Ingenico ISC 250 PCI PTS v3 and v4 End of Life

Ingenico announced end of life for the ISC 250 with PCI PTS v3 and v4 in March of 2019. This has not stopped companies from selling them, however, due to the PCI PTS expiration in April 2021, merchants who use them would not be able to prove PCI compliance in the event of a data breach.

Did you know terminals have their own Payment Card Industry or PCI certification? The standards are part of the overall merchant requirements to maintain the security of cardholder data. Those rules change over time and a bunch of Ingenico equipment recently expired, including the popular ISC250 lane terminal.

Ingenico issued end of life notifications on their PCI PTS 3 range of payment devices in compliance with the PCI Security Standards Council PCI 3 expiration date of April 30, 2020, which was extended to April 30, 2021 due to Covid. Often merchants will get notifications like this from their acquirer on their merchant statement.

Which Ingenico terminals are impacted?

  • iSC Touch 480 PCI-PTS v3/4 model
  • iSC Touch 250 PCI-PTS v3/4 model
  • iPP320 PCI-PTS v4
  • iPP350 PCI-PTS v4
  • This list does not include all devices! Merchants should check with their providers especially if using a non-EMV device or if you were an early EMV chip adopter.
ingenico isc250 signature capture terminal
Ingenico isc250

What does End of Life mean?

(PCI) PIN Transaction Security (PTS) v3 expires April 30, 2021.

(PCI) PIN Transaction Security (PTS) v4 expires April 30, 2023.

PCI PTS v5 expires April 30, 2026.

Are merchants PCI Compliant if they continue to use PCI 3 terminals after April 2021? The PCI Council urges but does not mandate merchants use approved PTS devices in their payment environments. However, in our experience, between payment brand and acquirer requirements, merchants generally need to use only approved PTS devices or risk getting shut down. Research expiration dates of terminals on the PCI Council web site. I’d be concerned about liability and the ability to prove PCI compliance, especially in the event of a data breach. If security vulnerabilities or exploits are identified by processors after April 2021, and you’re using the terminals, who’s to say when or even if a solution could be found to fix it?

How disruptive would it be for your business to have to shut down using them and get another solution? There are always people who procrastinate making changes. And when something goes wrong, phone calls to processors explode, so change is usually not as swift as you’d like.

Note, only employees and PCI QIR certified individuals can install or touch your credit card terminals. Terminals are one of the most important factors determining rates you pay and chargeback risk. Why? Call now to learn more. This is the perfect time for an external account review by a payments expert.

TIP for Christine Speedy Ingenico ISC250 customers: If you were an early adopter and had your terminals deployed prior to the EMV chip liability shift in October 2015, there’s no need to check part numbers; They need to be replaced. Please contact me directly to consult on replacement options.

Call Christine Speedy , PCI QIR certified, for new PCI 5 terminals, technology review and or merchant account review to maximize profits and improve your customer experience. 954-942-0483, 9-5 ET

Verifone VX terminal reboot: urgent update

All Verifone VX terminals must be updated by June 25, 2019 or merchants risk problems where the terminal is stuck in a reboot and cannot accept credit cards. Verifone posted an advisory on their support web site June 3. Hopefully owners will be notified by their acquirers before they have hard failure. The VX series is very popular so it could be problematic if many thousands of VX terminal owners try and download the update at the same time.

Action is required for all customers using VX (all VX) or e-Series Devices (limited to e315, e315m and e355) on any version of CommServer prior to 544 or 5441 who have not downloaded the recovery utility. This action is for both customers who have successfully recovered their devices from a reboot loop, those who may be in a reboot loop, and those that did not experience issues at all on or around May 25, 2019. Read the entire alert on the Verifone support web page here.

The advisory impacts all Verifone VX terminals, so per my search, that would include the VX 520, VX 680, VX 805, and VX 670. Are you in need of a new or replacement terminal?

The Christine Speedy difference. Find out what terminal is best for your credit card processing situation. Call someone who knows the rules and can help you optimize for the lowest interchange rate qualification. Terminal choice matters! B2B expert. 954-942-0483, 9-5 ET.

US EMV Verifone MX 915 for BB&T TSYS

Yes, we provide US EMV with chip and pin for BB&T customers wanting to use Verifone MX 915 terminals. BB&T merchants are on the First Data platform. One unique benefit of our solution on First Data is we can process retail, MOTO (mail order/telephone order), and ecommerce, including electronic bill presentment and payment (EBPP), all in a single merchant account, with proper representment to mitigate chargeback risk and maximize profits.

The transaction process is different for EMV than magnetic swipe transaction, in order to support the different flow for processing chip cards.

To use CenPOS as shown in the video, merchants need high speed internet, web browser, Verifone MX 915, and CenPOS account. No other software is needed. CenPOS can be used standalone or integrated. Integrated solutions include Infor, SAP, Dynamics AX, Quickbooks etc. In all cases, CenPOS segregates payments from the application to reduce PCI Compliance scope and improve security.

TIP:  Having an EMV capable terminal does not mean a merchant is ready to accept chip cards. In the CenPOS environment, if a merchant installed a future proof, EMV capable terminal to get ready for EMV, the next step is to convert to EMV enabled. This always requires turning on EMV at the merchant account level, in addition to other steps.

If you do not own a Verifone terminal, do not purchase one on your own via EBAY or some other source. For PCI Compliance, and overall security, the purchasing and installation process must be tightly controlled.

If you’re not a current CenPOS customer, contact Christine Speedy for sales and integrations at 954-942-0483. Don’t just get ready, get EMV Compliant.

Visa to Help Accelerate EMV Chip Migration and Support Merchants

Streamlined certification, financial and technical support to further accelerate EMV chip terminal deployment

Modified chargeback policies will provide near term relief to merchants who are not yet chip-ready

SAN FRANCISCO–(BUSINESS WIRE)–Jun. 16, 2016– Visa Inc. (NYSE:V) today announced a series of initiatives to help accelerate EMV chip migration for merchants. Visa has streamlined its testing requirements, amended and simplified the terminal certification process, and committed to investing further resources and technical expertise in a manner that can reduce timeframes by as much as 50 percent. Visa is also making policy changes to help limit exposure to counterfeit fraud liability for merchants who are not yet chip-ready.

visa

Chip card technology helps prevent fraud the results from data compromises. (Photo: Business Wire)

While the U.S. migration to chip technology is a significant undertaking, tremendous progress has been made to-date with over 300 million chip cards in market and 1.2 million merchant locations now accepting chip cards. An average of 23,000 new merchant locations become chip-ready each week. Despite the success to date, a migration of this size takes time and hence many merchants still require help to cross the finish line.

Streamlined Implementation

Before a merchant can turn on a new chip terminal, it needs to be tested to ensure it works properly for the merchant and cardholder. Chip technology can be implemented in different ways based on the unique needs of a merchant, and therefore, different merchants need to be tested in different ways. The more complex a merchant’s point of sale environment, the greater the number of tests. However, Visa has streamlined its testing requirements to significantly reduce the complexity, time, and cost of implementation.

By way of example, a national grocery chain recently followed Visa’s streamlined approach and completed development, testing, and certification months ahead of schedule.

Acquirers Can “Self-Certify” Their Solutions

Going a step further, Visa will provide acquirers greater discretion to determine the appropriate level of testing required to ensure a merchant’s solution is ready. Acquirers know their merchants better than anyone, so providing acquirers with the commercial flexibility to self-certify their clients will further reduce certification wait times for solutions that acquirers are confident are ready.

Visa is also exploring a system for acquirers to share certification test results with each other to avoid testing duplication. That is, if a certain merchant configuration (e.g., restaurants with specific hardware and software) is known to consistently work with one acquirer, then other acquirers should be aware of this and take it into consideration as they make their decisions.

Incremental Funding and Resources to Support Migration

Visa will increase its investment to support both acquirers and the value-added resellers (VARs) that develop the software to power chip terminals. Visa funding will be available to help acquirers with any specific resource constraints they may be facing, as well as to help VARs pre-certify their software solutions in a manner that will significantly reduce the subsequent testing at acquirers by up to 80 percent.

In addition, Visa will provide hands-on support to VARs who may need technical information, education, consulting, and training. A dedicated team of Visa experts will be available to provide direct support in the form of webinars and direct one-on-one conversations, as needed.

“Visa recognizes the importance of having the industry help merchants get their chip terminal solutions up and running quickly so that everyone, especially consumers, can benefit from the powerful security protection of chip technology,” said Oliver Jenkyn, Group Executive North America, Visa Inc. “We’ve taken steps to simplify the process as much as possible and help reduce any challenges so merchants can move forward with chip adoption quickly.”

“Vantiv has been relentlessly working to help merchants upgrade their point-of-sale systems to new levels of security with EMV,” said Royal Cole, Group President, Merchant and Financial Institution Services at Vantiv. “To help accelerate this process, we’ve been working with Visa to find comprehensive ways to further streamline the conversion process for the entire ecosystem – from software developer partners to the smallest-sized businesses. We are very encouraged by the new measures and programs that Visa is announcing today, and we hope others will join in instituting similar programs.”

Counterfeit Chargeback Policy Changes

Historically, issuers have been responsible for the full cost of counterfeit fraud that takes place at a merchant. In 2011, to support the migration to EMV chip technology, Visa announced a liability shift that became effective in October 2015. With this change, the cost of counterfeit fraud is the responsibility of the party – either the merchant or the issuer – that has not implemented chip technology. Given that some merchants are still working to get their chip terminals enabled and certified, they may now be bearing the cost of counterfeit fraud originated in their stores. Visa’s actions today seek to alleviate the impact on merchants while they work through the transition.

Visa is modifying its policies to limit the number of fraudulent transactions that issuers can charge back to merchants (and their acquirers). Effective July 22, 2016, Visa will block all U.S. counterfeit fraud chargebacks under $25. These smaller chargebacks generate a great deal of work and expense for merchants and acquirers, with limited financial impact for issuing banks. In addition, effective October 2016, issuers will also be limited to charging back 10 fraudulent counterfeit transactions per account, and will assume liability for all fraudulent transactions on the account thereafter. This reinforces the responsibility issuers already have to detect and act on counterfeit fraud quickly. These blocks will stay in effect until April 2018.

These two changes together will significantly reduce the number chargebacks that merchants are seeing. Following these changes, merchants can expect to see 40 percent fewer counterfeit chargebacks, and a 15 percent reduction in U.S. counterfeit fraud dollars being charged back.

For more information, acquirers and processors should contact their Visa account executive.

About Visa Inc.: Visa Inc. (NYSE:V) is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable electronic payments. We operate one of the world’s most advanced processing networks — VisaNet — that is capable of handling more than 65,000 transaction messages a second, with fraud protection for consumers and assured payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, pay ahead of time with prepaid or pay later with credit products. For more information, visit usa.visa.com/about-visa, visacorporate.tumblr.com and @VisaNews.

View source version on businesswire.com: http://www.businesswire.com/news/home/20160616005425/en/

Source: Visa Inc.

Visa Inc.
Sandra Chu, +1 415-805-4124
sanchu@visa.com
Lea Cademenos, +1 415-805-4271
lcademen@visa.com

Distributor EMV Credit Card Terminals – Profit busters, profit boosters

Distributors have special needs for retail credit card processing to maximize profits and mitigate risk. Here we identify credit card terminals that are certain fall short on delivering in an EMV environment. The two most critical retail needs are requiring customers to comply with the highest security supported, and supporting level III processing. Additionally, P2PE, encrypting at the terminal head, is important for a security and compliance.

Only cloud payment solutions have the potential to meet the primary distributor retail processing needs.  This precludes all First Data terminals, one of the most popular brands distributed, and similar devices. DISCLAIMER: comments are specifically regarding business to business needs, not all retail industry needs, and are not in any way intended to imply anything negative about the terminals.

The terminals below DO NOT meet the two most critical distributor needs to maximize profits.

verifone vx520 emv terminal

Verifone vx520

Clover Mini by First Data

Clover Mini by First Data

First Data FD35 EMV pin pad terminal

First Data FD35 EMV PinPad, attaches to a variety of FD terminals.

Ingenico iCT250 emv capable countertop terminal.

Ingenico iCT250 emv capable countertop terminal.

magtek mini card swiper

Magtek mini card swiper.

The terminals below have the POTENTIAL meet the two most critical distributor needs to maximize profits. Special certifications and payment gateway logic is required.

ingenico isc250 signature capture terminal

Ingenico isc250 EMV

 

verifone MX915 EMV terminal

Verifone MX915 EMV chip terminal

Fraud liability review for MasterCard, American Express, and Discover (credit and debit)

  • If the card is chip & sign, and the terminal is EMV only, the card issuer is liable
  • If the card is chip & pin, and the terminal is EMV without pin, or pin debit without EMV, the merchant is liable
  • If the card is chip & pin, and the terminal is EMV with pin, the issuer is liable
  • If the terminal supports EMV & pin, but the customer uses chip & sign, the merchant is liable. Acquirers generally support chip and pin bypass to chip and signature. Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.
  • If the terminal supports EMV & pin, but the customer does chip & sign, the merchant is liable.

Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.

If you want to enhance your customer experience, make a change that also maximizes profits too.

Christine Speedy, CenPOS global sales and integrated solutions reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS? secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting merchant banking relationships. Keep your processor, upgrade your technology! Quick and easy to implement with no long term contract.