THE ENTERPRISE POINT of sale is changing. It is becoming increasingly mobile and payment is being integrated together with other functionality. One of the new breed of mobile payment tablets is Albert, launched by AEVI in Australia last year. AEVI, a subsidiary of Wincor Nixdorf AG, jointly developed the tablet with the Commonwealth Bank of Australia and design company IDEO. Part of the genius suite of terminals and named after Albert Einstein, the Albert tablet includes a card reader, receipt printer and module to encrypt touchscreen PIN entry. It was the first PCI-certified touchscreen payment terminal.
PIN ON GLASS
PIN on glass, or PIN entry on a touchscreen, has been a technical challenge within the industry for some while. Mobile point of sale (mPOS) solutions typically circumvent this by pairing a mobile phone with a hardware accessory via a physical or wireless connection.
Consumers enter their PINs on the mPOS hardware accessory, which encrypts all card data to pass on to the merchant’s mobile device. This helps to keep the costs of card acceptance for small merchants down. And does not require any hardening of security on the mass market consumer devices that merchants may own.
PIN entry on a touchscreen has been possible for some time, according to Jeremy King, international director, Payment Card Industry Security Standards Council (PCI SSC). “However this is PIN entry into a PTS-approved (PIN transaction security) device, which includes a security assessment of the actual touchscreen, and the methods used for translating the touchscreen into PIN digits,” said King.
“The PCI PTS evaluation programme is a thorough security evaluation of the point of interaction (POI) device. This assesses the physical security, logical security as well as additional testing on specific items, such as the secure read and exchange of data (SRED), used during point to point encryption,” continues King.
In conversation with PCM, Peter Spee, director, platform business and business development, AEVI explained how Albert was approved for PIN entry on a touchscreen.
“We have modified the Android kernels as well as the entire Android stack to increase its security. This includes the handling of data, access to data storage and networking capabilities to ensure that whenever data is managed on the Albert device and its hardened environment, there is no possibility for any third party to access the secure layer to obtain sensitive data,” he said.
“Additionally, the hardening of the Android device comes with monitoring capabilities for our customers. This allows them to ensure that the security of the device is updated automatically in the case of new vulnerabilities. We can also secure the devices, disable access, networking connectivity and so on.”
All these things are under the umbrella of hardening. Consumer devices do not have this entirely. They are open and when they connect to a WiFi access point, this exposes them to all sorts of threats.”
ACCESSIBILITY FOR BLIND AND PARTIALLY-SIGHTED PEOPLE
How does PIN entry on a touchscreen work for blind and partially-sighted people? A traditional PIN pad has raised buttons and a tactile element, usually on the middle button ‘5’. A blind or partially-sighted person can recognise the other digits from this centre position.
“We have simulated this on glass. As soon as the blind or partially-sighted person touches the Albert when in accessibility mode, this will be considered the centre position. By swiping the screen from that centre position, they can enter their PIN,” said Spee.
This patented PIN entry method based on swipe motions conforms to accessibility laws in Australia and Germany. It is undergoing accessibility testing in other markets.
ALBERT GOES GLOBAL
After a six-month pilot, the Commonwealth Bank of Australia launched the Albert tablet and the open-source app marketplace in March 2015. Close to 37,000 devices have been deployed so far.
AEVI has recently confirmed strategic partnerships with Wirecard and Evo Payments International to roll out Albert terminals in Europe.
Work is underway on US roll outs. “We are planning major activity in the US because we believe that Albert will only be global, if we are successful in the US and have a marketshare there,” concluded Spee