New P2P Encryption Solution With MagTek Secure Card Readers

CenPOS, a universal payment processing platform, now supports point-to-point (P2P) encryption with MagTek retail point of sale and mobile credit card reader devices. P2P encryption and end-to-end encryption are terms often bandied about with different meanings.

In P2P encryption, the card data is encrypted at the swipe and is decrypted at another point before going on to a credit card processor. This reduces the risk of compromising data-in-flight. For example, if a merchant has a keyboard emulation card reader connected to a virtual terminal or point of sale software,  and the computer has malware, there is the risk of the card data being intercepted before getting to the next point. By opening up a text program, a person can swipe a card reader and all the data will dump onto the page, increasing internal security risk. With encryption at the card reader, any data intercepted cannot be accessed because only the intended recipient has the decryption key.

The term end-to-end encryption has become a catchall for the encryption and delivery of sensitive cardholder data from the point of sale entry point through each of the various organizations and networks in the payments process all the way to the card issuer. However, while the swipe device is clearly an end point, the destination is not. There are several points where card data may need to be opened in the process, including the merchant acquirer/ processor, card brands, loyalty card services, and the card issuer. All of which create complexities that could cause problems for an authorization approval. Thus, to ensure a higher rate of approvals, end to end encryption is  just a misnomer, as decryption usually takes place at point the sensitive data is released to the processor.

With the CenPOS SaaS and Magtek hardware solution, data is encrypted at the swipe head, decrypted at CenPOS, and then routed per the merchant rules. (Again, some companies define this as end-to-end encryption because there are no hard and fast rules defining it the payments world.) This added layer of protection can bring extra peace of mind to CenPOS merchants concerned with data security. There is no additional cost for the service, however, merchants must have devices injected with the CenPOS encyrption code at a secure POS distributor terminal facility.

magtek card readersmagtek mini swipe

Above:  compatible Magtek devices. To accept credit cards, merchants need a high speed internet connection, compatible card reader, merchant account, and a CenPOS account, which includes a virtual terminal and payment gateway, among other solutions.

Contact Christine Speedy, CenPOS sales at 954-942-0483 for additional information.

 

 

Magtek Qwickpay Mobile Review

Qwickpay is a mobile POS application offered by Magtek, manufacturer of card readers. It’s a smart play by Magtek to ensure market share in the fast growing mobile payments market.

PRODUCT OVERVIEW

COMPATIBILITY 5/2012

  • iPhone 4, iPhone 3GS, iPhone 3G, iPod Touch and iPad compatible

FUNCTIONALITY

  • The POS software will auto populate sales tax and tip if you like as a standard setting.
  • Supports sale, void, refund and “protection code” which is for consumers who have a QwicKey.
    • Presumably consumer adoption will increase the key to make this to make this feature useful. (Consumers purchase the QwicKey service, then generate one time use Qwick Codes [Formerly Protection Codes]. These one-time codes can be redeemed by a PCI compliant, ROC certified Payment Processor. A Merchant and online store can accept a Qwick Code in lieu of cardholder, personal account data.
  • Supports signature capture and email receipt.
  • Includes a virtual terminal, however it is not recommended that transactions are key entered.
  • magtek qwickpay mobile payments
  • magtek qwickpay mobile payments

UNIQUE CLAIMS ABOUT THIS MOBILE PAYMENT SOLUTION:

  1. Uses MagnePrint®,a dynamic card authentication technology based on the unique physical properties of the magnetic stripe, also referred to as the stripe’s digital identifier or (DI). It provides validation that the card itself is genuine and that its encoded data has not been altered.
  2. Immediate encryption (Triple DES) of all cardholder data with a derived unique key per transaction (DUKPT).
  3. Immediate tokenization or “substitution” of all cardholder data

THE INSIDE SCOOP- WHAT YOU REALLY NEED TO KNOW

  • Users: This is really a one user system. If you wanted two users or more, you’ll need to tag to multiple merchant accounts, or at the very least, need a unique merchant account TID for each one. If the user is no longer authorized, you’ll have to get the device back or shut down the TID.
  • Does it support level 2 data as specified in the FAQ? Yes, but the use won’t know when they need to enter extra data, or what that data is, so chances are, they’ll never qualify for lower level 2 data on business cards.
  • Key entered: It is clearly NOT recommended, as indicated by large red print, for key entered transactions for a number of different reasons.
  • MagnePrint- How much safer is this than simply verifying the last 4 digits from the front of the credit card?
  • Encryption- there are a number of different ways to protect the cardholder data. This is a solid method, but not the only valid solution.

 

COMPARE TO CENPOS ENTERPRISE MOBILE:

There are numerous differences and here are a few highlights:

  •  MANAGE FEES PAID. CenPOS dynamically identifies the card issuing bank and method of input (swipe or key enter) and automatically collects and delivers the optimal data for lowest risk and interchange rate. QwickPay does not do this.
  • MANAGE USERS/ RISK: CenPOS admin can manage an entire workforce in the field to accept payments and change permissions or access remotely. Users have the same priviledges on the virtual terminal.  QwickPay does not allow for multiple users or user management. Additionally, CenPOS uses a variety of proprietary and merchant managed rules to manage risk, including automatically declining certain transactions, remote supervisor approval option, and automated email alerts.
  • MANAGE BUSINESS: CenPOS reporting is extensive and easy to use. Qwickpay is limited and you even have to select which card types (Visa, mastercard etc) you want for each and every transaction.
  • BUSINESS EFFICIENCY: CenPOS uses a single hub to accept payments from all sources- web, mobile, retail, kiosk etc, manage users, and access reports. QwickPay has none of these capabilities.
  • COSTS: Qwickpay is cheaper with a one time fee. CenPOS charges per transaction fees, and has a $50/mth minimum.
  • OTHER: CenPOS does not currently calculate tax & tip.

I RECOMMEND QWICKPAY FOR:

  • YES. One man businesses.
  • YES. Businesses with a single person on the road that accepts payments.
  • LIMITED. Businesses that are primarily card not present, but which occasionally would like to get a card swiped while on the road to mitigate risk. Note: this would be for a card not present account with card not present rates, but you’d benefit from a signature on file and some fraud protection.
  • NO Businesses with more than one person who would need, or with a mix of card not present and card swiped transactions.

COST

  • Qwickpay prices are determined by resellers.
  • 3D Merchant price for QwickPAY (Apple) – one time charge of $90. – includes iDynamo SCRA*. No transaction or other fees.
  • 3D Merchant price for QwickPAY (Android)  – one time charge of
    $130. – includes application, set up, and BulleT SCRA. * No transaction or other fees.
    *  Requires new merchant account with guaranteed price match to your existing merchant account.

WHERE TO BUY

  • Qwickpay is sold through limited authorized resellers, usually payment processors. Call yours to ask for pricing and availability.
  • A merchant account is needed.
  • Contact 3D Merchant Services for QwickPay or CenPOS

How can I accept credit cards at special events?

There are three ways to accept credit cards at special events when there is not a standard phone line available. A wireless terminal, a virtual terminal, and using a manual card imprinter with duplicate receipt forms. This article discusses the pros and cons for each situation from high volume to the annual event user.

WIRELESS CREDIT CARD TERMINAL:

The newer wireless handheld terminals have three key features. First, if unable to make a connection, the unit will encrypt and store the transaction for later transmission. This removes the problem frequently cited by merchants in the past that their units didn’t work in certain buildings and they’d never know if it would work until the got to the venue.

Second, the user can enter their pin number if using a debit or check card. With debit usage now at 40% plus, this is essential if you have a large consumer buyer base. If you are mostly B2B, then it’s not as important. However, because we are seeing a large increase in debit even among corporate buyers, if your volume is over $250,000 annually, then I recommend investing in units that have integrated debit pinpad. Don’t be misled by semantics in the product description. A terminal that  ‘accepts debit cards’ or has an ‘integrated pinpad’ is not the same as a unit that has integrated pinpad to process pin-based debit transactions. Look for this specific text in the description:  Uses internal PCI PED compliant PINpad for PIN entry DUKPT, 3DES. This is needed to accept pin debit transactions plus be compliant with 2010 pin based debit PCI Compliance requirements.

Third, the customer can sign on the terminal itself so there is an electronic signature record. The merchant needs a processor or system to store the signature also. The merchant needs to print a receipt for the customer, usually via a small printer that attaches.

Under the scenario above, the merchant has the greatest ‘potential’ to reach the lowest interchange rates possible for payment processing. This is a card present,  retail transaction.

VIRTUAL TERMINAL- ACCESSED VIA COMPUTER WITH WIRELESS INTERNET

The merchant key enters customer purchases via a laptop and a secure web page. The receipt is printed to a special receipt printer or a laser printer.

Unless you are getting a manual imprint of the transaction as required for a KEY ENTERED Retail transaction, this should process as a card not present, mail order/phone order transaction.

SWIPE DEVICE ATTACHED TO COMPUTER WITH WIRELESS INTERNET

The merchant opens a connection to their Point of Sale system. It could be a desktop software program or a secure web page. The merchant swipes the credit card via a card reader, usually attached via usb,  to the computer to process the transaction. After the transaction processes, the merchant gets a receipt.  The merchant needs to print 2 receipts. One for the merchant to sign and keep for internal records, and one for the customer to keep. This is a card present,  retail transaction. It has all the benefits to help keep processing costs down, except that you cannot process pin based debit transactions. There are ways to attach a pinpad to the computer, provided all the elements- hardware, software, and processor- work together. However the cost to use this process doesn’t usually justify it. If you are going to spend that much money, would a wireless handheld have more benefits by providing more freedom than requiring a laptop?

note: You must give buyers a receipt with the sellers name, date, amount of charge, item description and a transaction number. How you deliver that receipt- pre-printed with partial completion and then filled in, or printed on site is up to you.  A very reliable volume thermal receipt printer with usb connection and simple set up is $225. A mobile receipt printer – smaller but easier to travel with- can cost up to $495.

RECOMMENDATIONS:

Consumer shows, high dollar volume: wireless terminal with integrated pin debit and processor that offers pin debit rates.

Consumer shows, low volume: Virtual terminal.

Consumer shows, high volume, once per year:  Card reader attached to laptop.

high dollar (event admissions, B2B, and silent auctions): wireless terminal with integrated pin debit and processor that offers pin debit rate

Vendor and manufacturer specific solution recommendations:

WIRELESS HANDHELD CREDIT CARD TERMINAL with PCI PED certification (payment card industry pin entry device) Verifone Vx610 , NURIT 8000 and Way MTT 1581. The Nurit 8000 has a built in printer, electronic signature capture, and works with GSM/GPRS), and Wi-Fi. The Verifone Vx610 has a built in printer, and works with GPRS and CDMA.  The Way MTT 1581 has an optional mobile printer, Store and forward transactions feature,  and works with GSM. All can be used with mobile phone service at additional cost.

We do not specifically endorse any single product above. These products meet our recommendations for features, however, we do not have specific experience as to the reliability of any specific product.  To purchase any of the above, please give us a call, no merchant services contract required.

Virtual terminal: For B2B- Orbital Virtual Terminal (Chase Paymentech) or CenPOS.  For pricing, please call. Recommendation varies by volume, transaction type and other business needs. The Orbital Virtual Terminal requires a new merchant account, CenPOS can be used with your existing merchant account, minimum fee $50 per month.

Swipe device: Magtek Card reader is our hands down favorite. Please don’t buy one used on eBay or other unknown sources. At $75, we highly recommend you buy one new from a reliable source. This solution also requires a gateway to receive the data. Other than CenPOS, it is essential to speak to a consultant before choosing a gateway for the connectivity service. Not all gateways will pass through the essential data needed to achieve the lowest payment processing costs. Presumably, most will be equal relative to security.

Magnetic Card Swipe readers magtek

Magnetic Card Swipe readers are a perfect solution for swiped transactions at low volume retail location, at special events, and wholesale building supply companies. If the location is likely to have a lot of debit card transactions (see past history) then a cost benefit analysis is needed to determine whether a solution with pinpad would be a better alternative.

magtek Mini Swipe Reader

Assuming it has already been determined that the merchant does not need a debit pinpad, then magnetic strip (magstrip) credit card readers are an excellent solution. They hook up to your computer so you can get the benefit of most retail interchange rate, provided the software it interacts with a) can capture all the data needed and b) will pass all the data needed to the processing company and c) the payment processor will accept all the data needed. While it seems simple, in reality not all gateways pass through all data, regardless of whether it’s been captured. So if just the card number and expiration is passed through, but the best interchange rate for the type of card presented also needs another field, the transaction would be downgraded to a higher rate.

Magtek card readers can be used with CenPOS,  a host based interchange optimization solution for high volume accounts that you can integrate to.

Mag tek is a well known reliable brand and prices start at about $75.

magstripe card readers for CenPOS

What magstripe card reader can I use with CenPOS payment processing software? We recommend the Magtek USB with Keyboard Emulation Software Interface.

  1. The SureSwipe Reader with USB interface and Keyboard Emulation mode. The SureSwipe reader captures 3 tracks of data from all ISO and AAMVA encoded magnetic stripe cards. A green/red LED indicator on the reader provides the operator with status of the reader operations.
  2. Mini Swipe Reader (USB)– same features as above unit, but smaller size. P/N 21040108 Black or  P/N 21040107 white, MSRP $85. MOST POPULAR.

Please check part numbers if you order from unknown suppliers to make sure you have the latest unit.

Magtek card readers enable merchants to have more locations to accept swiped credit card transactions where the merchant does not need electronic signature and pin-debit benefits. Two industries that use this solution are automotive and wholesale b2b suppliers.

For the automotive industry, the swipe devices (magstripe card readers) are typically used in F&I areas for after hours transactions, or offices that do not have high volume, but where it’s inconvenient for the customer to go to the signature capture terminal.

Wholesale B2B suppliers may have many salespeople at the counter servicing commercial accounts. These typically do not have much debit and they are regular customers so it’s a perfect solution to improve checkout efficiency especially for the early morning rush. Careful though, we are seeing a huge increase in debit even in B2B, so it’s important to monitor the account transaction types to ensure this is cost effective.

more info

Specifications
Reference Standards ISO and AAMVA
Power Input From USB
Recording Method Two-frequency coherent phase (F2F)
Card Speed 3 – 60 i.p.s. (forward or reverse)
Card Types ISO and AAMVA (drivers license)