What are my hardware choices?
Where should I run the software?
What happens in an EMV transaction?
Do I still have any control of the transaction?
What are Terminal Action Codes?
Do chip cards have BIN ranges?
 

Where should I run the software: server, POS or reader?

In upgrading to chip and PIN you will need to decide where you to run the EMV functional software. Or to put it another way, the platform for the EMV level 2 kernel. [See also: what is EMV?]. There are essentially three choices: on the server, on the Point of Sale till or within the chip reader itself. The advantages and disadvantages are discussed below.


on the server

This is a software solution which may be used with simple chip and PIN hardware. It follows the proven principles of "Make the hardware as simple and universal as possible" and "Emulate terminal functionality in software" [see: how can I minimise the cost?]. It also adopts the philosophy of the BRC chip card architecture, of an open, component-based software approach [see: what is the BRC chip card architecture?].

The main specific advantages of this choice stem from its centralised approach. Therefore only one location is needed for:

• initial integration with point of sale and EFTPOS systems
• maintenance of EMV configuration parameters
• EMV functional software upgrades

Further advantages are:

A server generally has more processing power than either a till or a reader so that typically the time taken for the EMV cryptography calculations will be minimised. This may become a more significant issue as the cryptography keys increase in length to combat card fraud in the future.

A EMV level 2 certified server kernel may be used with any EMV level 1 approved reader and may support any number of different reader types within a site, e.g. till, kiosk, fuel forecourt and even Internet connected.

If current till software or hardware is incapable of supporting an EMV level 2 kernel, e.g. due to out of date or proprietary operating systems, or simply insufficient processing power or memory, the server option can still provide a software solution for chip and PIN. Furthermore, it can form part of a seamless migration plan if the till replacement cycle allows for higher specification till hardware in the future.

If the EFTPOS software runs on the same platform it makes sense to have all payment software co-located for centralised upgrade and configuration parameter maintenance.

Main disadvantage:

The main disadvantage of the server option stem from its reliance on the network between the server and the reader to perform a chip and PIN transaction. Also the server itself creates a similar single point of failure. If network or server fail, plastic cards must either fall back to a magnetic stripe transaction or worse. The banks are undecided on whether the liability for fraudulent transactions under these conditions is with them or the retailer, probably the latter.

Overall transaction time is affected by network round trip delay time.

Conclusion:

Despite the disadvantages, the business case for a server based approach may still hold: the cost of strengthening the network, improving the resilience of the server or running a redundant server must be weighed against performance and the fraud liability risk of falling back to magnetic stripe during a failure. Bear in mind that the fraudster would not normally be able to exploit this failure scenario. If a till based approach is not possible and the only alternative is to run EMV level 2 on the reader, the long term disadvantages of the latter may or may not outweigh the short term disadvantages of running on the server.

If suitable EMV level 2 software is not available from a third party supplier, the in-house development and associated EMV level 2 approval costs can make this option prohibitively expensive.


on the till

This too is a software solution which may be used with simple chip and PIN hardware. [Refer to first paragraph of previous section: on the server for more information].

The main specific advantages of this choice stem from it being on a peer level with the point of sale software. Therefore the following can follow well understood and proven paths:

• initial integration with point of sale and EFTPOS systems
• maintenance of EMV configuration parameters
• EMV functional software upgrades

Further advantages are:

A till generally has more processing power than a reader so that typically the time taken for the EMV cryptography calculations will be very low. This may become a more significant issue as the cryptography keys increase in length to combat card fraud in the future.

A EMV level 2 certified server kernel may be used with any EMV level 1 approved reader and may support any number of different reader types within a site, e.g. from different manufacturers, separate reader and PIN pad, integrated reader and PIN pad.
The till option does not rely on the store network or server to perform EMV chip and PIN transactions.

Main disadvantage:

The main disadvantages of the till option stem from its reliance on the hardware platform of the till. If this has a proprietary or outdated operating system, insufficient processing power or memory then a till option may either be physically impossible or prohibitively expensive. Furthermore, there is always a risk when running a third party application however small, that it could have a detrimental effect on the operation of the till application itself.

Conclusion:

If the same EMV level 2 component is used for all points of acceptance: till, server, kiosk, forecourt payment terminals, self scanning, etc. there are distinct advantages in selecting a software based option from initial integration, ongoing parameter maintenance and EMV software upgrade perspectives.

If certain till software or hardware is incapable of supporting an EMV level 2 kernel, the server option can still provide a software solution for chip and PIN.

If suitable EMV level 2 software is not available from a third party supplier, the in-house development and associated EMV level 2 approval costs can make this option prohibitively expensive.


within the reader

This is essentially a proprietary hardware solution. Although EMV level 2 software runs on the card reader this is seen as firmware and the whole may be regarded as a "black box" option.

The main specific advantages of this choice stem from the encapsulation of EMV level 1 and 2 within a single dedicated box. Therefore:

• it has its own platform and does not require support from till or server other than a simple driver
• software and hardware are already developed and certified to EMV level 1 and 2
• it is a cost effective solution compared with in-house development of EMV level 2 software
• a single supplier is providing EMV level 1 and 2 components
• it does not rely on the store network, till or server and is therefore more resilient

Disadvantages:

Historically, this approach has suffered from an excessive time being taken for the EMV cryptography calculation. This was caused by inadequate hardware inherited from earlier magnetic stripe only terminals. The problem as been solved by a significant increase in processing power and memory of the hardware, but there is still the concern as cryptography keys increase in length in the future, that performance will again become an issue.

This is a proprietary solution with tie-in to the supplier and has the following characteristics:

unless the supplier includes a suitable peer-to-peer driver for integration with the till and EFTPOS applications, integration will require proprietary low level driver development
specific till and server application development is required to maintain EMV configuration parameters in a proprietary manner
EMV functional software upgrades are complex: store network and till application developers are not familiar with software upgrade beyond the till boundary. Dedicated development to proprietary file transfer protocols is often required.

It is not possible to mix and match card readers in the same way: if different card reader types are needed, e.g. for cardholder activated terminals and forecourt, then initial integration, EMV parameter configuration and EMV functional software upgrades may all require their own specific support. Coordinating EMV parameter configuration can become very complex.

Because the reader contains the hardware support necessary for EMV level 2, it becomes a more expensive item with a higher cost of ownership than the simple chip and PIN reader. Furthermore, it can be seen as unnecessary duplication of high specification hardware when equivalent hardware is also available on server or till.

Conclusion:

If till, server or network cannot support EMV level 2, or in-house development of suitable software is prohibitively expensive to develop, then this is option to chose.

This option also applies if there is a requirement to segregate EMV chip and PIN functionality, although it still requires integration and reliance on the resident EFTPOS application's EMV support for authorisation and settlement.

 
 
home | about this site | download | links | contact us | affiliate links