Developing EMV POS Solutions to Reduce Fraudulent Liabilities

Developing EMV POS Solutions to Reduce Fraudulent Liabilities

Written by William Dawsey Posted April 10, 2015 by Carolina
William Dawsey

William Dawsey

The rapidly approaching EMV compliance deadline of October, 1st 2015 marks a liability shift to the least secure entity in the payments chain. To aid their customers in the quest to accommodate EMV standards, a transportation in-vehicle technology solutions company presented Chetu with the task to upgrade their Point-of-Sale (POS) offerings.They wanted EMV payment terminals with the applicable ISO standards to accept mag-stripe, EMV, and contactless card functions, programmed with all the appropriate AIDs and support for offline batch processing. Chetu’s software solutions allowed this proprietor to offer secure and reliable POS terminals to adapt to the changing payments infrastructure.

How the Payments Landscape is Changing

Fraudulent charges using payment card information is rampant in the United States and around the world. To combat this dilemma traditional credit and debit cards are in the process of being phased out and replaced by Europay, MasterCard, and Visa (EMV) smart card standards. The cards, which have a contact function similar to an ATM or a contactless function that uses NFC technology, are equipped with a microprocessor chip in conjunction with the traditional magnetic stripe. The chip is able to be used more dynamically to validate a transaction by employing inherent cryptography and tokenization features, making it far more advanced than other card payment technology. The conventional mag-stripe uses a signature and visual inspection to safeguard the use of natively stored personal identifiers. Unfortunately, this data can be easily duplicated and reused. The “chip and pin” cards do not store personal data natively making them difficult to decrypt and counterfeit. They also employ a Personal Identification Number (PIN) validation making them a more secure option.

EMV Smart Card

Although chip and pin cards are widely used abroad, they have yet to be mainstreamed in the United States payments infrastructure. By October 2015 major card networks including Visa, MasterCard, AmEx, and Discover will start imposing fraud liabilities on parties that do not switch to the new EMV standards. For merchants, financial institutions, and fuel dispensers, this means adding new payment technologies at the Point-of-Sale.

  • U.S. fraudulent charges equates to 51% of the total global cost of $13.9 billion in 2013

  • EMV chip and pin cards will be employed to mitigate fraud

  • Shift in liability from payment processors to the least secure entity, those using mag-stripe only POS systems

  • Compliance date for all merchant POS transactions is October 2015

  • ATM owners will be liable for costs associated with counterfeit card fraud in 2016

  • In 2017 the least secure entity for automated fuel dispensers will be held accountable

  • Merchants need to invest in the new payments technology to avoid liabilities associated with fraudulent activity

Verifone Devices

Problems Overcoming the Liability Shift

A client, who is a leading provider of global transportation in-vehicle technology solutions, wished to implement a POS EMV system, to be offered to independent merchant taxi service entities. The inherent problem was that they had to update their current POS systems to alleviate the liability shift from their customers. They wanted to integrate with a leading payment processor that they already associated with, and a certified hardware terminal that supports mag-stripe, EMV, and contactless, which conforms to the following ISO standards:

  • ISO 7816 for contact chip cards in which the chip card communicates with a reader through a contact plate for data exchange between card and reader
  • ISO 14443 for contactless chip card functions in which the chip communicates with a reader over a radio frequency for data exchange between card and reader
  • ISO 8583 to exchange card transaction data between processors, networks, and card issuers

Additionally, Chetu was tasked with the research to find a suitable mobile card reader device that supports mag-stripe, EMV, and contactless card types. The stipulations to be considered while choosing the card readers were:

  • Cost factors
  • Ease of integration (SDK/API availability)
  • OS support (Windows, iOS, and Android)
  • Connectivity (Serial, USB, Bluetooth, etc.)
  • Certification and compatibility with processors to inject keys in order to support E2E (end-to-end) encryption

Furthermore, once the hardware is chosen the following issues needed to be addressed:

  • Implementation of application Identifiers (AIDs)
  • Enable support for offline features

Chetu’s Software Development Solutions

With the extensive research done by the Chetu team the following terminals were found to support the appropriate ISO standards for mag-stripe, EMV, and contactless card functions:

Following the research, it was subsequently decided to select the Ingenico iPP 320 device. With adherence to the aforementioned stipulations this device supports the necessary ISO functions, is First Data certified for supporting end-to-end encryption, is within the proposed budget, and has all necessary features.

With the proper EMV terminal selected it was then imperative to program the AIDs. EMV chips are equipped with an Integrated Circuit Card (ICC) application. These applications hold the identifiers, or tags, that allow different proprietary card issuers, payment processors, and card networks to uniquely interact with different terminals. A card using EMV standards will contain one or more unique AIDs, as well as each payment terminal used will have one or more of the corresponding Identifiers to accept that card. Each merchant has their own payment partners hence terminals offered were programmed with all available AIDs as to be ready to accept a transportation merchant’s payment network partner’s cards.

Additionally, the terminals were programed for offline batch processing for areas where internet infrastructure is unreliable and slow. Static Data Authentication (SDA) allows for offline validation by signature and a batch processing function when a solid connection to the internet is maintained.

Benefits as a Result of Upgrading their Payment Offerings

  • This entity can offer their customers a secure, reliable, and cost effective POS terminal for the transportation industry
  • Allows this company to offer a payments solution that relieves customers from the liability shift
  • Support and receive transactions from multiple payment options including mag-stripe, EMV chip-and-pin / sign, and contactless
  • Allows the proprietor to offer mobile, Bluetooth, and USB connectivity for motility within the transportation industry
  • Allows this entity to offer offline support and batch processing for areas with unreliable internet infrastructure

About Chetu

Chetu is a 16-year old software development provider that delivers world-class software solutions serving entrepreneurs to Fortune 500 clients. With a growing team of highly skilled engineers spread across nine global locations, it is able to provide a modular approach that fits customers’ budgets, yet does not compromise on local interaction or real time collaboration. Beyond providing software resources, Chetu excels in providing industry specific and niche technology solutions for healthcare, retail, finance, telecom, gaming, hospitality, travel, e-learning, supply chain, and many others. Its services include process and systems design, custom application development, business intelligence and reporting, systems integration, mobile plus tablet applications, wearable tech software, as well as testing, maintenance, and support. Chetu’s expertise spans across the entire software technology spectrum.

Contact Information:

Phone: (954) 342-5676 / Email: / Web:

Legal Policy | Careers | Sitemap | Feedback | Contact Us

Copyright © 2000- Chetu Inc. All Rights Reserved.