EMV has been a disaster of a payments mandate. Personally we’ve always thought EMV was a way for the card networks to pile more risk on hapless merchants while simultaneously earning more revenues for themselves. (We’re not the only people to think this, for the record.) #Powerofalegislatedmonpoly.
Even so, too many POS companies have had a difficult time making EMV work with their legacy code. This comes more than three years after the liability shift took effect, and more than five years since the pending changes were announced to industry stakeholders.
Shift4, however, may have finally solved this problem at a larger scale.
First we should understand what made EMV so complicated. We’re going to copy-paste from Money Crashers because they do a good job explaining the technological changes necessary to accommodate EMV cards vs traditional magnetic swipe cards.
Traditional magstripe credit cards are encoded with static payment information. When a magstripe card is stolen, the thief can immediately use it to make unauthorized transactions, then discard it with little risk of detection. The same principle applies to card information stolen by credit card skimmers or computer hacks that unlock massive troves of credit card numbers. Thieves can use these valuable bits of data themselves or reap tidy sums by selling them in bulk to other bad actors, including credit card counterfeiters.
EMV cards contain a computer chip that functions as a miniature processor and transmitter. Unlike traditional magstripe credit cards, the information contained on these chips is dynamic. Each new transaction produces a new, unique transaction code (also known as a “token”) using the principles of cryptography – similar to the complex mathematical architecture behind cryptocurrencies. No two transaction codes are ever repeated, so each code becomes useless following the completion of the transaction it represents. Were a sophisticated thief to steal a particular code from a particular point of sale, the code would have no value at any point in the future, with or without the card that created it.
EMV credit card information can be stored in mobile wallets, such as Apple Pay and Android Pay, and used to make mobile contactless payments. Even though the physical chip is not read as part of the mobile payment process, the stored card nevertheless creates the same unique, secure transaction code for every new transaction.
https://www.moneycrashers.com/emv-chip-credit-cards-technology-security/
An added layer to this complexity is that EMV solutions, at least in table service restaurants where the POS is not directly in front of the customer upon checkout (i.e. the server would conventionally run your card to the POS, swipe it, and return with your check for signature), were unable to be tethered to the POS.
These “issues” meant that POS companies, which until recently were really just hardware companies that overcharged for shitty software and support services to fix their constantly-breaking software, failed to get EMV working by the October 2015 liability shift deadline.
Color us surprised.
Now that many of the legacy POS companies are owned by larger payments companies with material balance sheets, some progress is being made (note: many payments companies are not more innovative than the legacy POS assets they acquired). Regardless, this is a good thing if for nothing else that it combats the steep rise in chargebacks, or refunds requested by consumers who game the system and know that merchants are now on the hook for purchases made with card swipes, not EMV dips.
In Shift4’s case, they’re breaking down the barrier to paying at the table (PATT) with pretty broad applicability. Enter Skytab.
Skytab is using a Pax A930 device. While the Pax A920 is widely available, Shift4 has the exclusive rights to the device in the US. “We chose the A930 because it has a better screen for tableside payments and food ordering, a more powerful CPU, and the ability to work in extreme temperatures (up to 122F – think golf course, resorts),” shares Mike Russo, Shift4’s Chief Development Officer.
Like Toast, Skytab offers a lot of business benefits to a merchant that picks it up. For starters, customers can check out, choose an option of having a printed or digital receipt, and even take a survey that immediately alerts the manager via SMS/email if there’s a low rating (i.e. head-off a bad Yelp review). Russo explained that they they wanted a device that was fully-integrated for the merchant and would prevent the server from going back and forth to the physical terminal. “We also recognize how important customer data is becoming and believe our PATT approach is a great opportunity to enable our merchants to capture that data to be more successful.”
To better understand the robustness of Skytab a decent comparison would be a Ziosk or e la carte solution: tablets that sit on the table tops of full service establishments and have a lot of functionality for guests. The downside of the robustness is the cost, which Shift4 thought would be prohibitive for most merchants. So Shift4 cut out some of the functionality with an 80/20 approach and made it mobile.
“With the initial release we are including reordering of items from the device. We will be adding a unique full ordering solution later the year that also can be easily integrated with most POS platforms,” Russo stated.
Perhaps the beauty of Skytab’s approach is the elegance of integration. Many of the solutions that are out there require loads of middle ware. Not only is this more expensive for the merchant, but it comes with unwanted technical risks: anything in the integration chain can break and cause problems.
“POS integration is really difficult. This is has made table-side ordering expensive. Look at NCR’s Orderman for an example.”
Mike Russo, Shift4 CDO
NCR’s Orderman isn’t the only pricey PATT solution either; here’s a list of costs of other PATT providers that are targeting Aloha, which is a disaster even outside of EMV right now.
At any rate, a real barrier to PATT adoption has been cost. If you’re a Shift4 customer (gateway or processing) there’s zero cost for Skytab. “There’s going to be a limit on free devices obviously but we’re still figuring out what that number is.”
Skytab will ship preconfigured and will work with all of Shift4’s POS assets – and Micros, where Shift4 is an Oracle Payments Partner – out of the gate. Are you a POS ISV that doesn’t have a PATT solution yet? Skytab comes with an open API (with documentation we’ve already reviewed) that anyone can use. “It’s all about tips and turns,” says Brendan Lauber, Shift4’s co-founder and CTO. “Servers and the merchant make more money if tables turn faster and we’re excited to bring this capability to our POS brands and partners.”
Because Skytab is a validated P2PE solution it can connect to normal wifi without PCI compliance concerns. In other words, there’s no special configuration needed to make the devices compliant with your internet – true plug-n-play. It even has a SIM card so it can work on a cellular network should wifi fail.
The catch? Skytab is semi-integrated and the device calls out to Shift4’s gateway, so it only works through Shift4’s gateway and processing. Shift4 will need to certify use of their gateway with another processor should you want to bring your own. As EMV has shown, these certification can take months and are out of Shift4’s control.
We thought we’d leave you with an interface comparison to remind us how bad PATT has been.
Add comment