UCP-Inc

Unattended Card Payments Inc. (UCP Inc.) is dedicated to providing EMV compliant Hardware and Payment Gateway solutions for Unattended card payment terminals in the North American market.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Subscribe to this list via RSS Blog posts tagged in payment gateway
01
Sep
0

What Is EMV Quick Chip?

Posted by on in Uncategorised

b2ap3_thumbnail_Quick-Chip-image.jpg

What Is Quick Chip?

In the US, the switch over to EMV chip technology has been sluggish. The main complaint from customers and merchants alike is that chip card transactions are too slow. The average transaction with a chip card has always been several seconds longer than the 2 seconds it takes to perform a mag stripe transaction, which can seem like an eternity for a customer in line or for a cashier with a long line of people. This slower card transaction is mostly because the EMV standardization was pushed along by the card issuers (Visa, Mastercard, etc.) whose primary objective was security, not taking into account how transaction speed would affect businesses. Quick chip technology was developed to help merchants ease customer frustration and improve customer experience during check out.

Quick chip is nothing more than a software update and it is free of charge to payment processors, acquiring banks, and other payment service providers.It only requires a simple software update on the merchant’s terminal or POS system, so merchants who are already EMV compliant can upgrade in no time.

How does the quick chip technology work? When using a terminal that has the quick chip update, the customer will insert their chip card for a couple seconds and the POS system will retain the chip data for use when it requests an authorization. Since the chip data is being read and held in the terminal prior to the authorization request’s transmission for processing, the user can remove the card before the transaction is complete. When the final sale amount is known the terminal will build the authorization request and quickly finalize the sale. Quick chip technology is facilitating a quicker adoption of EMV technology by both merchants and consumers.

 

Below are links to each of the card issuers websites where you can learn more about the quick chip implementation process.

 

·         American Express Quick Chip

·         Discover Quick Chip

·         MasterCard M/Chip Fast

·         Visa Quick Chip

 

If you have questions or would like to learn more about your options in accepting EMV payments just call us at 702-802—3504 or email This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Unattended Card Payments Inc.

6655 S. Tenaya Way #180

 

Las Vegas, NV 89113

Continue reading
Last modified on
Hits: 82
0
20
May
0

Fully-integrated or Semi-integrated? What is the difference?

Posted by on in Uncategorised

b2ap3_thumbnail_UCP-logo.png

I found myself writing this rather lengthy answer to a question posed by a potential client and thought I should share it.

Because this was originally written as an email, please accept it as more of a discussion, and less of a formal piece of writing. Nevertheless, I hope you find it informative. 

Fully integrated - In this scenario the entire payment system is within the merchants owned and maintained infrastructure. The POS machines, the terminals, the servers, the firewalls, everything. In this scenario the entire system is also within PCI scope. Any change in a part of the system affects the other parts. They are all connected and communicating with each other as a whole point of sale and payment processing environment. Encrypted card holder data and transactional data is being stored on the system, and being sent for processing through their internet connection. Historically to build a fully integrated EMV payment system from scratch you are looking at 12 to 18 months of a qualified person’s time, and likely a few hundred thousand dollars in software development and hardware. If you are a tier one retailer, and you are processing millions of transactions a minute, escaping middleware/gateway fees which are usually assessed on a cents per transaction basis one can see the benefit of building and maintaining a fully integrated system in the long run. So once you have invested all this time and money in building this system, you need to get it certified with a processor. Which will also cost well into the tens of thousands when its all said and done. Furthermore, you are now married to the system you have built, and any changes, even down to the manufacturer and model of the terminal will cause a ripple effect, and the system will have to be re-evaluated and re-certified. Independent of changes to the initial architecture you built the system on, it is a full time job to maintain the system and keep it up to date with never ending PCI mandates. An example of that would be the POODLE vulnerability that was recently discovered with SSL connections. Consequently SSL connections were replaced with TLS connections to eliminate that vulnerability. You can see how maintaining a fully integrated system would be a full time job.
 
Semi-integrated - In this scenario you have partitioned the POS or kiosk application in a way. By using a gateway/middleware allowing the terminal to talk directly to the gateway switch through either an isolated software agent on the host PC, or through a dedicated secure connection, the only real surface area that is in PCI scope is the SDK you have integrated with your application. We are talking about something like .001% PCI security exposure, compared to 100% of a fully integrated solution being in PCI scope. Furthermore, the SDK and its associated gateway switch comply with PCI-DSS standards. So in a semi-integrated scenario you can do a self assessment questionnaire for your attestation of PCI compliance and be done with it in most cases. No encrypted card holder data ever passes through the POS application or is stored anywhere on the system locally. Your application never “sees” any card holder data. Most gateway software also supports tokenization. Tokenization has many uses, but the simplest to understand is recurring billing. The terminal can send the encrypted card data to the gateway which then generates and returns a unique token to the POS/kiosk application. That token can then be used again and again to bill that card. The beauty of tokenization is that a token is worthless to anyone except the gateway that generated it. So even if someone was able to hack into the POS/kiosk application and steal the token, you couldn’t turn it into a fake credit card. It is a totally useless string of numbers that can only be matched up to the card data associated with it at the payment gateway data centers. Data centers which are the gateway partner's responsibility to protect from hackers or physical security threats. Also maintaining and updating the system is their responsibility, so for example when the POODLE vulnerability was identified, Creditcall discontinued support for SSL connections and went to what is now the industry standard (TLS) in a matter of a week or so to let current customers also update to the new more secure connection type on their side. It is their job to maintain and re-certify the system, and run security checks regularly to ensure their customers that card data is protected. A partner like Creditcall also puts a disaster recovery system in place. They have four data centers (two in the US, and two in Europe) that are all set up for system redundancy, ensuring that if a fire breaks out at one data center the other three are there to pick up the slack. This allows them to ensure their customers 99.996% system uptime, and that they can continue processing thousands of transactions a second all around the world. 

 

Unattended Card Payments Inc.

Las Vegas, NV

This email address is being protected from spambots. You need JavaScript enabled to view it.

www.ucp-inc.com

"EMV kiosk hardware"

 

Continue reading
Last modified on
Hits: 4974
0
18
May
0

Why You Need To Talk To SMB Merchants About EMV

Posted by on in Uncategorised

With just four months left until the October 1 liability shift, it’s imperative to help your clients make informed decisions about EMV technology now.

To give VARs some perspective on SMBs’ progress in the transition to EMV-enabled payment technology before the Oct. 1, 2015, liability shift date, BSMinfo.com reported the results of the survey, SMB Preparedness for the Transition to Chip-Based Credit Cards, by Software Advice, a research and reviews website for IT security software. The survey revealed that as of late last year, only 11 percent of SMB merchants had terminals capable of accepting EMV payments made with integrated circuit or “chip” cards to authenticate transactions. The report also included the reasons SMBs hadn’t yet installed EMV terminals: 30 percent said they are unnecessary, 17 percent said they are too expensive, 16 percent said they had no time to research or implement them — and 26 percent said they didn’t know what they are.

At the time the survey was released, there were about 10 months until the October 1 liability shift — when liability for fraudulent payment card transactions shifts to the party with the least EMV-compliant technology. Now, with only a little more than 100 days until that date, your SMB merchant clients might still be in the dark about this impending change.

Business Solutions asked VARs if they’ve seen progress among their SMB clients since the survey — or if 26 percent are still unaware of EMV.

“It’s worse. It’s more like 80 percent here,” says Bob Medina, the owner of Aztec Eagle Systems, a Lawton, OK, VAR. To help change that, Medina provides his SMB clients and prospects with informational handouts and lists of online resources related to EMV. He explains, “If they don’t make the transition, they leave themselves open to fraud with noncompliant devices. Merchants do not understand that the onus is on them if they continue to use noncompliant devices.”

Paul Leduc, president of Globe POS Systems, based in Brampton, Ontario, says he executed a similar strategy prior to the liability shift in Canada in 2011. Of all of the information available to merchants, he boiled it down to two basic points: the liability shift and the security aspects of EMV. “I had a two-page synopsis. I carried it with me, and I left it behind. It’s really all the merchant cared about: the liability shift and security.”

When your conversations with SMBs progress from the liability shift and security to purchasing EMV technology, it’s beneficial to continue to educate your clients. Rob Chilcoat, president of North American operations for Unattended Card Payments, a hardware and payment gateway solutions provider, says, “I find the best way to present value is to explain that these sophisticated pieces of hardware have processors and intelligence of their own, unlike the simple mag stripe readers most automated retailers are used to — which typically just do simple keyboard emulation of the data on the magnetic stripe. EMV terminals, using an application hosted locally on the devices along with encryption keys, secure data at the point of interaction, and send it to the gateway/processor through a secure connection, which is why we call them terminals and not just ‘readers.’”

With merchants aiming to provide the best customer experience to stay competitive, you can also explain to SMBs Subscribe to Business Solutions magazinehow EMV technology can contribute to a positive experience by protecting consumers’ payment cards — and their accounts. Chip cards create a unique transaction code — so if data were stolen, a payment attempted with that one-time code would be denied, and the cards can’t be duplicated.

In addition, says Chilcoat, “With a chip card, the issuing bank can send updates to the card through any EMV-capable terminal. So if a potential breach of that card’s account number had occurred elsewhere, the next time the card is put into a terminal, it can have security updates sent to the chip. The card becomes an active part of monitoring the account for suspicious activity.” For example, if a chip card is used repeatedly in a short period of time at a kiosk that doesn’t require online authorization, the chip can tell the terminal not to accept the next transaction without online approval.

For merchants, having EMV-enabled systems protects them from chargebacks for fraudulent card transactions. Your conversation with an SMB merchant could evolve into a math exercise of how many fraudulent transactions they experience now and how that compares to the cost of upgrading their payment systems. That calculation, however, might not be a good predictor of ROI for some merchants who could see an uptick in fraud after October 1 if they don’t install EMV-compliant solutions.

Patty Walters, SVP of EMV corporate strategy for Vantiv and vice chair of the 2015-16 EMV Migration Forum Steering Committee, urges, “If you serve retail, supermarket, fuel, or drugstore merchants, understand that EMV integration is absolutely critical to protect them.” She explains those merchants — selling gift cards, electronics, or jewelry — will be targets of fraud if they do not have EMV-enabled systems after the transition.

Chris Martyniuk, CTO of etixnow, a provider of e-ticketing solutions, based in Edmonton, Alberta, Canada, adds that beyond saving the cost of chargebacks, you should discuss the other ways EMV can protect your merchant clients. “You cannot put a price on the ability to escape being blamed for fraudulent purchases. The returns are immediate. Reputations are fragile — no merchant can afford to be in that position,” he says.

“When the landscape is split between merchants who accept EMV and those who don’t, customers will gravitate toward those that are perceived to be more secure,” Martyniuk comments. He says, for example, now that Canadian consumers are accustomed to EMV transactions at restaurants with wireless tableside terminals, they “are loath to let their Visas out of their hands in American restaurants, when the server takes the card to swipe.”

“Losing sight of your card feels instantly like, ‘It will be stolen. I will be defrauded.’ The same trend will take hold in the U.S., and merchants without EMV upgrades will be left on the side of mistrust,” Martyniuk says.

Walters stresses that however you want to carry out the EMV conversation with your SMB clients and prospects, definitely and with urgency, start it. “There is absolutely a real need for merchants to protect themselves, and time is of the essence.”

She adds you might not only be helping your clients protect their businesses, but you could be protecting your own: “If a merchant’s legacy solutions provider doesn’t provide EMV solutions, they could reach out to someone else — and that could be a risk to your business.”

 

LINK TO ORIGINAL CONTENT: http://www.bsminfo.com/doc/why-you-need-to-talk-to-smb-merchants-about-emv-today-0001?atc~c=771%20s%3D773%20r%3D001%20l%3Da

Continue reading
Last modified on
Hits: 1884
0
07
May
0

Point to point encryption explained in short video. P2PE and identifying points of vulnerability.

Posted by on in Uncategorised

Watch this short video to understand how point to point encryption (P2PE) safeguards your customer's card data. 

Continue reading
Last modified on
Hits: 1175
0
10
Jan
0

How Using an EMV Payment Gateway Saves Time and Money

Posted by on in Uncategorised

How Using an EMV Payment Gateway Saves Time and Money

 
If you are like most self-service kiosk providers EMV has been a hot topic around the office for the last year or so. With the coming liability shift in October 2015 kiosk software providers and kiosk owner/operators are sifting through all the information available online to figure out their best approach to EMV migration. 
 
The two options are fairly straight forward, but what the complexity and cost of the the options are less so. This blog post aims at giving you an understanding of the challenges and benefits of both.
 
The direct integration with a processor/acquiring bank approach:
 
Depending on your business model and operating cash this approach may be suitable for you. If you maintain ownership of all the kiosks in you fleet and want them all to share the same merchant account, a direct integration may work for you. However, if you sell or lease your kiosk solution and intend for your client to own the merchant account associated with the kiosk this may not be the best or most marketable solution. Your clients may want the flexibility to choose the processor they work with. Clients may already have a merchant account with a processor and they would like to add the kiosk to it. With a direct integration your clients won’t have that option and will be required to use the processor or processors you have integrated with. 
 
In addition to the restrictive nature of doing a direct integration with only one or two processors, there is also the time and cost associated with building the solution from scratch. You will need to pick one or more hardware terminals and find a suitable software architect. Programmers capable of creating a custom direct integration do not come cheap. The person you hire or contract to do the work will need to be a PCI and EMV expert. Historically this phase one process will take 3+ months, and come with a price tag well into the tens of thousands of dollars. Phase two involves hiring a third party QSA (Qualified Security Accessor) to evaluate the solution and confirm that it meets current PCI-DSS and PA-DSS requirements. Phase two also comes with a hefty price tag.  After the solution is created and evaluated by a QSA, there still remains the phase three task of certifying your new payment application with each payment device you plan to use, with each of the processors individually. Each processor you plan to integrate with will require their own evaluation and certification, and this too comes with a fee well into the thousands. It is reasonable to expect phase three to take at a minimum three months with each processor. As we approach the EMV liability shift in the US, the queues for certification with the various processors are getting longer and longer. Since most of the processors don’t have their own EMV infrastructure finalized, certifications have not yet begun in most cases. In reality, if you aren’t already engaged in the phase one process you are likely a year or more away from your goal of achieving EMV payment processing. 
 
While evaluating this as your best method of achieving EMV payment processing, you should also keep in mind that your integration will need to be reevaluated and certified every three years. So take everything stated above, “rinse and repeat” every 36 months! 
 
The EMV payment gateway approach:
 
There are a number payment gateway products on the market to choose from. CreditCall offers a processor agnostic, PCI pre-certified solution called ChipDNA that easily integrates with your existing Windows or Linux based application. ChipDNA removes the need to hire or contract a costly software architect who is well versed in PCI and EMV requirements. Their ChipDNA product supports a number of both attended and unattended hardware devices. Using ChipDNA can make your migration to EMV as easy as picking a piece of hardware, integrating the ChipDNA API with your application, and setting up a merchant account. You will never need to worry about re-certifying the solution either. CreditCall re-certifies their solution annually, so you don’t have to. ChipDNA's Terminal Maintenance System (TMS) ensures your terminal is always up to date with the latest PCI requirements. 
 
ChipDNA is integrated with the largest payment processors in North America, giving you and your clients the flexibility to choose the processor that is best for you. ChipDNA’s feature, EMV Easy Start, enables you to deploy EMV ready hardware now, and run transactions via the magnetic stripe reader of the terminal until such time that your chosen processor is ready to begin processing EMV transactions. A simple remote update is all it takes to change the terminal’s default from magnetic stripe to chip, a concept referred to as “EMV future-proofing."
 
With ChipDNA also comes WEBMIS, CreditCall's online account reconciliation portal. Through WEBMIS you can view transactions in real time and create groupings of terminals based on your own criteria. WEBMIS also offers Simple Object Access Protocol (SOAP) which will allow you to port transactional information into a backend accounting section of your application. 
 
Consistent with their culture of innovation, CreditCall announced on January 8th, 2015 that they now provide for download a preview version of their SDK called ChipDNA Lite. You can now try it before you buy it. Using this sample SDK you can begin evaluating how easy they can make your EMV migration. Contact us today to learn more! 
 
Rob Chilcoat
“Chip and PIN Kiosk Hardware”
UCP Inc.
(702) 802-3504 Tel
This email address is being protected from spambots. You need JavaScript enabled to view it.
 
Visit us at NRF! Ingenico booth# 1743.
b2ap3_thumbnail_nrf-big-show2015.png

 

Continue reading
Last modified on
Hits: 2620
0

Our Partners


Hemisphere West Europe Ltd are specialists in attended and unattended payment solutions for the UK and European markets.

Visit website www.hweurope.com

Contact Us

6655 South Tenaya Way Suite #180
    Las Vegas, Nevada 89113

Tel: 702 – 802 – 3504

E-mail: Send Inquiry

Sales Inquiries: Rob Chilcoat

Tel Office: 702 – 802 – 3504
    Cell: 619-964-3596