed all the way back to the terminal and informs it of the decision from the issuer; authorize or decline.

Step 13: At this point any updates the issuer sent along with its decision can be written to the chip negating the need for issuers to send out new cards when updates are needed as previously done with magnetic stripe technology.

Step 14: The user removes the card from the reader and the decision is passed back to the POS or self-service kiosk.

Step 15: The transaction is complete!

b2ap3_thumbnail_Screen-Shot-2015-01-28-at-1.56.04-PM.png

For more information contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or visit us at www.ucp-inc.com

Rob Chilcoat "Chip & PIN kiosk hardware"

Unattended Card Payments Inc.

(702) 802-3504 Tel

Continue reading
Last modified on
Hits: 3814
0
27
Jan
0

Security Concerns Will Dominate Payments Space In 2015

Posted by on in Uncategorised

Security Concerns Will Dominate Payments Space In 2015

 

By Thierry Denis, President, Ingenico Group North America

Payment Security Is Brand Security

Ingenico Group works closely with merchants of all sizes in the U.S., and one of the most frequent questions we get from reseller and managed services partners is, “What is the key concern among your merchant customers that we need to address?”

Without a doubt, that key concern is preventing breaches and protecting consumers’ card data.

There were a multitude of large, well-publicized card data breaches in 2014. Some of that may be the natural consequence of the U.S. being the last developed country in the world relying on mag stripe technology. With the impending October 2015 EMV liability shift coming, at long last U.S. merchants are upgrading their payment infrastructure for chip cards, and that may help stem the tide of card reproduction fraud. But merchants are still very concerned, and are looking to ensure that they’re doing everything they can to protect customers’ data and their own reputations.

Stage Stores is one such merchant. This leading neighborhood retailer delivers brand-name family apparel in 40 states across the U.S. The company has implemented point-to-point encryption (P2PE) for its almost 900 stores. Now customers shopping at Stage Stores’ five brands (Bealls, Goody’s, Palais Royal, Peebles and Stage) will conduct their payment transactions on Ingenico terminals that encrypt from the moment the transaction enters the terminal. Stage Stores CIO Steven Hunter says that securing customers’ information is the company’s #1 priority in 2015.

P2PE and tokenization are the best weapons a merchant has against card fraud. P2PE is about protecting data in flight, and tokenization is about protecting data at rest. Every merchant needs P2PE; most (but not all) need tokenization. We believe that virtually all Tier 1 and 2 merchants will have implemented one or both by the end of 2015. Here’s why:

P2PE: Although chip cards make card cloning very difficult, they do not immediately address card data in flight. P2PE is a security solution that helps protect card data while in transit to the merchant’s processor. In a P2PE environment, card data is encrypted at the point of entry so that raw card data is never exposed to internal systems or legible to would-be criminals. It is not decrypted until it reaches the point of processing. When implemented properly, P2PE can help merchants reduce their PCI DSS scope but more importantly it reduces overall risk — which is why it’s so effective.

A simple concept, yet many merchants did not consider implementing P2PE until recently — when bad publicity over card breaches made it dangerous to ignore. It is also a good insertion point for P2PE as many retailers are analyzing their POS systems and terminals in preparation for EMV acceptance.

Tokenization: In the payments world, tokenization is a solution that replaces a customer’s debit or credit card number with a surrogate value (called a token). The token is returned post authorization by the merchant’s payment processor or transaction service provider. Tokens eliminate the need for merchants to store customer card data in their own systems. Many merchants rely on this data for legitimate business reasons like recurring billing and automated returns, but do not want the risk of stored card data as a consequence. Instead, unique tokens are stored and used in place of a card number to process subsequent transactions. Thus, in the event of a merchant data breach, criminals are not able to access actual card data — just encrypted tokens that are meaningless to any entity except the original card processor.

Tokenization has gained interest recently due to its use in Apple Pay as a security feature that substitutes your actual card number in the iPhone with a token that is used when you present a payment. While many are under the impression that Apple invented tokenization, this is not so. Tokenization has been used in the electronic payment and e-commerce worlds for many years. Apple Pay has brought attention to tokenization, which we believe is a good thing, because now both merchants and cardholders are asking about it.

Most payment solutions vendors and processors offer some flavor of P2PE and/or tokenization, making it easy for you to add them to your portfolio. Look for solutions that are already proven in the field and certified for EMV Level 1 & 2 and PCI PTS 3.0 or higher.

Merchants are actively looking for these technologies — in fact they shouldn’t seriously consider a payment solution that doesn’t incorporate the latest security features. That means resellers and managed service providers need to ensure they can provide it.

Thierry Denis is President of Ingenico North America.  He has 20+ years’ experience in the payments technology space. At Ingenico Group, he works closely with merchants, processors and acquirers to help them implement secure and seamless end-to-end payment solutions.

 

Link to original content: http://www.bsminfo.com/doc/security-concerns-will-dominate-payments-space-in-0001 

Continue reading
Last modified on
Hits: 1667
0
10
Jan
0

How Using an EMV Payment Gateway Saves Time and Money

Posted by on in Uncategorised

How Using an EMV Payment Gateway Saves Time and Money

 
If you are like most self-service kiosk providers EMV has been a hot topic around the office for the last year or so. With the coming liability shift in October 2015 kiosk software providers and kiosk owner/operators are sifting through all the information available online to figure out their best approach to EMV migration. 
 
The two options are fairly straight forward, but what the complexity and cost of the the options are less so. This blog post aims at giving you an understanding of the challenges and benefits of both.
 
The direct integration with a processor/acquiring bank approach:
 
Depending on your business model and operating cash this approach may be suitable for you. If you maintain ownership of all the kiosks in you fleet and want them all to share the same merchant account, a direct integration may work for you. However, if you sell or lease your kiosk solution and intend for your client to own the merchant account associated with the kiosk this may not be the best or most marketable solution. Your clients may want the flexibility to choose the processor they work with. Clients may already have a merchant account with a processor and they would like to add the kiosk to it. With a direct integration your clients won’t have that option and will be required to use the processor or processors you have integrated with. 
 
In addition to the restrictive nature of doing a direct integration with only one or two processors, there is also the time and cost associated with building the solution from scratch. You will need to pick one or more hardware terminals and find a suitable software architect. Programmers capable of creating a custom direct integration do not come cheap. The person you hire or contract to do the work will need to be a PCI and EMV expert. Historically this phase one process will take 3+ months, and come with a price tag well into the tens of thousands of dollars. Phase two involves hiring a third party QSA (Qualified Security Accessor) to evaluate the solution and confirm that it meets current PCI-DSS and PA-DSS requirements. Phase two also comes with a hefty price tag.  After the solution is created and evaluated by a QSA, there still remains the phase three task of certifying your new payment application with each payment device you plan to use, with each of the processors individually. Each processor you plan to integrate with will require their own evaluation and certification, and this too comes with a fee well into the thousands. It is reasonable to expect phase three to take at a minimum three months with each processor. As we approach the EMV liability shift in the US, the queues for certification with the various processors are getting longer and longer. Since most of the processors don’t have their own EMV infrastructure finalized, certifications have not yet begun in most cases. In reality, if you aren’t already engaged in the phase one process you are likely a year or more away from your goal of achieving EMV payment processing. 
 
While evaluating this as your best method of achieving EMV payment processing, you should also keep in mind that your integration will need to be reevaluated and certified every three years. So take everything stated above, “rinse and repeat” every 36 months! 
 
The EMV payment gateway approach:
 
There are a number payment gateway products on the market to choose from. CreditCall offers a processor agnostic, PCI pre-certified solution called ChipDNA that easily integrates with your existing Windows or Linux based application. ChipDNA removes the need to hire or contract a costly software architect who is well versed in PCI and EMV requirements. Their ChipDNA product supports a number of both attended and unattended hardware devices. Using ChipDNA can make your migration to EMV as easy as picking a piece of hardware, integrating the ChipDNA API with your application, and setting up a merchant account. You will never need to worry about re-certifying the solution either. CreditCall re-certifies their solution annually, so you don’t have to. ChipDNA's Terminal Maintenance System (TMS) ensures your terminal is always up to date with the latest PCI requirements. 
 
ChipDNA is integrated with the largest payment processors in North America, giving you and your clients the flexibility to choose the processor that is best for you. ChipDNA’s feature, EMV Easy Start, enables you to deploy EMV ready hardware now, and run transactions via the magnetic stripe reader of the terminal until such time that your chosen processor is ready to begin processing EMV transactions. A simple remote update is all it takes to change the terminal’s default from magnetic stripe to chip, a concept referred to as “EMV future-proofing."
 
With ChipDNA also comes WEBMIS, CreditCall's online account reconciliation portal. Through WEBMIS you can view transactions in real time and create groupings of terminals based on your own criteria. WEBMIS also offers Simple Object Access Protocol (SOAP) which will allow you to port transactional information into a backend accounting section of your application. 
 
Consistent with their culture of innovation, CreditCall announced on January 8th, 2015 that they now provide for download a preview version of their SDK called ChipDNA Lite. You can now try it before you buy it. Using this sample SDK you can begin evaluating how easy they can make your EMV migration. Contact us today to learn more! 
 
Rob Chilcoat
“Chip and PIN Kiosk Hardware”
UCP Inc.
(702) 802-3504 Tel
This email address is being protected from spambots. You need JavaScript enabled to view it.
 
Visit us at NRF! Ingenico booth# 1743.
b2ap3_thumbnail_nrf-big-show2015.png

 

Continue reading
Last modified on
Hits: 3453
0
29
Dec
0

Unattended Card Payments Inc. to attend NRF as Ingenico VAR

Posted by on in Uncategorised

UCP Inc. will be attending the 104th Annual National Retail Federation's "Big Show” as a Value Added Reseller of the Ingenico iSelf product line. We will be in the Ingenico Group booth (#1743). Come by the booth for information on the latest in attended and unattended EMV compliant payment hardware. Let us be your EMV experts and guide you through the complexity of readying your self-service solution before the coming 2015 EMV liability shift. We can offer comprehensive consulting on the hardware and software solutions that best meet your requirements. We can help you reduce the time and cost associated with migrating your solution from traditional magnetic stripe transaction processing to the future of EMV smart card and mobile payment acceptance at self-service kiosks. 

 
UCP’s parent company, Hemisphere West Europe (www.hweurope.com), has been selling EMV compliant unattended payment hardware and gateway services since the adoption of the technology in the UK, and throughout Europe. With a wealth of knowledge and experience stemming from our parent company, UCP is in uniquely positioned to offer advice to US companies looking to future-proof their solutions today for compliance with the coming standards in card holder data security (PCI-DSS). 
 
To set up a time to meet at the show please e-mail This email address is being protected from spambots. You need JavaScript enabled to view it. or call (702) 802-3504.
b2ap3_thumbnail_nrf-big-show2015.png
Continue reading
Last modified on
Hits: 1981
0
02
Dec
0

EMV on CBS 60 Minutes

Posted by on in Uncategorised

Last night on 60 Minutes there was a segment on credit card fraud in America. The news segment included interviews with some interesting industry professionals. The first interview was with Dave Dewalt, CEO of FireEye. Mr. Dewalt said that 97% of companies experience security breaches. I don’t believe that the security breaches Mr. Dewalt is talking about in this statistic are solely financial in nature. However it does make one stop and think about securing card holder data. Breaches of this variety cary penalties in the millions, and also represents a significant financial burden to card issuing banks as well. Mr. Dewalt also confirms a statement by the interviewer, Bill Whitaker, that the average time between infection and detection of malicious software on company networks is 229 days! FireEye is an interesting cyber security company worth checking out; if even only for the  live Cyber Threat Map on their homepage. (www.fireeye.com

 
Brian Kerbs was also interviewed for the segment. He writes a cyber security blog read by many professionals within the financial arena. (www.kerbsonsecurity.com) A part of what Mr. Kerbs does is search the dark corners of the internet where batches of credit card data called “dumps" are available for purchase. He often is the first one aware of security breaches and has alerted many companies to breaches that had gone undetected. Using these dumps and some fairly accessible card stock, and printing/encoding hardware, a person with some intermediate computer skills would have all they need to start swiping and signing on a victim's account.
 
Another interesting contributor to the segment was Mallory Duncan, Sr. VP and General Council, at the National Retail Federation. (www.nrf.com) His comments went right to the heart of the problem for retail merchants and issuing banks. He can be quoted as saying that our current magnetic stripe cards are the “underlying problem,” and that they are “fundamentally fraud prone.” The light at the end of the tunnel for banks and merchants is the EMV chip card. Finally, because of newer cryptography methods, and the inclusion of a more secure card holder verification method; it will be nearly impossible for cyber thieves to breach networks and steal usable data to the extent they are now. The biggest benefit to the bank that issued the card is that updates can be sent to the chip on the card every time it is inserted into a terminal. The ability to update user’s cards in this fashion does away with the financial and logistical hardship of having to send out new magnetic stripe cards every time a possible breach occurs. 
 
We have seen what implementing EMV in other regions of the world has done to fight fraud. This time next year it will be interesting to see how the number of fraudulent transactions and breaches involving stolen credit card data stacks up against 2014’s numbers. 
 
The entire 60 Minutes segment and transcript can be viewed here.
b2ap3_thumbnail_60-minutes-logo-575x276.jpg
Continue reading
Last modified on
Hits: 5838
0

Our Partners


Hemisphere West Europe Ltd are specialists in attended and unattended payment solutions for the UK and European markets.

Visit website www.hweurope.com

Contact Us

6655 South Tenaya Way Suite #180
    Las Vegas, Nevada 89113

Tel: 702 – 802 – 3504

E-mail: Send Inquiry