Comment: How to pick a payment terminal

Payment terminals are highly sophisticated devices these days. They are no longer simple swipe card readers used to capture card numbers. The 'little grey box' has transformed itself into a completely different beast. Point of sale (PoS) terminals now have more processing power than early model PCs. Retailers use them to handle a range of payment transactions as well as value added electronic transaction processing services such as processing e-vouchers, product coupons, bill payments, gift cards and loyalty programme points.

What are the key features supported?

A payment terminal includes a fast processor to ensure transaction times are minimised. The faster processor the better, as this will help reduce transaction times and allow new services to be added during its lifecycle. The PoS terminals now incorporate more than 100 megabytes of memory in order to run multiple advanced application programs and to provide sufficient data storage. A far cry from the original 32K of RAM of yesteryear. Wide ranges of communications options are available to choose from these include Ethernet (IP) for fixed broadband connection or wireless communications such as WiFi or GSM/GPRS.

Dial up modem versions are now in decline and typically only used by small retail outlets without in-store broadband. Touchscreen graphical displays have been built in so as to improve the user experience and increase flexibility. The PoS holds an integral printer, which uses a thermal paper roll. The faster the specification of the printer, the more lines that can be printed each second. Graphics capability allows retailer logos and advertising messages to be printed on receipts. A keypad allows the input of transaction amounts and other data fields. A secure PIN pad is also required in order to verify the cardholder correctly. This can either be performed on a separate PIN entry device, which is referred to as a PED, or on an internal PIN Pad (IPP). One of the key features to look for is point-to-point encryption (P2PE) support. Encrypting card details as soon as the card is presented strengthens security protection and offers the ability to reduce PCI DSS compliance scope.

So who needs to buy a PoS terminal and who a PED?

Larger retailers (those in Tiers 1 and 2) tend to utilise integrated payments systems. These merchants need a combined card reader (mag stripe and chip) plus a secure PIN entry device. PEDs are attached directly to the EPoS terminal, which is where the payment application resides. The transaction processing uses the fast communications and printing capabilities of the EPoS. The mid tier is also increasingly adopting integrated payment systems thanks to the greater availability of EPoS applications and lower costs of PC technology.

Smaller retailers (those in Tier 4) rely on standalone PoS terminals and an attached PED. There tends to be no integration to the EPoS/Cash Register.

These merchants may prefer a hybrid device that combines a countertop PoS terminal with a PED. This single piece of hardware is shared between the cashier and cardholder during a transaction. It helps remove hardware duplication, space on the counter and cost.

Who offers payment terminals?

Fifteen years ago we used to have in excess of 30 different manufacturers of payment terminals within Europe and many more located in other geographical regions. Thanks to rapid market consolidation this number has dropped to less than a handful with the top two manufacturers Ingenico and VeriFone (both exhibitors at RBTE 2014, see below) now accounting for around 80% of annual unit sales. These two market leaders have presence globally and scale allowing them to offer highly competitive prices. There are alternatively available although they tend not to have the breadth of product range or geographic coverage. Pax from China is the leading Far Eastern challenger, but you can also find niche local suppliers such as Spire Payments and Magtek who can be considered.

The PoS terminal manufacturers sell their products directly to large customers but most medium- and smaller-sized merchants will be supplied by a payment service provider (PSP), merchant acquirer or independent sales organisation (ISO).

The growing importance of software

In reality it is the software applications that are of critical importance rather than hardware feature sets. Your chosen payment terminal will likely need to run an operating system that allows multiple applications to be run simultaneously. These should reside in secure memory, which provides control to different application owners. The applications require remote management, which can be provided through a terminal management system (TMS). Each manufacturer tends to offer a proprietary O/S version and TMS. Often the terminal manufacturers are not the best software developers and have limited programming resources available, so retailers may wish to source application software directly from a third party organization for whom this is their core business.

Which certifications are needed?

We are living in a time of increased regulation and so a whole suite of certificates and accreditations are needed. The list keeps getting longer! In order to process EMV (Chip & PIN) transactions the hardware needs to be EMV Level 1 certified and the software has to conform to the EMV Level 2 standards. Lists of approved devices and software kernels can be found on the EMVCo website.

For data security purposes the PIN Pads need to be certified to the PCI PTS 3 standards. If you are looking to utilise point-to-point encryption then SRED has to be added to the list and P2PE application and solution certifications. Approved devices can be found on the PCI SSC website. The lists keep changing. Don't always trust what a vendor is telling you. Check the lists out for yourself.

Individual countries will ask for extra certificates such as the UK market’s requirement for PIN Pads to have completed a Common Criterea security assessment. Acquiring banks are likely to insist on accreditation testing before a new terminal can be used. This involves end-to-end transaction testing. Other certifications may be needed.

Contactless card acceptance

Most payment terminals and PEDs are now available with contactless card readers built-in. These sit behind the display or keypad areas and allow low value transactions to be accepted without the need for a card to be inserted or have a PIN or signature verified. LEDs help indicate a successful card read. The terminal needs to be compatible with the appropriate hardware and software specifications as defined by the card brands and standard bodies. Contactless card numbers are increasing rapidly and so it would be unwise to invest in next generation card readers without this feature being included.

Reliability is critical

When making your selection you need to take careful consideration about reliability. As when the device is out of service customers can’t be served and sales may be lost forever. Take up references from your peers to find out their experience of the particular model you are considering. MTBF figures do not tell the true story! Remember faults may well be software rather than software related and so you also have to have confidence in the application developer as well as the hardware manufacturer.

The benefits of new display technology

The latest ranges of devices incorporate large touch screen displays. These support graphics and often run in full colour. This enlarged display real estate makes the transaction process more intuitive and reduces the amount of merchant training required. Promotional messages and advertisement can be used during idle times.

Lots to consider

Making the right choice is not easy. A thorough evaluation of suppliers and models is required and references should always be taken up. Undertaking a comprehensive vendor selection process will reduce business risk, as will using independent experts to supplement your in-house skills and experience.

Mark McMurtrie is an independent consultant focused on consumer payments and technologies. He provides a range of advisory services for retailers through his company Payments Consultancy Ltd www.payments-consultancy.com. He helps with strategy development, market assessment, technology reviews and supplier selection. Mark acts as the official payments consultant for RBTE.