Payment terminal

Last updated

PAX Technology S90 credit card terminal with a Visa card inserted. Credit card terminal in Laos.jpg
PAX Technology S90 credit card terminal with a Visa card inserted.

A payment terminal, also known as a point of sale (POS) terminal, credit card machine, card reader, PIN pad, EFTPOS terminal (or by the older term as PDQ terminal which stands for "Process Data Quickly" [1] ), is a device which interfaces with payment cards to make electronic funds transfers. The terminal typically consists of a secure keypad (called a PINpad) for entering PIN, a screen, a means of capturing information from payments cards and a network connection to access the payment network for authorization.

Contents

A payment terminal allows a merchant to capture required credit and debit card information and to transmit this data to the merchant services provider or bank for authorization and finally, to transfer funds to the merchant. The terminal allows the merchant or their client to swipe, insert or hold a card near the device to capture the information. They are often connected to point of sale systems so that payment amounts and confirmation of payment can be transferred automatically to the merchant's retail management system. Terminals can also be used in stand alone mode, where the merchant keys the amount into the terminal before the customer present their card and personal identification number (PIN).

The majority of card terminals today transmit data over cellular network connections and Wi-Fi. Legacy terminals communicate over standard telephone line or Ethernet connections. Some also have the ability to cache transactional data to be transmitted to the payment processor when a connection becomes available; the major drawback to this is that immediate authorization is not available at the time the card was processed, which can subsequently result in failed payments. Wireless terminals transmit card data using Bluetooth, Wi-Fi, cellular, [2] [ promotional source? ] or even satellite networks in remote areas and onboard airplanes.

Prior to the development of payment terminals, merchants would capture card information manually using ZipZap machines.[ citation needed ] The development of payment terminals was led by the advantage of efficiency by decreased transaction processing times and immediate authorisation [3] of payments. In terms of security, terminals provide end to end card data encryption and auditing functions. Nevertheless, there have been some cases of POS pin pad malware. [4] There have also been incidence of skimming at card terminals and this led to the move away from using the magnetic strip to instead capturing information using EMV standards. [3]

History

A typical fixed install card terminal from 2006 Credit card terminal.jpg
A typical fixed install card terminal from 2006

Prior to the development of payment terminals, merchants would use manual imprinters (also known as ZipZap machines) to capture the information from the embossed information on a credit card onto a paper slip with carbon-paper copies. These paper slips had to be taken to the bank for processing. This was a cumbersome and time-consuming process.

Point of sale terminals emerged in 1979, when Visa introduced a bulky electronic data capturing terminal which was the first payment terminal. In the same year magnetic stripes were added to credit cards for the first time. This allowed card information to be captured electronically and led to the development of payment terminals.

A typical counter-top payment terminal from 2007 Betalings terminal.jpg
A typical counter-top payment terminal from 2007

One of the first companies to produce dedicated payment terminals was Verifone. It started in 1981 in Hawaii as a small electronic company. In 1983 they introduced the ZON terminal series, which would become the standard for modern payment terminals.

Hungarian-born George Wallner in Sydney, Australia, founded rival Hypercom in 1978 and in 1982 started producing dedicated payment terminals. It went on to dominate the Oceania region. The company signed a deal with American Express to provide its terminals to them in the US. To consolidate the deal, Hypercom moved its head office from Australia to Arizona in the US. It then faced head-to-head competition with VeriFone on its home market. [5] [ promotional source? ]

Over a decade later in 1994, Lipman Electronic Engineering, Ltd. was established in Israel. Lipman manufactured the Nurit line of processing terminals. Because of Verifone's already firm place in the payment processing industry when Lipman was established, Lipman targeted an untapped niche in the processing industry. While, Lipman held about a 10% share in wired credit card terminals, they were the undisputed leader, with more than 95% share in wireless processing terminals in the late 1990s.

Verifone would later acquire both of these major rivals, acquiring Lipman in 2006 and the payment part of the Hypercom business including its brand in 2011.

In 1980, Jean-Jacques Poutrel and Michel Malhouitre established Ingenico in France and developed their first payment terminal in 1984. Its Barcelona-based R&D unit would lead the development of payment terminals for the next decade. Ingenico, through a number of acquisitions, would dominate the European market for payment terminals for a number of years. They acquired French based Bull and UK based De La Rue payment terminal activity as well as German Epos in 2001. [6] [ promotional source? ]

Initially, information was captured from the magnetic strip on the back of the card, by swiping the card through the terminal. In the late 1990s, this started to be replaced by smart cards where an electronic chip was embedded in the card. This was done for added security and required the card to be inserted into the credit card terminal. In the late 1990s and early 2000s contactless payment systems were introduced and the payment terminals were updated to include the ability to read these cards using near field communication (NFC) technology.

Typical features

An older generation Ingenico credit card terminal and separate keypad from 2006 TPE Ingenico Elite 510.jpg
An older generation Ingenico credit card terminal and separate keypad from 2006

Like automated teller machines, many payment terminals are also equipped with raised tactile buttons and an earphone jack which allow the blind to audibly finish the payment process. [7] [ promotional source? ] [8] [ promotional source? ]

Major manufacturers

Legacy generation payment terminal JET-S Terminal (Panasonic ZEC-15).jpg
Legacy generation payment terminal

There are three main global players who offer both a wide range of payment terminals, sell worldwide, and continue to develop to the latest international payment industry standards. [9] In most countries terminals are provided to merchants via a multitude of distributors that support and pre-configure devices to operate with local payment networks or financial institutions.

Alternatives

A touch screen based VeriFone MX 915 series payment terminal. POS terminal at a bookstore.jpg
A touch screen based VeriFone MX 915 series payment terminal.

A merchant can replace the functionality of dedicated credit card terminal hardware using a terminal application running on a PC or mobile device, such as a smartphone. The payment acceptance applications are also called tap-on-phone or software point of sale. They usually work with dedicated hardware readers that can transfer magnetic stripe data to the application, while there are also some that also work with smart cards (using technology such as EMV), although this is rarely seen on smartphone readers. In case the necessary hardware is unavailable, these applications usually support manual entry of the card number and other data. In addition, more and more devices are beginning to offer built-in RFID or NFC technology to accommodate contactless or mobile device payment methods, often without requiring additional external hardware. [10]

Some payment processors offer virtual terminals for processing payments without the card being present, for example when taking payments over the phone. [11] [ promotional source? ]

Mobile payment systems such as those based on QR code payments bypass the need for payment terminals altogether, relying on smartphones and a printed QR code.

See also

Related Research Articles

<span class="mw-page-title-main">EFTPOS</span> Type of Electronic Funds Transfer system

Electronic Funds Transfer at Point Of Sale, abbreviated as EFTPOS; is the technical term referring to a type of payment transaction where electronic funds transfers (EFT) are processed at a point of sale (POS) system or payment terminal usually via payment methods such as payment cards. EFTPOS technology was developed during the 1980s.

<span class="mw-page-title-main">Point of sale</span> Time and place where a retail transaction is completed

The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer, and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt, as proof of transaction, which is usually printed but can also be dispensed with or sent electronically.

Electronic cash was, until 2007, the debit card system of the German Banking Industry Committee, the association that represents the top German financial interest groups. Usually paired with a transaction account or current account, cards with an Electronic Cash logo were only handed out by proper credit institutions. An electronic card payment was generally made by the card owner entering their PIN at a so-called EFT-POS-terminal (Electronic-Funds-Transfer-Terminal). The name "EC" originally comes from the unified European checking system Eurocheque. Comparable debit card systems are Maestro and Visa Electron. Banks and credit institutions who issued these cards often paired EC debit cards with Maestro functionality. These combined cards, recognizable by an additional Maestro logo, were referred to as "EC/Maestro cards".

<span class="mw-page-title-main">EMV</span> Smart payment card standard

EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard.

<span class="mw-page-title-main">Verifone</span> Multinational point-of-sale equipment manufacturer

Verifone, Inc. is an American multinational corporation headquartered in Coral Springs, Florida. Verifone provides technology for electronic payment transactions and value-added services at the point-of-sale. Verifone sells merchant-operated, consumer-facing and self-service payment systems to the financial, retail, hospitality, petroleum, government and healthcare industries. The company's products consist of POS electronic payment devices that run its own operating systems, security and encryption software, and certified payment software, and that are designed for both consumer-facing and unattended environments.

ISO 8583 is an international standard for financial transaction card originated interchange messaging. It is the International Organization for Standardization standard for systems that exchange electronic transactions initiated by cardholders using payment cards.

A merchant account is a type of bank account that allows businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations. A high-risk merchant account is a business account or merchant account that allows the business to accept online payments though they are considered to be of high-risk nature by the banks and credit card processors. The industries that possess this account are adult industry, travel, Forex trading business, multilevel marketing business. "High-Risk" is the term that is used by the acquiring banks to signify industries or merchants that are involved with the higher financial risk.

<span class="mw-page-title-main">Payment card</span> Card issued by a financial institution that can be used to make a payment

Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner to access the funds in the customer's designated bank accounts, or through a credit account and make payments by electronic transfer with a payment terminal and access automated teller machines (ATMs). Such cards are known by a variety of names, including bank cards, ATM cards, client cards, key cards or cash cards.

<span class="mw-page-title-main">NETS (company)</span> Singaporean electronic payment service provider

Network for Electronic Transfers, colloquially known as NETS, is a Singaporean electronic payment service provider. Founded in 1986 by a consortium of local banks, it aims to establish the debit network and drive the adoption of electronic payments in Singapore. It is owned by DBS Bank, OCBC Bank and United Overseas Bank (UOB).

<span class="mw-page-title-main">Contactless payment</span> Technology enabling payment without physical contact

Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near-field communication (NFC) for making secure payments. The embedded integrated circuit chip and antenna enable consumers to wave their card, fob, or handheld device over a reader at the point-of-sale terminal. Contactless payments are made in close physical proximity, unlike other types of mobile payments which use broad-area cellular or Wi-Fi networks and do not involve close physical proximity.

The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.

<span class="mw-page-title-main">Rede S.A.</span>

Rede known as Redecard is a Brazilian multi-brand acquirer with 25 brands in its portfolio, for credit, debit and benefit cards. Its activities include merchant acquiring, capturing, transmission, processing and settlement of credit and debit card transactions, prepayment of receivables to merchants, rental of POS terminals, check verification through POS terminals, credit card machine and the capture and transmission of transactions using benefit-voucher, private-label cards and loyalty programs such as Multiplus. The company is the first largest in its sector. The company was traded in BM&F Bovespa and disclosed in September 24, 2012.

Cleaning cards are disposable products designed to clean the interior contact points of a device that facilitates an electronic information transaction. In order for the cleaning card to work properly in the device, the card resembles or mimics the material of the transaction media – such as a credit card, check, or currency. As the cleaning card is inserted and passed through the device, it will clean components that would normally come in contact with the transaction media such as readers, lenses, read/write chip and pins, belts, rollers, and paths. Cleaning card products are widely accepted and endorsed by device manufacturers and industry professionals. Many have developed their own cleaning cards to better clean their particular devices.

<span class="mw-page-title-main">Card security code</span> Security feature on payment cards

A card security code is a series of numbers that, in addition to the bank card number, is printed on a credit or debit card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud. Unlike the card number, the CSC is deliberately not embossed, so that it is not read when using a mechanical credit card imprinter which will only pick up embossed numbers.

The term digital card can refer to a physical item, such as a memory card on a camera, or, increasingly since 2017, to the digital content hosted as a virtual card or cloud card, as a digital virtual representation of a physical card. They share a common purpose: Identity Management, Credit card, Debit card or driver license. A non-physical digital card, unlike a Magnetic stripe card can emulate (imitate) any kind of card.

<span class="mw-page-title-main">Point-of-sale malware</span>

Point-of-sale malware is usually a type of malicious software (malware) that is used by cybercriminals to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information, a card's track 1 or track 2 data and even the CVV code, by various man-in-the-middle attacks, that is the interception of the processing at the retail checkout point of sale system. The simplest, or most evasive, approach is RAM-scraping, accessing the system's memory and exporting the copied information via a remote access trojan (RAT) as this minimizes any software or hardware tampering, potentially leaving no footprints. POS attacks may also include the use of various bits of hardware: dongles, trojan card readers, (wireless) data transmitters and receivers. Being at the gateway of transactions, POS malware enables hackers to process and steal thousands, even millions, of transaction payment data, depending upon the target, the number of devices affected, and how long the attack goes undetected. This is done before or outside of the card information being (usually) encrypted and sent to the payment processor for authorization.

PunkeyPOS is a new type of Point of Sale Malware which was discovered by PandaLabs in 2016. This new Point of Sale Malware infects the Point of Sale(POS) Systems with two types of malware applications - keylogger and RAM Scraper. PunkeyPOS gets installed into the computer automatically without the knowledge of the user, in a similar manner as other POS malware.

<span class="mw-page-title-main">Google Pay (payment method)</span> Mobile payments platform developed by Google

Google Pay is a mobile payment service developed by Google to power in-app, online, and in-person contactless purchases on mobile devices, enabling users to make payments with Android phones, tablets, or watches. Users can authenticate via a PIN, passcode, or biometrics such as 3D face scanning or fingerprint recognition.

<span class="mw-page-title-main">Credit card imprinter</span> Mechanical device for transferring payment card details to paper

A credit card imprinter, colloquially known as a ZipZap machine, click-clack machine or Knuckle Buster, is a manual device that was used by merchants to record credit card transactions before the advent of payment terminals.

Newland Digital Technology Co., Ltd., previously known as Fujian Newland Computer Co., Ltd., is an IT products and services provider headquartered in Fuzhou, Fujian in China. It provides service and application products based on networking for markets in data identification, electronic financial payment, mobile communication support, expressway information systems, cloud computing and big data services.

References

  1. Transversal, James Leslie at. "Ask Barclaycard a question". ask.barclaycard.co.uk. Archived from the original on 31 March 2019. Retrieved 28 September 2017.
  2. "Ingenico Group – Expertise – Pay-at-the-Table". ingenico.us. Retrieved 13 September 2017.
  3. 1 2 "ATM 'Shimmers' Target Chip-Based Cards — Krebs on Security". krebsonsecurity.com. 27 January 2017. Retrieved 13 September 2017.
  4. "A First Look at the Target Intrusion, Malware – Krebs on Security". 16 January 2014. Retrieved 19 August 2021.
  5. "Hypercom Corporation History". Funding Universe. Retrieved 8 December 2015.
  6. "Ingenico – Our history". Archived from the original on 24 October 2020. Retrieved 28 December 2016.
  7. "iSC Touch 480". ingenico.us. Retrieved 13 September 2017.
  8. "Talking ATM Overview – Wells Fargo". www.wellsfargo.com. Retrieved 13 September 2017.
  9. "How the Top 3 Card Machine Manufacturers are Redefining the Payment Industry". ExpertSure. Retrieved 29 December 2017.
  10. Whitney, Lance (24 March 2011). "App turns Google Nexus phone into payment tool". CNET. Retrieved 24 March 2015.
  11. "MX 915". Verifone.com. Retrieved 13 September 2017.