POSDATA Now PCI Certified for P2PE Key Injection

GIG HARBOR, Wash.–(BUSINESS WIRE)–POSDATA Group, Inc., a leading North American distributor of secure payment devices, announced today that its Louisville, Ky. facility has been Point-to-Point Encryption (P2PE) key injection certified by the PCI Security Standards Council. POSDATA provides payment solution providers with comprehensive deployment services, including device configuration, key injection and secure key management, to help merchants achieve Payment Card Industry Data Security Standard (PCI DSS) compliance, while minimizing assessment scope.


According to Jeffrey Creighton, POSDATA chief executive officer, “POSDATA is committed to delivering deployment solutions and services that provide quick and cost-effective access to PCI-compliant payment solutions.” Creighton added, “This certification was made possible by secure business processes put in place over the years, along with an outstanding staff that is focused on delivering the latest in payments technology.”


In addition to payment equipment distribution, deployment and key injection and management services, POSDATA logistics services include device configuration, customer-owned and consignment inventory warehousing, custom reporting, warranty programs, advance exchange programs, equipment repair, device upgrades and e-waste recycling.
For more information on P2PE key injection and other POSDATA services, please telephone +1.800.852.3282 or email sales@posdata.com.

POSDATA

Control Solutions Announces Company Name Change

Control Solutions, Inc. announced today that it will be named POSDATA Group, Inc., effective immediately. The name change is part of a re-branding initiative and corporate restructuring.

“The rebranding will allow us to better leverage our marketing efforts and create a greater impact on the market” said Jeffrey Creighton, company President.  “All parts of the business will now go to market as POSDATA Group as we emphasize our leadership position in providing a full range of transaction processing technologies.”

The automatic identification, mobile computing and wireless networking part of the company, previously doing business as Compsee, will operate now as POSDATA Group – AIDC.

Bill McCubbins, Executive Vice President, will be responsible for managing sales of all product lines.   In addition to AIDC products, POSDATA Group markets payment systems and devices, managed services such as logistics, deployment and key injection, and mobile software solutions for field data collection.

The name change will be phased in across all aspects of the business in the relatively near future.

About POSDATA Group

POSDATA Group is a leading payment systems distributor as well as a nationwide AIDC VAR and integrator.

POSDATA Group provides AIDC, mobile computing and RF systems, labeling systems and data collection solutions for a variety of markets, including manufacturing, distribution, transportation, retail, construction and healthcare.

POSDATA Group is also the most knowledgeable and trusted distributor of payment systems and devices in the United States, with full key injection and deployment capabilities.

—-

A downloadable version of this press release is available here.

For inquiries, contact Mike Kapp
POSDATA Group, Inc.
1-800-852-3282
mike.kapp@posdata.com

Managing the Rollout and Repair of Payment Devices for Fitness Centers

Case Study Industry Focus: Fitness & Health Clubs

Over 50 million people across the United States are members of a local fitness center. Since no fitness center is free (that we’ve heard of!), that means over 50 million payments transactions happen on a regular basis on gym payment devices. Considering that many fitness centers are franchises with thousands of locations country-wide, it is highly important that member data is kept secure company-wide and that payment devices are standardized at all locations.

2015 was the year when forces combined to demand a transition away from magnetic-stripe cards to cards equipped with EMV technology (“Europay, MasterCard, Visa). These cards come with a small computer chip that drastically increases security. As of October 2015, businesses that don’t have an EMV processing device could be held liable for fraudulent card transactions originating from their business. Like many industries, the fitness & health club industry has been scrambling to work with payment solution providers like POSDATA to ensure large-scale EMV transitions are handled professionally and efficiently.

Case Study: The Problem

Every fitness center across the United States needs to accept payment information from their members. Not only does payment information have to be handled securely on-site, but recurring membership dues often are managed by an in-house software solution. With changes in EMV technologies and the 2015 liability shift, it became more important than ever that the software solutions gyms use company-wide are standardized and secure.

While some of this liability falls on the gyms themselves, the impact is felt just as strongly by the companies distributing software and payment technologies to gyms across the United States. In 2014, a software developer and major distributor of software/payment technologies to gyms foresaw the impending changes in EMV requirements. They alerted their standard supplier of payment devices that all future payment devices would need to be upgraded to meet EMV requirements. The payment solutions supplier was happy to sell them more units, but realized that this corporate-wide rollout of thousands of payment devices would require a managed services supplier to oversee the rollout and handle ongoing repair issues.

Case Study: The Solution

POSDATA Group’s technology prowess and ability to handle security solutions at scale made them the ideal partner to manage this operation. As a managed services provider, the first task was to stage thousands of new payment technology units and standardize them for use across all fitness center locations. Units had to be pre-configured and prepared in a way that made them usable right out of the box. Each payment device was loaded with the point-to-point keys and the pin encryption key that met the new EMV requirements. The appropriate cable and power supplies were combined with the solution and shipped to each individual destination. Once the units were prepared, they were placed in a unit pool awaiting a Purchase Order. Upon receipt of the Purchase Order, the units are packaged and shipped directly to the gym from POSDATA’s centrally located facility in Louisville, Kentucky.

Equally important, POSDATA offers an advance exchange program to facilitate ongoing device repairs. The POSDATA team set up an online portal that can receive information on any faulty device. If a payment device at any of the gyms nationwide experiences an outage, POSDATA is alerted via the online portal and immediately ships a functional device to the gym from the asset pool. The gym receives the new device and ships the faulty unit back to POSDATA in the same box. Upon receipt of the faulty unit, POSDATA’s tech team repairs the unit if possible and puts it back into the asset pool for eventually distribution back to a gym. This advance exchange system minimizes downtime and is very cost-effective for all parties.

As a longstanding leader in the payment services industry, POSDATA Group has evolved over the years to be able to easily accommodate requests of any volume from our clients.


 

This article originally appeared in a PDF case study. Download it here.
© POSDATA GROUP 2016

Meeting EMV Requirements in the Hospitality Industry

Half of credit card fraud happens in the United States, often as a  direct result of magnetic-stripe cards that are easy to counterfeit or steal data from. 2015 was the year when forces combined to demand a transition away from magnetic-stripe cards to cards equipped with EMV technology (“Europay, MasterCard, Visa). These cards come with a small computer chip that drastically increases security. As of October 2015, businesses that don’t have an EMV processing device could be held liable for fraudulent card transactions originating from their business. Few industries are unaffected by this liability shift, and as a result there has been a scramble to work with payment solution providers like POSDATA to ensure large-scale EMV transitions are handled professionally and efficiently.

Case Study: The Problem

In the hospitality industry, every business decision centers on providing first-class, personalized service to every guest. Part of this first-class service is ensuring the security of all guests. In October of 2014, a major provider of hospitality property management software systems realized they would need to adapt to the heightened EMV requirements to ensure the users of their software (hotels & spas) were keeping their guests’ payment information secure. The provider began with a full review of the payment systems that interacted with the technologies they provided to their clients. The review revealed numerous improvements that would need to be made in the systems they installed at hotels and spas nationwide. Unlike a small business that could quickly replace just a few aging POS systems, the provider was looking at a large-scale upgrade for nearly 2000 different properties.

The provider first turned to Ingenico for assistance in the migration to EMV-compatible systems. Ingenico advised them that a third party payment solution specialist would be critical in overseeing the successful configuration and deployment of such a high quantity of terminals. They recommended POSDATA as their third party solutions provider because of a history of excellence in being knowledgeable, consultative and perfective in the rollout and ongoing management of payment technologies.

Case Study: The Solution

It was critical the new payment terminals being deployed to the locations were standardized company-wide and pre-configured to operate perfectly right out of the box. POSDATA provided custom-configuration, staging and deployment of the terminals straight from their Louisville, Kentucky headquarters. Each device was loaded with the point-to-point keys and the pin encryption key. The appropriate cable and power supplies were combined with the solution and shipped to each individual destination.

Equally important, POSDATA offered ongoing managed services for these end users. Now whenever a property needs to purchase new devices or repair their existing payment terminals, they can call POSDATA directly to handle everything. POSDATA is able to recommend the ideal combination of payment technologies for each location, all while ensuring all EMV requirements are taken in account and built into the final solution.

As a longstanding leader in the payment services industry, POSDATA has evolved over the years to be able to easily accommodate both high and low-volume requests of our clients. We are proud of our ability to manage so many moving pieces and keep our clients happy and secure.


The preceding article is available as a printable case study. Access it here.

Report from the National Retail Federation Show

POSDATA once again had a booth at the National Retail Federation (NRF) show in New York.  Another large turn-out of more than 33,000 retailers and exhibitors.  By all accounts it was a good show for everyone.  There is optimism about the future of retail, both online as well as brick and mortar.  POSDATA is excited about the possibilities for this coming year as well.  If you didn’t have a chance to stop by our booth, feel free to call Patricia Howe at 253-255-2960 and she can explain our Managed Services offerings and how we can help you.

NRF-Show-POSDATA

How POSDATA Simplifies the Payments Industry

The payments industry is often very complex and confusing. Choosing the best payment product, ensuring proper encryption of payment devices, and understanding PCI compliance issues can be a Herculean task. Having a well-informed partner who understands industry complexities and can help VARs serve their end users is the mission and purpose of POSDATA.

If you are unfamiliar with POSDATA, here are ten key points about our credentials and how our expertise takes the mystery out of payment terminals for our channel partners and their customers.

  1. POSDATA’s total focus is on payments and supporting the channel and their customers with their payment requirements
  2. POSDATA is not a box mover of other types of POS or Auto ID products. We are a value-added distribution company specifically focused on the payment industry
    • POSDATA sales and support organization work hand and hand with our channel partners and their customers to help select the right payment product for their specific retail application
  3. POSDATA Sales and Support Team have over 100 combined years of experience in the payments industry
  4. POSDATA Provides end to end technical support to the channel and their customers with regards to the integration of payment products
    • POSDATA Sales Engineers have expertise in EMV, P2P, Government WIC programs by state, PA-DSS 3.x, Firmware & File loading
  5. POSDATA, for over 20 years, has been a PCI Compliant Encryption Service Organization
    • POSDATA adheres strictly to all PCI PIN and TR-39 guidelines
    • POSDATA is audited several times a year by both internal and external auditors
  6. POSDATA is a VISA® registered Encryption Service Organization with sponsorship by one of the largest VISA members in the Debit Networks
  7. POSDATA has one of the largest selections of PIN encryption debit key libraries available in the industry
    • POSDATA offers end-to-end card read encryptions and PIN PAD encryption/injection
    • From 3DES (TDES) and remote key injection to tokenization POSDATA works closely with its channel partners and our terminal OEM’s to provide the channel and their clients with the latest encryption solutions
  8. POSDATA carries inventory for all the major payment terminal OEM including accessories such as stands, cables, stylus, and power supplies.
  9. POSDATA works with its channel to provide inventory management programs, deployments to specific multiple locations based on a specific installation timeline, and on-site installation services
    • All services are carried out in POSDATA’s 50,000 sq. ft. facility located next to the UPS’s major hub located at the Louisville, KY International Airport.
  10. POSDATA is an active member of the RSPA and services on their Data Security Payment Card Industry committee

A Guide to Payment Industry Acronyms

The payment industry is chock-full of acronyms and abbreviations to describe the often complicated technologies surrounding electronic payment transactions. We have worked in the industry for many years and even we have trouble keeping up with the latest acronyms and their definitions. To help clear up the confusion among our customers and friends in the industry, we have put together this list of the most important payment industry acronyms.

Acronym Definition
ANSI American National Standards Institute- A non-profit that oversees voluntary consensus standards for US products, processes and systems. Encryption key transfer, storage and injection asre subject to ANSI Standards.
API Software Application Interface- a set of routines, protocols and tools for building software applications.
Contactless See NFC
CurrentC See MCX
E2E See P2P
EBT Electronic Benefit Transfer. Usually refers to SNAP (Food Stamps) or On-Line WIC
EMV Europay, Master Card and Visa joint venture which created the original standards used for Smart Card payment transactions.
Form Agent Verifone Mx Terminal application
FPE Forms Processing Engine- Equinox’s L Series Terminal Application
IK Integration Kit- Used to integrate a pos system to a payment termial’s default application
ISO International Organization for Standardization – International standard setting body composed of representatives from various national standards orgs.   ISO created standards for Credit auth messaging (ISO 8583 for example) and NFC communication messaging ISO 14443 and ISO 18092.
ISO Independent Service Organization – an entity that specilaizes in the sales, repair and maintenance of another company’s equipment.
ISV Independent Software Vendor
JPOS JPOS is an open source library which is used on variety of POS and Payment applications. It can be used on PC’s or Browser based applications
KSI Key Identifier First 10 digits of the KSN
KSN Key Serial Number- Generate and sent with each encrypted PIN Block. Identifies the Key to the host processor.
MCX Merchant Customer Exchange- a group of large retailers and banks who are developing a product called CurrentC. A mobile wallet similar Apple Pay or Google Wallet to that used QR barcodes rather than RFID to pass payment information. Notable retailers involved are Sears Holdings, 7 Eleven, Wal Mart, Rite Aid, Best Buy and Exxon Mobil.
MSR Magnetic Stripe Reader
NFC Near Field Communication also knowsn as RFID or Contactless. Uses a chip embedded in a card, fob or smart phone and an antenna that emits a low level electrical charge. The charge powers the chip, which then transmits the customer’s data to the antenna. There are two standards in use today for payments ISO 14443, which is used commonly for one way communication to transmit credit card data and ISO 18092 with is used for two way communication for EMV and couponing on Mobile Wallets
OEM Original Equipment Manufacturer-Generally in the payment world OEM refers to the company that makes a part or device that is sold by another company. For example MAG TEK makes an MSR for an Equinox terminal. Mag Tek refers to Equinox as an OEM.
OPOS OLE for Retail POS- a platform specific version of Unified POS, mainly used on Microsoft Windows operating systems
P2P In the payment industry, this refers to Point to Point Encryption. Customer account data is encrypted at the swipe and decrypted at either a retailers switch, a payment gateway or by the processor depending on the scheme. There are several schemes in play using various encryption methods.
PA-DSS Payment Application Data Security Standard. PCI Standards concering Payment and POS applications.
PCI Payment Card Industry. A council made up of termial manufacturers, processors, card brands and security experts from the payment industry. This group sets all the standards and practices regarding securing payments, applications and networks.
PCI -DSS Data Security Standard – PCI standards for payment card data security.
PCI-PTS PIN Transaction Security- PCI Standards on debit pin entry and encryption on atteneded and unattended payment devices. No payment device can be sold, injected with a key or accept pin entry with being PCI-PTS approved.
PKI Public Key Infrastructure a system developed by RSA that uses a public key certificate in a device that is signed against a private key kept on a secure host to authenticate applications, devices and some P2P schemes.
QR Code A Quick Response code. Resembles a barcode and can be imaged by a Smart Phone for advertising or for payment info. See MCX.
RBA Retail Base Application- Ingenico’s original terminal application, still in use. It is the more robust of the two that they offer. Some terminal features only work with this application.
RFID See NFC
RKI Remote Key Injection
RSA Rivest, Shamir and Adelman, developers of the most commonly used Public Key algorythm. See PKI
Saas Software As A Service
SDK Software Development Kit- Used to create applications to run on payment terminals.
SNAP State Nutritional Assistance Program – USDA Food Stamp Program
SRED Secure Reading and Exchange of Data. Created by the PCI Council to provide terminal manufacturers and ISV’s a secure criteria to use in support of P2P.
SVC Stored Value Card = Gift Card or Card issued for refunds
UIA Ingenico’s application that works with OPOS, JPOS and UPOS standard POS applications.
Unified POS See UPOS
UPOS Unified POS is a world wide ISV and retailer driven set of Open Standards developed with the National Retail Federation to provide vendor neutral software application interfaces (See API) for point of sale peripherals. The goal being to allow retailers freedom of choice in selecting hardware.
VHQ Verifone HQ- Estate Management Software
WIC – Off Line WIC redeemed via Smart Cards. WIC Prescription is written to the Smart Card at the State run clinic and is decremented by the POS as items are purchased without going up for auth at a host. Retailer creates a settlement file and submits to State for payment.
WIC – On Line WIC redemption using msr / PIN based system managed by a processor. Every transaction is set up to the processor for approval. Processor reimburses the retaler for the State.
XPI XPI is an application developed to add EMV support to Form Agent.