Payment Terminal

Technology is entwined with much of our day to day lives, with no better example than the growth of smartphone adoption, a device now seen as a must-have. Payment and banking is almost unrecognisable from ten years ago with online banking, mobile apps, ‘chip and pin’, contact-less payments and online payments.

At events, however, many attendees often find trying to make a simple credit/debit card payment can be a frustrating and unreliable experience. For ourselves as technology providers ‘credit card machines’ or PDQs as they are known, come top of the list of complaints from event organisers, traders and exhibitors.

These problems not only cause frustration for attendees but also present a serious issue in terms of financial return for traders and exhibitors, and their desire to be present at events. It is well documented that the ability to take contactless and chip & pin payments at events increases takings, reduces risks from large cash volumes and can improve flow and trackability.

So why is it such a problem? Much of the issue comes down to poor communication and misinformation on top of what is already a relatively complex environment. Card payments and the machines which can take payments are highly regulated by the banking industry meaning they tend to lag behind other technology, however, this can be overcome and a properly thought through approach can deliver large scale reliable payment systems.

Bad Terminology

A lot of the confusion around PDQ machines comes from the design and terminology used. Although the machines all look the same there are differences in the way they work. Nearly all PDQs use the design of a cradle/base station with a separate handheld unit. The handheld part connects to the base station using Bluetooth. This is where the confusion starts as people often describe these units as ‘wireless’ because of the Bluetooth, however, their actual method of connectivity to the bank may be one of four different types:

  • Telephone Line (PSTN – Public Switched Telephone Network) – This is the oldest and, until a few years ago, the most common type of device, it requires a physical telephone line between the PDQ modem and the bank. It’s slow, difficult and very costly to use at event sites because of the need for a dedicated physical phone line, however, once it is working it is reliable.
  • Mobile PDQ (GPRS/GSM) – Currently the most common form of PDQ, it uses a SIM card to connect to a mobile network to use GSM or GPRS to connect back to the bank. Originally seen as the go anywhere device, in the right situation they are excellent, however, they have limitations, the most obvious being they require a working mobile network to operate. At busy event sites the mobile networks rapidly become saturated and this means the devices cannot connect reliably. As they use older GPRS/GSM technology they are also very slow – it doesn’t make any difference if you try and use the device in a 4G area – it can only work using GPRS/GSM. As they use the mobile operator networks they may also incur data charges.
  • Wi-Fi PDQ – Increasingly common, this version connects to a Wi-Fi network to get its connectivity to the bank. On the surface this sounds like a great solution but there some challenges, firstly it needs a good, reliable Wi-Fi network. The second issue is that many Wi-Fi PDQs still operate on the 2.4GHz Wi-Fi spectrum which on event sites is heavily congested and suffers lots of interference making the devices unreliable. This is not helped by the relative weak Wi-Fi components in a PDQ compared to a laptop for example. It is essential to check that any Wi-Fi PDQ is capable of operating in the less congested 5GHz spectrum.
  • Wired IP PDQ – Often maligned because people think it doesn’t have a ‘wireless’ handset, but they are actually the same as all the others and have a wireless handset but it uses a physical wire (cat5) from the base station to connect to a network. In this case the network is a computer network using TCPIP and the transactions are routed in encrypted form across the internet. If a suitable network is available on an event site then this type of device is the most reliable and fastest, and there are no call charges.

All of these units look very similar and in fact can be built to operate in any of the four modes, however, because banks ‘certify’ units they generally only approve one type of connectivity in a particular device. This is slowly starting to change but the vast majority of PDQs in the market today can only operate on one type of connectivity and this is not user configurable.

On top of these aspects there is also the difference between ‘chip & pin’ and ‘contactless’. Older PDQs typically can only take ‘chip & pin’ cards whereas newer devices should also be enabled for contactless transactions.

Myth or Fact

Alongside confusion around the various types of PDQs there is a lot of conflicting and often inaccurate information circulated about different aspects of PDQs. Let’s start with some of the more common ones.

I have a good signal strength so why doesn’t it work?

The reporting of signal strength on devices does nothing but create frustration. Firstly because it is highly inaccurate and crude, and secondly because it means very little – a ‘good’ signal indicator does not mean that the network will work!

The issue is that signal strength does not mean there is capacity on the network, it is frequently the case at event sites that a mobile phone will show full signal strength due to a temporary mobile mast being installed but there is not enough capacity in terms of data to service the devices so the network does not work. A useful analogy is comparing networks to a very busy motorway. You can get on, but you won’t necessarily go anywhere. The same can be true on a poorly designed Wi-Fi network, or a well-designed Wi-Fi network which doesn’t have enough internet capacity.

In fact you can have a low signal strength and still get very good data throughput on a well-designed network. Modern systems also use a technique known as ‘beam-forming’ where a device is not prioritised until it is actually transmitting data which means it may show a low signal strength which increases when it is doing something.

On the flip side your device may show a good signal strength but the quality of the signal may be poor, this could be due to interference, poor design or sometimes even weather & environmental conditions!

Wi-Fi networks are less secure than mobile networks

There are two parts to this, firstly all PDQs encrypt their data no matter what type of connection they use, they have to so that they meet banking standards (PCI-DSS) and protect against fraud. The second aspect is that a well-designed Wi-Fi network is as secure, if not more secure, than a mobile network. A good Wi-Fi network will use authentication, strong encryption and client isolation to protect devices, it should also be the case that all PDQs are connected to a separate ‘virtual network’ to isolate them away from any other devices.

You have to keep logging into the Wi-Fi network

Wi-Fi networks can be configured in many ways but for payment systems there should be no need to keep having to log in. This problem tends to be seen when people are trying to use a payment system on a ‘Public Wi-Fi network’ which will often have a login hijack/splash page and a time limit.

A multi-network M2M GPRS/GSM SIM is guaranteed to work

Sadly this is not true, although a PDQ with a SIM card which can roam between mobile networks and use GPRS or GSM may offer better connectivity, there is no guarantee. Some event sites have little or no coverage from any mobile operator and even where there is coverage, capacity is generally the limiting factor.

Mobile signal boosters will solve my problem

Mobile signal boosters, or more correctly signal repeaters, are used professionally by mobile operators in some circumstances, for example inside large buildings, to create coverage where signal strength is very weak due to their construction (perhaps there is a lot of glass of metal which can reduce signals from outside). In the UK the purchase and use of them by anyone outside of a mobile operator is illegal (they can cause more problems with interference). For temporary event sites they provide little benefit anyway as it is typically a capacity issue which is the root cause of problems.

A Personal hotspot (Mi-Fi) will solve my problem

Personal hotspots or Mi-Fi devices work by connecting to a mobile network to get connectivity and then broadcasting a local Wi-Fi network for devices to connect to. Unfortunately, at event sites where the mobile networks are already overloaded these devices offer little benefit, and even if they can get connected to a mobile network the Wi-Fi aspect struggles against all the other wireless devices. On top of that these devices cause additional interference for any existing on-site network making the whole situation even worse.

The Next Generation & the Way Forward…

The current disrupters in the payment world are the mobile apps with devices such as PayPal Here and iZettle. Although they avoid the traditional PDQ they still require good connectivity, either from the mobile networks or a Wi-Fi network, and hence the root problem still exists.

Increasingly exhibitors are also using online systems to extend their offerings at events via tablets and laptops which also require connectivity. An even better connection is required for these devices as they are often transferring large amounts of data, placing more demands on the network. Even virtual reality is starting to appear on exhibitors stands so there is no doubt that the demand for good connectivity will continue to increase year on year.

What the history of technology teaches us is that demand always runs ahead of capacity. This is especially true when it comes to networks. For mobile operators to deliver the level of capacity required at a large event is costly and complex, and in some cases just not possible due to limits on available wireless spectrum.

4G is a step forward but still comes nowhere close to meeting the need in high demand areas such as events, and that situation will worsen as more people move to 4G and the demand for capacity increases. Already the talk is of 5G but that is many years away.

For events, realistically, the position for the foreseeable future is a mixed one. For small events in a location well serviced by mobile networks with limited requirements then 3G/4G can be a viable option, albeit with risks. No mobile network is guaranteed and performance will always drop as the volume of users increases as it is a shared medium. There are no hard and fast rules around this as there are many factors but in simple terms the more attendees present the lower the performance!

For any sizeable event the best approach is a dedicated event network serviced with appropriate connectivity providing both Wi-Fi and wired connections. This solution facilitates usage for Wired IP-based PDQs, Wi-Fi PDQs, iZettle and other new payment devices, as well as supporting requirements for tablets, laptops and other mobile devices, each managed by appropriate network controls.

With the right design this approach provides the best flexibility and reliability to service the ever-expanding list of payment options. What is particularly important is that an event network is under the control of the event organiser (generally via a specialist contractor) and not a mobile operator, as this removes a number of external risks. For those without existing compatible PDQs the option of rental of a wired or Wi-Fi PDQ can be offered at the time of booking.

The key in all of this is planning and communication, payment processing has to be tightly controlled from a security point of view so it is important that enough time is available to process requests, especially where temporary PDQs are being set-up as they often require around 10 working days.

10608611895_e542f1c904_k

Easter always marks a transition point for us – from delivering service primarily to indoor events to the large scale outdoor events. With Easter chocolate consumed there is a rapid ramp in activity both internally and from our customers as plans are finalised and delivery commences in what becomes a back-to-back run until October.

Every year there is talk of ‘the next big thing’ and exciting technologies on the horizon but in reality at the sharp end of delivery the evolution, rather than revolution, of key services is just as important. So with the summer ramp about to start here are four key event technology areas to focus on.

Connectivity

It all starts with connectivity and if one thing is certain it’s that events need more capacity each year. From the data we have gathered over the last eight years you could probably build a complex theorem about the increase rate but in general we see a need for at least a 25-35% increase year on year, and often more depending on what additional services are required. Lack of internet capacity on site remains one of the most common and frustrating issues at events and this is normally down to a lack of budget or not spotting potential issues like high usage due to a mobile app or streaming.

There are trigger points at which existing services such as ADSL, FTTC (the next generation of ADSL), satellite and certain fibre services become limiting and need to be replaced with higher capacity solutions and many of those services can have significant lead times so it is important to plan connectivity as soon as possible.

Payment Systems

The debate around traditional ‘chip & PIN’, closed loop payment systems (wristbands) and open loop systems (‘contactless’) may be ongoing but it doesn’t really matter which route you choose; attendees, exhibitors and traders simply want payment systems that work.

Early, clear communication on what solutions are available at an event is critical as traders and exhibitors need support through this somewhat complex & confusing area. Expecting mobile GPRS payment terminals to work reliably on a crowded event site is crazy and can have a significant impact on revenue.

System Integration

Each year the integration between different aspects of technology at events becomes more complex and the need to coordinate and manage all the different requirements becomes more important. From the basics of wireless spectrum management & access control, to the adhoc needs of sponsors, audio & broadcasters, each requirement can have an impact on the success of an event so the sooner it is identified the better it can be dealt with.

Safety & Security

The area of safety and security breaks into two areas – the use of technology to help manage and secure the event, and the security of the technology itself.

Sadly, hacking isn’t just something that happens to governments and large companies, it is a continuous real threat. Externally we see frequent attempts to access services and systems from locations such as Russia and China. This is going on all the time across the internet and event sites are just as prone to access attempts as any other internet node.

Risks also exist within an event site, generally from people just trying to access Wi-Fi networks but sometimes the intent is more sinister. With so many critical services running on event networks maintaining appropriate security is essential. Encrypted, managed networks, strong authentication, intrusion detection, client isolation and firewalls are just some of the techniques required to keep the network secure.

Using technology to keep an event site physically safe and secure has become increasingly important over the last few years. The obvious aspect is CCTV with high definition cameras capable of excellent detail and response but there is much more available to organisers. Visibility of real-time access control data from gates, scans of social media streams, Automatic Number Plate Recognition (ANPR) of vehicles entering a site and ‘heat mapping’ of devices across an event site can all be combined to provide an insight to event control of what is happening on site.

Event technology has already come a long way from just being about internet access and it continues to evolve rapidly but this evolution and dependence requires an increased focus on planning to ensure it all comes together seamlessly.

NFC contactless are the next evolution

“Smartcard to wipe out cash”, a headline which sounds like it may have been used any time in the last few years, is actually taken from the Evening Standard in 1993 just before the launch of Mondex, one of the earliest smart card cashless payment systems.

Launched in Swindon, UK Mondex promised to revolutionise payments using what today is known as a ‘closed loop’ system where money is transferred to a smart card containing a chip and the card is then used to pay for items using a special reader until the virtual cash is used up.

It sounded great and launched to much fanfare but four years later it quietly disappeared never to be heard of again. Its lack of success is generally cited as being down to the hassle of loading the cash, the limited locations at which it could be used and the infrastructure required to support it. Soon after this chip & pin started to emerge offering an ‘open loop’ solution whereby the cash is debited directly from your bank account and within a few years this became the norm.

Skip forward twenty years and it feels like we are seeing history repeat itself.

For the last five years or so the talk of cashless payment at events has fuelled many a debate but the implementation and adoption in the UK at least has been very slow and fraught with issues. The basic idea has been the same as Mondex all those years ago – a closed loop system with the chip (now wirelessly contactable) typically embedded in a wrist band rather than a card.

Many of the same challenges still exist today – the hassle of adding credit to the wristband, the dedicated infrastructure required, limited areas of acceptance and redeeming unused balances. Then there is the user aspect, many of the benefits are for the organiser and promotor rather than the attendee. This is coupled with attendees having concerns about too much information being made available to the event about their purchases and payments.

The aforementioned issues with closed loop systems have allowed the next generation of open loop contactless systems to gain adoption at a much faster rate. Open loop contactless using an existing debit or credit card is a natural progression from chip & pin and removes many of the hurdles seen with closed loop. It is quite telling when one of the world’s largest closed loop systems – Transport for London’s Oyster card – is now moving to an open loop approach.

What is interesting is that in some countries there has been higher adoption of closed loop – the US for example. The US were much faster to the chip & pin party but have been behind the curve on contactless and this may have left a window for closed loop in the short term.

The question is where does this leave events who have several drivers to move to a cashless environment. With the rapid adoption of open loop contactless in day to day life coupled with several disrupters like Apple Pay, Android Pay and PayPal Here, all of which use an open loop approach with NFC (Near Field Communications) embedded in smart devices, the modern generation of event goers will move to the trusted services and closed loop will quietly die away.

What remains is the challenge at events in terms of how to deal with smart reader based payments as the infrastructure cost can be a hurdle to adoption. There are several components to this:

Universal Payment Terminals – The banking world needs to move faster in providing good quality payment terminals that are certified across multiple methods of communication (wired, Wi-Fi & mobile data) and multiple payment methods (chip & pin, contactless & NFC). Today different terminals have to be used depending on the connection method and payment type which means merchants have to hire terminals for use at events because they cannot use their normal terminal. A universal terminal would also make deployment on event sites much easier and cost effective.

Merchant IDs – Many smaller traders at events do not have the magic ‘Merchant ID’ required to set-up card based payment terminals. Merchant IDs are controlled by payment houses and can be costly and complex for very small businesses so a better mechanism is needed to facilitate access to open loop systems for those traders. This sounds like an easy area but it has some complexities due to money laundering issues. Systems such as iZettle help with this but carry (generally) higher fees.

Access to Data – A difference between closed loop and open loop for a promotor or organiser is the ability to easily access usage data. As closed loop is in the control of the organiser they get full visibility (although this can be seen as a negative by attendees). With open loop the data is held by the payment providers so to get a better view across the entire event (involving many merchant IDs) some form of agreed consolidated reporting would remove the concerns organisers have about visibility.

Providing Infrastructure – Open loop systems tend to have a slightly higher requirement when it comes to readers being connected to a network (although many closed loop systems are not as offline as promoted). A modern event has such high requirements in other areas for connectivity that adding in payment systems is not the concern it once was. It is now well accepted that providing access to contactless card based payments drives a higher spend so it should be recognised that an increased spend on infrastructure will reap returns overall.

In the last few years we have seen a rapid swing to providing a resilient payment environment across events and the feedback is very positive – fast and easy transactions, and an increased spend by attendees. It just needs more support from the banking world to resolve the last few issues and make the cashless (or near cashless) event a reality.

Notes:

Swindon Advertiser – How Smart was that?

Chip and pin is part of our lives. Four digits and a piece of plastic is all that’s needed to pay for anything from a morning coffee to that expensive watch for Christmas (you have got all your presents by now – right?!) The chip and pin terminals or PDQs (Process Data Quickly) have become the staple of any company who want to take larger payments at events. As the cheque looks destined to bow out (perhaps?) shortly we take a quick look at some of the key points of PDQ machines in a mobile environment as they can be the cause of much pain.

Merchant Account – Anyone who accepts payments from a card needs a merchant account. Issued by the banks it can be a lengthy application process so leave plenty of time when applying. In our experience to keep a merchant account live you’ll need to have a PDQ of some type – this is typically a phone line based model you can keep in the office. The merchant account and terminal rental have a monthly fee normally around £20.

Transaction Fees– The downside of card payment are the transaction fees, typically for credit cards these are around 2.5% of the transaction amount. For debit cards the fee is normally a fixed amount of around 35p per transaction.

Mobile Terminals – If you are going to be using your PDQ out and about all the time then go for a mobile terminal as your default instead of a telephone line based model. The main reason people don’t go for these all the time is because mobile units (by which I mean GPRS connected) have a higher monthly charge just like a cellular data card.

Wi-Fi Chip and Pin Machine

Wi-Fi Chip and Pin Machine

GPRS Connectivity– When looking at a mobile terminal you’ll need to select the right type of connectivity to keep it working. A GPRS terminal works in a similar to a cellular Internet data dongle. Connected to the cellular data network the unit will work anywhere with mobile phone reception for whichever mobile operator you select. This is great for smaller stands who operate at venues or locations where the amount of attendees is not excessive, by which I mean the cellular network will continue to operate. The issue here is as the attendee numbers for the event increase the mobile phone network becomes slower to respond and may become overloaded. We have all experienced not being able to make calls at big events – the same problem exists for the GPRS terminal – it will just stop working, often at a critical point. In 2010 we have seen a significant rise in the number of events that have experienced problems with GPRS devices due to the network being overloaded.

Wired/Wi-Fi Connectivity – The latest PDQ units are now shipping with Wi-Fi or cabled network connectivity built in. For those people who work at large events when the mobile phone network is not reliable this type of connectivity is a reliable way of ensuring you can continue to process transactions regardless of the mobile phone networks. The challenge here is the event needs to have a Wi-Fi or wired network in place – many of the larger events now do but the best thing to do is check beforehand.

Short Term Terminal Rental– Many companies like the option of renting PDQ machines for a short period, especially for events where they need Wi-Fi or GPRS units. There are several companies that rent units (including ourselves) but it is important to note there is a lead time of around 14 days to get your merchant id added to the temporary unit and some banks have additional restrictions which need to be removed. For PDQ rental you still need to have your own merchant id.

So whatever choice you make a PDQ terminal can be invaluable for any business on the road. Increased transaction amounts and greater security are just some of the obvious benefits but beware the pitfalls and make sure you plan well in advance of when you need the service operating. As always we are happy to provide advice on types of machine, connectivity, pros and cons etc. to help you make the right decision for your business.