or wait 15 seconds
or wait 15 seconds
Industry observers agree that the unattended sector has lagged attended retail in adopting EMV. Payment equipment manufacturers have introduced a number of EMV-compliant devices, but many kiosks don't include them yet.
John Menzel, senior self-service solutions manager at Ingenico Group, a leading payment equipment manufacturer, recently offered his insights on the self-service sector's progress complying with EMV standards. Following are his answers to questions posed by Kiosk Marketplace.
Q:What is the current state of EMV adoption in the self-serve retail industry?
A: EMV adoption in the self-service industry is still in the beginning stages of adoption. However, there are steps being taken from both a hardware and software perspective to increase the security of the payment devices deployed in self-service.
This includes PCI-certified devices running in a point-to-point encrypted environment with secure read encrypted device capability, known as SRED. In this manner, all card data is encrypted at the time of the transaction to ensure security. This is an interim step before full EMV compliance.
Q: How do EMV compliance regulations impact kiosk operators?
A: Gaining EMV compliance is a process, which needs to be completed any time a new combination of payment device, software and gateway/processor is created. The steps taken include utilizing PCI certified devices, working with qualified security assessor auditors, working with certified payment gateway providers and changing the flow of the software applications to support EMV tags, etc.
So it is a step by step process that is a different motion and requires different partners than operating in a nonsecure world. Couple this with the fact that many operators don't feel the need to upgrade, since they are not currently liable for fraudulent transactions under $20.
Q:What are the benefits of EMV technology for kiosk operators?
A: There are many benefits of utilizing a PCI-certified EMV solution, including insuring not only end-to-end security of the payment transaction, but insuring rogue devices and skimmers can't be inserted or card readers removed without anti-tamper switches going off.
From a consumer perspective, it gives them confidence to utilize their payment cards when making a purchase at an EMV-enabled self-service kiosk, which provides a similar experience to that which they are used to at a brick and mortar retailer.
From an operator perspective, it gives them the future protection of being EMV compliant, especially as higher ticket items are being offered from unattended solutions, like Best Buy's kiosks.
Q: How does EMV acceptance help improve the customer experience?
A: The more the self-service industry can emulate the brick and mortar experience, the better. Consumers are now used to inserting their chip cards into EMV readers at supermarkets, retail stores, quick-serve restaurants and more. Consumers understand EMV use — dipping their chip card into a reader — is supposed to be more secure.
To give consumers confidence to purchase high value ticket items through kiosk solutions, and to give them confidence their card data won't be comprised, they need to have a similar user experience to what they're used to in brick and mortar locations. Implementing EMV at self-service gives them that security and confidence.
Q: How can kiosk operators seamlessly make the switch to EMV?
A: I wouldn't call it a seamless experience to upgrade from non-PCI compliant, non-EMV solutions. It is more an evolution with incremental steps being taken.
This includes utilizing PCI-certified payment devices, upgrading the software applications to be EMV compliant, utilizing payment gateways that can operate in P2PE manner and undergoing quality security assessor audits of the end-to-end solution.
Elliot Maras is the editor of KioskMarketplace.com and VendingTimes.com.