The Industry Group Announcement

The Industry Group is a network of news dedicated to technology in the self-service market. This includes websites, magazines and social sites such as LinkedIn

Here is a list of news we cover:

Magazines We Publish

Video Channels

Images

Email

Antibacterial Touch Screen Antimicrobial Treatment

AntiBacterial Kiosk Touch Screen

touchscreen suppliers

touchscreen suppliers

From Kiosk Industry March 2020 — One of the notes we will stress is that purchasing antimicrobial coatings for your touchscreen really serves no purpose except for what we call “hygiene theater”.  If it makes customers feel safer then that is its purpose.  Antimicrobial coatings serve to inhibit germs, and given enough time actually encourage them to die.

The problem is you are assuming the touchscreen will not be used in the meantime (or with oily fingers).  

Ultimately, in order to provide a clean environment for customers, a little soap and water every day is the most effective (99%) solution available.  Screens should be cleaned every day in any case.  Tell your customers you have antimicrobial treated screens but don’t spend another $150 a screen to add nothing.

March Coronvirus Update:

By now we have all seen and read countless articles on how best to protect ourselves and others from bacterial infection. Before we begin we want to list some recommended resources right off the bat that can help educate your point of view on antibacterial, antimicrobial and of course, the coronavirus.

Our current recommendations:

  1. Clean surfaces with warm soapy water. That breaks down the viruses and removes it.
  2. Another option — wipe down with bleach wipes and after several passes of that wipe down with Easy Screen.
  3. Bleach – figure 1/3 cup bleach per gallon of water for mix ratio
  4. Avoid highly concentrated solutions of alcohol based.
  5. If you want to “double-clean” then consider getting handheld UVC product like the Blade below for localized and safe UVC cleaning (after surfaces have been wiped down).  Oily fingers are one of the complicating factors to consider.

Recommended Resources

Some recommended sources of internet resources include:

PDI Update

PDI has been monitoring the COVID-19 epidemic (SARS-CoV-2 virus), previously identified as 2019 Novel Coronavirus (2019-nCoV), to provide you the most current information to help manage this outbreak. The CDC has recently issued additional recommendations for surface disinfection, including recommendations for the use of an EPA-approved disinfectant with emerging viral pathogens claims. This letter supersedes previous letter issued on January 30, 2020.

Super Sani-Cloth ® Wipes, Sani-Cloth ® AF3 Wipes, and Sani-Cloth ® Bleach Wipes meet the criteria for the EPA emerging viral pathogens claim. PDI has submitted the addition of the required language for this claim on these master labels to the EPA and is awaiting expedited approval. Recently launched products, including Sani-Cloth ® Prime Wipes, Sani-Prime ® Spray, Sani-24 ® Spray, and Sani-HyPerCideTM Spray already have the EPA emerging viral pathogens claim on their master labels.

Recommended Wipe

Super Sani-Cloth is what we would recommend. It is the most equipment friendly wipe that is on the list.

The SARS-CoV-2 virus still has not been made readily available by the CDC for testing. The CDC states: “If there are no available EPA-registered products that have an approved emerging viral pathogens claim for COVID-19, products with label claims against human coronaviruses should be used according to label instructions.” The following PDI products have label claims against human coronaviruses:

Click for full size

Handheld cleaning would include after-hours with handheld UV device (example here is Blade). $500

Don’t Believe It

Bad Data Tabloids

A year or so ago an article on “dirty” McDonalds touchscreens came out in London tabloid and while proved inaccurate there are those that have used it to create a certain fear factor. The intent of the article was essentially “clickbait” for sensational traffic.

We have articles here on the site from legitimate sources which disproved and countered. Companies will also use this article as “fear factor” for buying their products. If this article is their primary credential then that tells you something.

While some fantastical things like your Marketing people making decisions at midnight in the company parking lot via chicken bones and marbles  can be considered possibly true, we like to think they utilize factual analytic data.

Employees

  • Training employees to clean their hands and then to clean the public surfaces on regular basis is best practice
  • Do employees get paid sick time or do they have to come into work and potentially infect people?
  • You’ve opted not to use the cleaned kiosk and go to the counter. How close is that McDonalds person to you talking to you and how many people have been talking in that zone? Drive Thru’s get a lot busier.

But what about your cellphone?

Because phones get so dirty, they’re as important to keep clean as your hands. But you can’t lather, rinse, repeat your phone with soap and water — so that’s where alternative cleaning methods come into play, such as UV lights that disinfect your device.

A new study conducted by PhoneSoap, a company that sells UV sanitizing devices for your phones, has found that the surface of the average device is 18 times dirtier than a public restroom. In an interview with Mashable, co-founder Dan Barnes says PhoneSoap calls phones “the third hand you never wash.”


Difference between Antimicrobial and AntiBacterial

Antimicrobial and antibacterial solutions for touchscreens and kiosks have been around a long time and there has been improvements over the years.  Important in the self-service terminal that the treatment does not affect the touchscreen

The primary difference between antibacterial and antimicrobial substances is the types of microorganisms they act upon. While antibacterial products prevent the development of bacteria, antimicrobial agents such as alcohol-based hand sanitizers prevent the spread of bacteria, fungi, and some viruses. This is a much broader scope of protection than the protection found in antibacterial products.

Cleansing wipes are one type of product that is available as both an antibacterial product and an antimicrobial product. Antibacterial hand wipes kill bacteria, while antimicrobial wipes kill bacteria plus other microorganisms that can cause human illness. Both antibacterial and antimicrobial wipes can be a component of effective hand hygiene.

Antibacterial Kiosk Solutions

Wipes – PDI Easy Screen

Compatible touchscreen cleaner that works.

• Features the power of 70% isopropyl alcohol (IPA)
• Fast-drying, No residue, Anti-fogging, Anti-streaking
• Rapidly cleans dirt, grime, fingerprints, and smudges
• Compatible with touchscreen healthcare equipment, including Corning® Gorilla® Glass (3 and 4)1, Sapphire glass, Aluminum silicate, Acrylic Glass, Etched glass, Stainless steel, and more!  MSDS Sheet

Spray & Coating – Sanitech Information

SurfaceClean is a hospital-grade cleaner disinfectant that kills 99.9% of germs and bacteria on hard, non-porous surfaces.

SurfaceClean- enhances the effectiveness of our antimicrobial coatings by properly preparing surfaces for antimicrobial treatment

SurfaceClean is designed for use prior to the application of long lasting antimicrobial products. It is also recommended for regular maintenance cleaning.

SurfaceClean is a cost effective and easy to use solution. SurfaceClean is available in 32 ounce spray bottles and 1 or 5 gallon containers.

 SurfaceClean Disinfects and Eliminates:

      • 99% of Germs and Bacteria
      • Healthcare associated MRSA
      • Community associated MRSA
      • H1N1 Flu Virus
      • SARS
      • Avian Influenza
      • Hepatitis
      • Mumps
      • Rhinovirus
      • Rotovirus

For how long?

SurfaceAide XL delivers durability, safety and affordability to protect vital surfaces from the growth of bacteria, mold and fungi 24/7 for up to 90 days.

SurfaceAide XL

  • Generates an environmentally friendly, non-leaching antimicrobial barrier on surfaces that is non-toxic and non-sensitizing
  • Promotes long-term reduction of harmful bacteria, mold and fungi on surfaces
  • Minimizes the presence of microbes on touch points that can serve as transfer routes for bacteria from surface-to-skin
  • One application effectively fights the growth of bacteria, mold and fungi, non-stop on surfaces for up to 90 days
  • Proactively and continually prevents odor, staining and deterioration caused by bacteria, fungi, mold and mildew
  • Can be safely and easily applied without affecting day to day  operations
  • Invisible, odorless and will not affect the appearance or performance of treated surfaces
  • Since SurfaceAide XL does not leach, the organism cannot emerge as a new resistant microbe or “super bug”
  • Essentially dimethyl ammonium chlorides

Clorox Professional

– Link – competes with PDI.  Using “Quat Alcohol”.

Here is the Clorox info.  Same as PDI but percentages are not revealed.  Price is different I am guessing.

 

AEGIS INFO

Treated vs. Untreated Surface — The unique AEGIS Microbe Shield is a fabric enhancement that gives the treated surface active antibacterial action. The germ-killing action is the result of a micro polymer coating, which mechanically destroys bacteria, mold, fungus and their allergens on contact. AEGIS contains no chemicals, is not consumed by microorganisms, and remains effective for the life of the product.

COPPER AND ALLOYS

 

Copper alloys have the advantages of not only killing “bad bacteria” but they continue to kill it.  Chart compares copper, brass and stainless.

And yes copper has an ROI model based on cost savings.

UV-C Antibacterial Light

Another antibacterial  tool is UV-C light. It however has many cautions.

What Are Germicidal Lamps?

Germicidal lamps emit radiation in the UV-C portion of the ultraviolet (UV) spectrum, which includes wavelengths between 100 and 280 nanometers (nm). The lamps are used in a variety of applications where disinfection is the primary concern, including air and water purification, food and beverage protection, and sterilization of sensitive tools such as medical instruments. Germicidal light destroys the ability of bacteria, viruses, and other pathogens to multiply by deactivating their reproductive capabilities. The average bacteria may be killed in 10 seconds at a

Blade UV-C cleaner
The handheld, portable UVC Blade deactivates bacteria, viruses and fungi in hard to reach places and in environments that only need occasional exposure to UVC light. It is also an effective solution for mold remediation.
The Blade features an on/off safety switch, and a comfortable handle that minimizes grip discomfort.
Hazard and Risks from Germicidal Lamp UV Radiation

UV radiation (UVR) used in most germicidal bulbs is harmful to both skin and eyes, and germicidal bulbs should not be used in any fixture or application that was not designed specifically to prevent exposure to humans or animals. UVR is not felt immediately; in fact, the user may not realize the danger until after the exposure has caused damage. Symptoms typically occur 4 to 24 hours after exposure. The effects on skin are of two types: acute and chronic. Acute effects appear within a few hours of exposure, while chronic effects are long-lasting and cumulative and may not appear for years. An acute effect of UVR is redness of the skin called erythema (similar to sunburn). Chronic effects include accelerated skin aging and skin cancer. UVR is absorbed in the outer layers of the eye – the cornea and conjunctiva. Acute overexposure leads to a painful temporary inflammation, mainly of the cornea, known as photokeratitis. Subsequent overexposure to the UV is unlikely because of the pain involved. Chronic exposure leads to an increased risk of certain types of ocular cataracts. Working unprotected for even a few minutes can cause injury. It is possible to calculate the threshold for acute effects and to set exposure limits. It is not possible, however, to calculate threshold for chronic effects; therefore, because no exposure level is safe, exposure should be reduced as much as possible.

UV-C Handheld Blade FAQ
  1. How does one use it?

With the Blade unit, all you need to do is get it as close to the surface as possible and pass it over the surface. Being one inch away, a few seconds exposure kills all bacteria and virus.

  1. How long does it take?

Some take a little longer than normal but a few seconds is plenty if 1 inch away

  1. What is the wrong way to use them?

You don’t shine the light up or at anyone and the operator should wear safety glasses which we include with every unit

  1. How does it handle oily fingerprints and smudges?

The surface should be wiped down for the best application

  1. These should be used in off-hours when no customers or patients around?  Example: the front lobby of VA where check-in’s are taking place.

They can be used 24 hours a day, you just need to have people stand back while you run the unit over the surface

UV-C Resources

The Evolution of Kiosk Software

Kiosk Software Evolution

Without those who took the first steps in developing software for kiosks, the industry wouldn’t be enjoying its current dominance in the marketplace.

By Richard Slawsky contributor

There’s a saying in the business world along the lines of “The pioneers get the arrows.” Nowhere is that more applicable than in the world of kiosk software.

But before we get head down that road let’s remind ourselves of some of the current dedicated software companies.

Software Only

    • KioWare – kiosk lockdown & secure browser with monitoring
    • Nanonation – custom software & digital signage
    • Vispero – Jaws software for Windows accessibility
    • 22 Miles – Digital Signage and Wayfinding
    • Acquire Digital – advanced digital signage and wayfinding software
    • Qwick Media Inc. – One stop self-service kiosk and digital signage solutions
    • PROVISIOsecure browser w/ remote monitoring
    • Self-Service Networks – Gift Card software for Malls and more.
    • Esper — full-stack software solution for the kiosk industry. Esper locks down the kiosks to the hardware layer for significant operational efficiency and performance.

    Software + Hardware

    • Olea Kiosks – primarily hardware but extensive software partners available. International support.
    • KIOSK Information Systems – custom kiosks, standard kiosks, full software development, remote monitoring and managed services.  Complete software division.
    • DynaTouch – complete kiosk solutions, specializing in government self-service since 1988 and secure kiosk software with remote monitoring
    • Qwick Media Inc. – Touchscreen and digital signage software and hardware manufacturer.
    • TurnKey Kiosks – turnkey financial kiosk
    • ZIVELO – primarily hardware but also provides software

     

With kiosks now becoming an integral part of society, and poised to take an even more dominant position in the marketplace this year, it might be interesting to take a few minutes to pay homage to the pioneers of kiosk software.

And while it’s impossible to name every player who made their mark in the early days of the kiosk, there are a few whose impact still resonates throughout the industry.

The beginnings

Of course, one of the key drivers behind the development of kiosk software was the explosion of computer industry, beginning in the late 1970s. While computers had been around for decades, products such as the MITS Altair 8800, the IMSAI 8080 and the Apple 1 not only made computers more affordable than their predecessors, they gave birth to the concept of desktop computers.

And with the subsequent release of the spreadsheet program VisiCalc and the word processing program WordMaster, later WordStar, by 1980 computers had taken their place as a critical business tool.

As the computer industry grew, companies such as IBM, NCR and other hardware manufacturers began looking for applications for their products beyond the desktop. One of those applications was self-service.

But making those applications practical required the development of software to make their use worthwhile, giving birth to the kiosk software industry.

Alex in his younger days…

“Back then the biggest player was a company called Lexitech, founded by Alex Richardson in 1983,” said Ron Bowers, senior vice president of business development with kiosk and store merchandising provider Frank Mayer and Associates, Inc.

“Alex initiated the beginning stages of that through his work in the basement of a building at Yale University during his attendance there,” Bowers said. “He was behind the effort to help self-service technology grow from a curiosity to practical applications.”

What an old Lexitech hat looks like.

At the time, IBM was holding large symposiums on college campuses, and they were looking for ways to provide information to attendees about seminars and conferences that were happening in various buildings, so the company approached Richardson to begin working the initial concepts for a solution. Richardson then brought in merchandiser Frank Mayer and Associates to help bring the concept to fruition.

“So the first program we did with them was this university solution,” Bowers said. “It resided on a huge IBM desktop computer that had very limited capabilities, but it was extremely cutting edge; way ahead of its time.”

That proto-kiosk was keyboard-controlled and offered little in the way of user experience, but it was able to access and provide information, giving a hint of what was possible with a self-service device. A subsequent effort involved creating a program for the city of New York for applicants to access information about job availability and submit an application.

Expanding from there

The kiosk industry, like many other technology-based industries that depend on interactions with customers, is like a two-sided coin.

On the one side is the technology component, where a piece of hardware performs a specific function. On the other is the customer behavior component, or knowing what the customer is seeking and the motivation behind their decisions. Companies don’t always bring the two sides together.

Lexitech recognized that dichotomy, Bowers said.

“Most of the other software companies that came out of that university connection were more interested in database management,” Bowers said. “Lexitech was the first to really get the idea that as an enterprise solution (the kiosk) was going to have to fulfill expectations and meet a need arising out of the consumer’s ability to shop in multiple layers and what motivates them to purchase.”

Lexitech brought a different direction to software development. It was no longer simply just the number crunching for which computers had traditionally been used; it was data crunching for an enterprise solution that involved both the retailer and the consumer, offering insights about products, features, benefits, specs and so forth to inform and educate the consumer.

“That is bringing the consumer and the product and the retailer together, and then being able to access that information through some type of a device,” Bowers said. “Back then the device was a freestanding kiosk. “

Lexitech eventually became Netkey and then sometime later NCR purchased them.  Here is an Netkey_Solutions_Brochure.

Taking it to the masses

In the early days of the industry, kiosks were typically boxy affairs that were custom-built for each application, with the software written specifically for that particular application. The software component alone could cost a deployer $100,000 or more.

Much of that changed with the entry of St. Clair Videotex Design into the software arena. The company was founded in 1982 by Doug Peter, whose background was in advertising, brand marketing and public relations.

Chris back on old project for KIS and St. Clair

“St. Clair evolved and grew out of a design/graphics support for a larger marketing company,” said Chris Peter.

“(My father) Doug Peter was tired of doing endless ad buys (billboards, tv spots, etc.) and was looking for a way to measurably market and interact with consumers/public,” he said. “He wanted a system that was not only not intimidating but appealing to use, with real measurable results on the interaction that could be actioned on.”

St. Clair Videotex Design eventually evolved into St. Clair Interactive. At the time, kiosks were beginning to gain traction in the marketplace and seeing wider deployments, though the infrastructure, software and hardware solutions were painfully limited.

“Doug offered another perspective very similar to what Alex did at Lexitech,” Bowers said.

“He brought in the disciplines of advertising marketing and marketing strategy to the software,” he said. “I don’t use this term lightly, but I believe Alex was a genius for his time and place and what he brought into the mainstream because it did not exist before he did it. The same thing was true with Doug and his team.”

Peter brought in a different way of thinking, a different way of developing and a different way of presenting fact-based services to GUI and self-service merchandising, Bowers said, and that accomplished a number of goals. It helped build a brand for the retailer, and from a consumer standpoint, it began to offer them new and exciting ways to shop.

“It was growing by leaps and bounds because now it was bringing into the fold new strategies of inventory management, new strategies for introducing loyalty programs and managing and measuring sales promotions,” Bowers said.

In addition to bringing that advertising sensibility into kiosk software, Peter accomplished something equally important, developing a solution that would help reshape the industry.

“What allowed us to flourish and grow was that we didn’t just provide one niche solution (which was the general approach then, build out your solution, then sell it),” Chris Peter said.

“After we’d done our seventh Gift Registry solution, we realized that we could ‘template’ solutions,” he said. “Even the niche players had extensive professional service and customization costs associated with deployments, so we built out the base solution for solutions like Gift Registry, Catalog Shopping and so forth as well as Operations and Content Management tools that could control all of the base templates. This allowed our sales approach to become ‘what would you like to do’ instead of ‘here’s what it can do’, and I believe this was very successful for St. Clair.”

The corporate shift

Lexitech and St. Clair interactive weren’t the only software companies in the early days of the kiosk industry, although they were certainly two of the most influential. KioWarePROVISIO (Sitekiosk) and others were also early entrants into the world of kiosk software.

“There was another company called Rocky Mountain Multimedia run by Dave Heyliger and Degasoft/Kudos,” said Nigel Seed, who served as the CEO of NetShift Software. “So those were some of the key competitors in that era.”

RMM was the first and only software application (Kiosk in a Box) that shipped as bonus software with every Elotouch touchscreen monitor.  RMM still sells and ships its Pro Version.

Excerpt from Frost and Sullivan 1998 report

Several of the largest companies to start the industry were companies like ATCOM/Info which ruled with their internet access pyramid, North Communications, Marcole Gift Registry,  King Product,  NeoProducts and more.  Here is a list of companies by Frost and Sullivan n late 90s. Old Companies PDF and worth noting that several are current members of the Kiosk Industry Assocation (Gibco, TouchSource, Elotouch, USA Tech, KIOSK Information Systems and DynaTouch.

And following in the footsteps of Apple’s iconic “1984” Super Bowl commercial, many of those companies were small, scrappy players on the forefront of technological development.

“Going down memory lane, a company that comes to my mind as one of the first and main players for kiosk software was KioskLogix and their Netstop software,” said Heinz Horstmann, CEO of PROVISIO, the company behind SiteKiosk.

“When others were still in the beginning stages of kiosk development they had developed a software product for pay-per-use and other kiosks and public Windows computers that was available as canned download software which was easy to install and configure,” Horstmann said. “Netstop was one of the first kiosk software products that was successful on a national and international level.”

But as often happens in any emerging industry, large corporate concerns began looking at what those small players were doing and made decisions that would ultimately end up killing off many of the early entrants.

“I think all of us thought our customers would want to license a robust piece of commercial software,” Seed said. “To my horror I found a lot of the companies I was dealing with trying to license my software took a look at what we did and decided they could do it themselves.”

In addition, in the late 1990s Lexitech secured a patent on aspects of its kiosk software and began aggressively seeking to assert its rights under the patent. Some companies ended up folding, while others agreed to pay Lexitech a licensing fee.  [You can still buy software today which bears the Netkey patent].

“Because of that, there was this poisonous aspect to the early start of the business that really didn’t help anyone in the end,” Seed said.

So as the industry began to take shape, it went through its ups and downs and some of the smaller players couldn’t hang on through the droughts. Others depended on specific hardware, some wanted control of the content, and some solutions didn’t integrate with other store systems, and so forth.

“As it has always been, the kiosk market was very feast or famine,” said Chris Peter. “Attending Kiosk Com and other shows, it was always a surprise to see who was new this year, and who wasn’t here from the year before.”

And in the eyes of many experts, the golden years for kiosk software developers were over after pay-per-use kiosks and public PCs became obsolete in North America and Europe, Horstmann said.

Many of those early players are gone, although some, such as KioWare and PROVISO, still survive and even thrive. Lexitech, which Alex Richardson renamed Netkey in 2000, was acquired by NCR in 2009. St. Clair Interactive, which won “Best Kiosk Software” awards for several years throughout its existence, is still operating, although in a much smaller form.

The widespread adoption of smartphones and the prevalence of their accompanying apps has certainly changed the direction of the kiosk industry, although kiosks continue to have a key role in the marketplace.

“If you ride the train every day you’re going to you’re going to use your mobile application to purchase the ticket,” said Bryan Fairfield, CEO of kiosk and digital signage software provider Nanonation.

“If you only ride it once a month, you’re probably not going to download their app,” Fairfield said. “In those cases, you might use an interactive (kiosk).”

Today, software has changed from the custom monolith model of companies such as St. Clair and Lexitech to more vertically and niche-oriented software, with many applications now based in the cloud. Devices that once were problematic, such as cash recyclers and kiosk printers, are now addressable via the network.  Connected devices.

With the emergence of Chrome OS, the large base of windows legacy devices running on the Intel platform are finding new life. And many of the kiosks being deployed today are tablet-based, making mobile device management increasingly important.

Subscription-based cloud services are becoming increasingly popular to get set up and running fast and to avoid high IT infrastructure costs for self-service and interactive digital signage deployments.

And now we audibly and verbally talk to a cloud-based AI to hear the latest weather and find out “where’s my stuff” orders. Amazon Alexa and Google Home are becoming the interface.

“The focus continues to be on the cloud and how well kiosk software developers will be able to remotely deliver a tailored user experience for different industries,” Horstmann said. “Kiosk software solutions have to provide more than just security features and peripheral device support but also advanced remote management, monitoring and cloud-based content management solutions for a growing number of devices like tablets and interactive displays. “

Customers also have higher expectations for kiosk software in terms of scalability and ease-of-use, Horstmann said. Many companies are not willing to go through a lengthy setup and configuration process.

And today rather than having to write to some closed-door standards from the IBMs and NCRs of the world via NRF committees, we utilize the cloud with Html5 and JSON tying devices together on the Internet. The old giants just try to keep up.  POS and self-order application development cycles are measured in days and months, not years anymore.

Hardware is no longer restricted to the stock Dell corporate PC with a 4:3 touchscreen. Kiosks now offer widescreen displays, tablets, content management, remote management and power over ethernet (POE) and the cloud. Forget big computers and requirements for USB always. Even Windows is becoming less important.  All types of traffic analysis methods, authentication and beacons for realt time location. And then there is speech.

Jim Kruper of KioWare notes, “As far as software direction goes we see it heading in the direction of IOT which is really saying that kiosks will be connecting to a much more broader universe of devices.  In addition, we see security features using biometrics finally becoming more mainstream as well as video technology that uses emotion detection and AI to drive user interaction.”

“Technology is changing every quarter,” Bowers said.

“New capabilities are becoming available and integrating with devices such as touch screens kiosks,” he said. “The important factor is it’s no longer the devices; it’s no longer kiosks or touch screens or digital signs. It’s the experience that comes out of the utilization of hardware; this retail marketing strategy which is much more effective much more insightful and much easier to respond to the changing interests and habits of today’s connected consumer.”

It’s coming.

COMMENTS

Hi Craig – thanks for the trip down memory lane! The industry certainly has morphed and expanded over the years, it’s fascinating to see who is still viable as a provider, and who has fallen by the wayside.

In some ways, what we used to think of as “kiosk software” providing services to the public became “apps” on a smart phone giving access to an individual. Same workflow, just very different form factors. Yet, there are certain use cases where public access kiosk remains the best option for delivering information or automated service to the widest possible audience.

Hope things are well, keep up the good work! – Bob Ventresca (OG kiosk software dinosaur)

Kiosk Accessibility Consulting

Kiosk Accessibility Update on KMA

KIosk Accessibility Consultation

Click for full size image

Are your kiosks ADA-compliant? Typically prospects and customers will include a stipulation that the units be ADA-compliant.  We see many requests for proposals from city, state and federal agencies where that one line is the only line about ADA.

Section 508 and the ACAA only apply to federal correct?  The long answer is No [see Accessibility FAQ on kma.global]. They apply to everybody.

Almost all kiosks are ADA-compliant, to a degree. Most all likely will observe basic reach requirements but that is only one of over 30 standing regulations concerning hardware. And there are another 30 or so which apply to the software and interface.

But I don’t want to do that — Let’s list out some of Why Nots and Objections. For reference — these are Why Nots for EMV (another regulation) but they closely mirror ADA in fact.

  1. it costs money to do. You’ll need a QSA and that could be $75K easy.  Someone like Coalfire/etc.
  2. it takes time.  Figure a year or a month depending.
  3. It is inconvenient. It’s unnecessary regulation given our environment.  But it can come back to extract a heavy price in the future.

Those are the exact same objections to ADA.  Instead of a QSA like Coalfire though, you will bring on someone like VisperoKioWareTFA Consulting or AudioEye.  Kiosk enclosure companies are available to do enclosure reviews. Olea KiosksPyramidZivelo and Frank Mayer are exceptionally skilled at ADA.

Visit the page on KioskIndustry and sign up for a free ADA Accessibility Consultation

Kiosk Accessibility Update on KMA

EMV Kiosk Considerations

Originally published on Kiosk Industry

EMV Update for Self-Service Kiosks

EMV deadlines have arrived, but many choose to skip the upgrade. EMV is still split into two big camps. One that is compliant and the other which will  be, but not yet. 

EMV Kiosk Considerations

EMV Kiosk Considerations

Ingenico is the largest provider of self-service EMV for unattended and contributed to this resource article.

By Richard Slawsky contributor

Which costs more, complying with new regulations or not complying and hoping for the best?

The question is particularly relevant when it comes to kiosk deployers complying with Europay, Mastercard and Visa (EMV) regulations. Invest in upgrading equipment, or run the risk of being hit with chargebacks and fines in the event of fraud?

Although the lack of clear incentives or financial impacts have prompted some to skip those upgrades, it may be wiser to begin the planning process now. When the inevitable kiosk fraud case makes headlines, it will likely set off a compliance rush that may leave some deployers waiting months or years to get their devices upgraded and certified.

EMV Kiosk Considerations

The Wikipedia entry for EMV defines it as “a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.” EMV “smart cards” store their data on integrated circuits in addition to the traditional magnetic stripes.

The Path to EMV
  • CC readers as keyboard wedge. They take input & then act like a keyboard echoing out the numbers thru port.
  • Credit companies keep data on unprotected and unencrypted servers.
  • Europe sees better way & requires solid encryption paired with a PIN (aka Chip and Pin).
  • The US defers requiring that for time being and does not follow Europe’s lead.
  • Growth of Internet and rise of credit cards Mastercard and VISA in US agree that encryption is a good thing. Maybe even a PIN…
  • EMV liability timetable put in motion. ATMs hugely affected (in US only) as are retailers.
  • CC readers add encryption in advance. Magtek and IDTech good examples. Instead of open Keyboard Wedges we now have encryption capabilities. No chip, though, and no PIN.
  • Deadline nears – everybody knows it is time to use chips, assuming liability for not doing so is above profit threshold. Somebody that does relatively small transactions will never be a target for stolen credit cards (Redbox e.g.). Does liability outweigh cost of upgrading, and affecting bottom line and potentially share price?
  • Signature used or zip code as presumed id token.
  • Data systems becoming more secure with better firewalls, less physical access, and encryption but most are not.
  • Big incidents (Target) increases pressure to upgrade all systems. Target’s backend was entry point via a vendor with free malware.
  • Nowadays EMV means getting a chip reader. It means securing the back end (ask Equifax…).
  • It used to mean signature too but no more.
  • Does not mean a PIN. With some consumers carrying multiple cards, it is impossible for them to use a secure PIN for each card because they’ll never remember.
  • Card data remains relatively safe on the front end (with CHIP) though there are many who still swipe (40%?) and IT Departments pay more attention to security on back end. One could argue penalties for breaches be increased as money is best motivator. See HIPAA privacy.

Because the chips are supposedly impossible to clone, smart cards offer vastly improved security compared with magstripe-only cards. But while smart cards include a magstripe along with the integrated circuit for backwards compatibility, the improved security only applies when used with an EMV-compliant card reader.

Although EMV compliance is an ongoing process in the United States, EMV technology has been standard in Europe for years with chip-and-PIN standard and contactless payment cards exploding.

“The card I use for business is probably 60% chip and pin 40% contactless by number of transactions, and I don’t think I’ve ever been asked to confirm a contactless payment by providing my pin,” said Nigel Seed, who runs KioWare Europe now. “A lot of people simply mistrust contactless and refuse to ever use it, in fact some people contact their bank and tell then to send them a replacement card without that facility, but busy metro type professionals typically do use it more than the average.”

To incentivize businesses to upgrade their card readers to EMV-compliant devices, the four major U.S. credit card issuers – Visa, MasterCard, American Express and Discover – established Oct. 1, 2015 as the deadline when credit card fraud liability will shift to merchants or processors if they do not have an EMV payment system ready.

If fraudulent card use occurs at a merchant that has not upgraded their equipment to EMV technology, the merchant eats the cost of the chargeback along with any fines or fees that may be levied. If that merchant’s processor has not made an EMV-compliant solution to the merchant, or if the card issuer has not issued EMV-compliant cards to its cardholders, the processor or card issuer assumes the liability.

Despite that deadline, though, deployers of self-service devices have been slow to bring those devices into compliance with EMV, in part due to the complexity and cost of upgrading. Making a kiosk or other self-service device EMV-compliant isn’t simply a matter of swapping out a card reader. Along with upgrading the payment terminal and software, other infrastructure involved in the transaction, such as data storage devices, must be upgraded as well.

EMV compliance affects all systems involved in the payment process, not just the payment terminal. Data warehouses are likely the biggest target of all and the eventual destination of data provided at a public terminal. If a retailer takes that highly encrypted data and then stores it as plain text on some in-house data warehouse that thru the vagaries of Microsoft networking is accessible via a simple vendor logging into a portal, they are vulnerable to EMV compliance issues.

In addition to upgrading hardware, compliance also involves the processor and the card issuers certifying that transactions are originating from an EMV-certified device, and that all software and middleware is PCI-DSS complaint as well as being compliant with international operability standards established by EMVCo, the consortium that manages EMV standards. That process could take several months.

What About A Pin Pad?
When do I need a PIN pad? Here are the basics:The United States has historically had two kinds of Cardholder Verification Methods (CVM); PIN for debit transactions and signature for credit transactions at attended terminals. A signature was not valid for unattended scenarios under the logic that a kiosk can’t check an ID or signature.

In recent weeks card brands declared Signature to be obsolete and optional in the United States. This really had no impact on unattended as the standard for unattended credit purchases was No CVM.

The vast majority of debit cards issued in the US are called “dual application,” meaning they also carry one of the card brand logos and as such can be used on both debit networks (with PIN) and credit networks (optional signature). Think of the phrase ”Visa check card.” The transaction is performed on the credit network, but the money really comes out of your checking account as opposed to a line of credit.

Acceptance of PIN debit at a kiosk is optional, although there are cases where acceptance of debit is beneficial, such as bill pay kiosks where transactions could be potentially very large. This would be advantageous to a bill pay kiosk businesses when you consider a debit transaction has a fixed cost, while a credit transaction has a percentage of the sale amount fee.

From the perspective of fraud protection it is sort of a non-factor because crooks don’t go around paying their bills with stolen cards. In the case of a kiosk in the mall selling $200 headphones, though, it would be advantageous from a cost of transaction perspective as well as the prevention of card fraud and product loss.

Deciding if having a PIN pad on the kiosk is right for you really comes down to a few factors:

What is the average sale amount, and considering that amount does the potential savings of the fixed cost of a debit transaction vs the % cost of a credit transactions justify the increased hardware cost of adding a PIN pad for debit acceptance? Essentially, what is the ROI of the PIN pad and ability to accept debit?

What is the risk and true cost of loss of product at my kiosk, and does that warrant the cost of a PIN pad?

As an example, let’s say a photo kiosk sale amount maxes out at $50, and using an estimated credit transactional cost of 3.5% as a baseline, transactions will cost $1.75 to run as credit. Given debit transactions typically hover around $1.25/$1.50, the outcome of the financial decision tree says maybe the increased solution cost of the kiosk with PIN pad isn’t showing a strong ROI, or at least one that cannot be realized in the short term.

Furthermore, the risk and cost of lost product is low, and it will take selling a lot of prints to make up for the cost of the PIN pad. In this example it would make sense to forgo PIN debit acceptance at the kiosk and instead process debit cards over the credit network.

“Each payment processor generally drives their own certifications, so timing varies pretty dramatically between payment processing certification teams,” said George Hudock, who handles business development with Datacap Systems, a developer of integrated payment systems.

“Most kiosk providers will use a third-party payments solution to avoid the on-going EMV certifications and maintenance, so most are able to avoid the EMV certifications directly,” Hudock said. “However, EMV certifications for unattended devices generally take 3-5 months once queued.”

Although it’s difficult to tell how many non-EMV-compliant kiosks are out in the field, experts say 50-60 percent of point-of-sale terminals aren’t EMV compliant. It’s likely that the percentage of non-EMV-compliant kiosks is similar. Still, experts say it could be several years before the vast majority of self-service devices in the marketplace are brought in line with EMV regulations.

Overall, the EMV migration in the United States is proceeding as well and as speedily as anyone could reasonably expect considering the somewhat tortured circumstances in which it was launched and the technical complexity and costs of its implementation, said Leland Englebardt, Practice Leader, Financial Services at New York-based UpshotAdvisors.

“Remember, it was not long after Dodd-Frank was enacted, which required many significant changes in payment card infrastructure, economics and rules,” Englebardt said.

“We are beginning to see the results in less counterfeit card fraud, which is good for everybody,” he said. “However, the security of EMV is materially enhanced by adding point-to-point tokenization and encryption. As cyber-crime is now the most active and challenging area of payments fraud, it’s possible that in the near future we will see more mandates and/or liability shifts for those technologies.”

EMV confusion still reigns

Part of what seems to be hampering EMV compliance is a lack of clarity on the part of deployers over where kiosks fall under EMV regulations. Is there a difference between attended and unattended devices? What about those that accept or dispense cash?

According to Visa’s Transaction Acceptance Device Guide Version 3.1, the term Unattended Cardholder Activated Terminal (UCAT) refers to an acceptance device managed by a merchant that dispenses goods or services, at which the card and cardholder are present, but the functions and services are provided without the assistance of an attendant to complete the transaction. These devices include cardholder activated fuel pumps, self-service vending units, and self-service payment devices in parking garages or at parking meters.

Devices that support cash dispensing and provide goods and services must comply with the Visa rules and regulations appropriate to the transaction:

• When dispensing cash, the device is considered an ATM and, therefore, must adhere to the Visa rules and regulations for ATMs.
• When dispensing goods or services, the device is considered a UCAT and must adhere to the Visa rules and regulations for unattended purchases.

Although unattended devices (e.g., ATMs, UCATs) may dispense goods and services as well as cash, transactions involving a purchase with cash back are not allowed. In other words, an unattended device may dispense either cash or goods and services in a single transaction but not both. In addition, UCATs that dispense scrip are not addressed because the Visa rules and regulations prohibit Visa card products from being used for scrip transactions. (Scrip is a two-part paper receipt redeemable for goods, services or cash.)

Attended Cardholder Activated Terminals, such as self-checkout terminals in supermarkets, are not considered UCATs and therefore are not required to meet UCAT requirements.

The guide also mentions a third category, “semi-attended,” to describe Semi-Attended Cardholder Activated Terminals in the Europe Region.

Semi-Attended Tips
If you want to benefit from low cost EFT like Verifone VX820 series (<200USD) and you want to install in Semi-Attended environment you should cover unneeded and unwanted functions by a plastic form.Pyramid did it for instance in the McD Europe case. The customer can benefit from the low cost EFT and the “white” form embeds the EFT in an elegant and ergonomic way and in same time it covers the magnetic card function on the side of VX820 which would be not needed and would only make customers unsecure which way to use the device. With our embedded form, that ensures that the customer uses or NFC or Chip Card function.

McDonalds EFT
Click for full size

“This has resulted in self-service manufacturers creating a third optional semi-attended solution, in conjunction with VISA, for those situations,” said Frieder Hansen, co-CEO of Germany’s Pyramid Computer. “Instead, for example, a plain IPP350 or 820 being used (attended), or for purposes of a UCAT using Ingenico 250 series, the third solution would be using an inspectable key-lockable option with a terminal like a 350.”

There is a perception that kiosks are always considered unattended from an EMV perspective, said Allen Friedman, VP of Payment Solutions at Ingenico Group.

“This is not always true,” Friedman said. “Some self-service implementations in attended environments where employee assistance is available, like at the grocery store, can be considered attended devices. If there is any time period where no assistance is available, then it is considered an unattended solution.”

There is also a card brand requirement for unattended devices to make a printed receipt available to cardholders for transactions above $15, Friedman said.

“Designs for kiosks intended to provide merchandise or services above that amount should include a receipt printer with their models to insure compliance,” he said.

Taking the risk

Although kiosk deployers are still asking for non-EMV compliant solutions, kiosk manufacturers seem to be coming down firm on needing EMV-compliant payment solutions for any custom deployment. New projects are likely to take EMV into account throughout the process.

On the other hand, some deployers are likely to stick with non-EMV compliant kiosks to the end of their lifespan.

“Deployers aren’t as educated on this as they need to be,” Laura Miller with KioWare said. “They think it doesn’t apply to them, aren’t aware of the risk or think that the risk isn’t high enough to warrant the additional cost.”

EMV-certified options are also still relatively limited, so kiosk providers’ preferred payments providers may not yet have an EMV-certified option for unattended applications.

“Kiosks are also expensive to upgrade to EMV due to a required change in casework to accommodate the updated EMV device,” Hudock said.

EMV & Cloud Services
EMV credit transactions thru the cloud makes things easier. Keyboard wedge changed to HID changed to USB and now changes to Ethernet. A hospital environment with a copay for example in old days would require direct integration between the check-in device and the credit terminal. Which payment processor becomes an issue along with who writes the code.Nowadays you can offload the credit portion via cloud services and all that is required on the check-in or check-out terminal is simple HTTP and JSON call for authorization. The credit device takes over, conducts the transaction (thru preferred provider) via EMV certified kernel and then notifies the check-in/check-out that the transaction is complete.You eliminate the development cost, and the credit devices can be leased monthly to reduce the upfront cost of going EMV.

You do need an ethernet connection though.
EMV Cloud Service

“The kiosk industry is more fragmented than retail/restaurant,” Hudock said. “This means that there are often multiple constituents involved in delivering the kiosk that need to be involved in the upgrade process, including hardware OEMs, software developers, payments middleware providers, payment processors and installers. Kiosk upgrades tend to take a little more time and planning than retail/restaurant due to the number of involved parties.”

Some of the reluctance for kiosk deployers to adopt EMV is understandable. If the kiosk is near the end of its life cycle, a deployer may choose to ride it out until it’s time to replace the entire device. In addition, the relatively low transaction averaged for many kiosks translates to less overall chargeback risk, which in turn means less incentive to upgrade.

Should a deployer choose to skip making their units EMV compliant, though, at the very least they should place additional attention on security to minimize the possibility of fraud. Those steps could include data clearing technology and secure browsers, end session on a particular page, session timeouts and so forth. In addition, point-to-point encryption and tokens are valuable security measures. P2PE ensures that card data is encrypted at the time of card insertion and maintains that encryption until it’s routed offsite. Tokens ensure that card data is not stored locally for voids or recurring transactions.

“There is less risk of internal compromise of data for a kiosk due to the hardened nature of the casework, but the largest card data security problem facing kiosks is likely card skimmers,” Hudock said. “Because these are generally placed on top of an existing reader, the card is skimmed before security measures like encryption or EMV would have any impact. Merchants need to periodically check their kiosks to confirm that they haven’t been tampered with.”

And as EMV cards and terminals become ubiquitous, banks’ authorization parameters may evolve to limit fallback approvals.

“A kiosk operator who doesn’t upgrade to EMV may find it harder and harder to get a positive mag stripe authorization,” Englebardt said.

“Notwithstanding the liability shift, banks seek to avoid the risk of counterfeit card chargebacks that trigger replacement/reissuance costs and cardholder attrition,” he said. “So revenue erosion is an additional long term business risk for kiosk operators not adopting EMV.”

At the end of the day, though, what’s likely to motivate deployers to upgrade their devices will be the news of a major chargeback and fine associated with a device that wasn’t EMV-compliant.

“There are beginning to be some fines but not publicized and none that would be considered punitive by any measure,” said Geoff Leopold,division manager with Heartland Payment Systems. Still, it’s likely just a matter of time before a major incident occurs.

In addition, some payment processors have begun charging their customers EMV non-compliance fees. Those fees can vary, coming as a flat monthly or annual charge or a percentage of the deployer’s processing volume.

“The bottom line is that processors and banks want you to move to EMV equipment because it’s more secure for everyone,” write Ellen Cunningham in an article on the website CardFellow.com. “If you’ve been holding off on EMV-capable equipment you may want to think about upgrading before more processors begin imposing expensive fees.”

EMV Resources

How EMV works.

EMVCo manages EMV specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. EMVCo is a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.

US Payments Forum — The U.S. Payments Forum (the “Forum”) is a cross-industry body focused on addressing issues that require broad cooperation and coordination across many constituents in the payments industry.  Part of Secure Technology Alliance (see below).

The EMV Connection website provides up-to-date EMV migration information and educational resources. One of those is Chip Cards Facts-at-a-Glance.  It is now US Payments Forum.

EMV Resources page of the Card Acquiring Service (CAS). Offers information and links to helpful EMV information, including the federal government’s move to EMV chip and PIN-enabled card acceptance.

Secure Technology Alliance — The Alliance brings together leading providers and adopters of end-to-end security solutions designed to protect privacy and digital assets in a variety of vertical markets

EMV Contributor Acknowledgements

Thanks to all from us!

EMV and Kiosks – WHERE IS EMV FOR KIOSKS IN 2019? AN EMV UPDATE

EMV Update – Unattended

The deadline for merchants to bring payment devices into compliance with EMV standards passed more than three years ago, but there are still non-compliant devices in the marketplace.

otiKiosk provides kiosk system developers with an easy and affordable way to integrate a pre-certified EMV payment acceptance solution
otiKiosk provides kiosk system developers with an easy and affordable way to integrate a pre-certified EMV payment acceptance solution

A year ago, KioskIndustry.org published a piecelooking at the state of adoption of Europay, Mastercard and Visa (EMV) requirements among kiosk deployers in 2018. The bottom-line findings were that while kiosk manufacturers were stressing the need for EMV-compliant solutions for new projects, many deployers planned to keep current non-compliant solutions in the field until the end of their lifespan.

Now that a year has passed since that analysis, has anything changed? Where do things stand now?

EMV Compliance continues to expand

To recap, EMV is defined as “a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.” EMV “smart cards” store their data on integrated circuits in addition to the traditional magnetic stripes. According to financial services firm FirstData, EMV chip cards transmit a variable algorithm that changes with each transaction, making the data more secure than what’s found on magnetic stripe cards.

Under EMV standards, merchants had until Oct. 1, 2015, to make their payment processing equipment EMV-complaint. If a fraudulent transaction occurred at a merchant who had not upgraded their equipment, the merchant would eat the cost of that transaction along with any fines or fees that might be assessed.

And while EMV standards were relatively clear for in-person transactions, such as those at an attended checkout register at a grocery store, they were a bit murkier when it came to transactions at an unattended device, such as a self-service kiosk.

Although payment card issuer Visa doesn’t break out kiosk-specific statistics, it does track overall EMV adoption. By most measures, the process seems to be rolling along.

As of December 2018, more than 3.1 million merchants now accept chip cards, according to Visa statistics, compared with just 392,000 merchants as of September 2015. There are now 511 million chip cards in circulation compared with 159 million three years ago. Ninety-eight percent of payments accomplished at the end of 2018 were done using chip cards.

In addition, counterfeit fraud dollars dropped 48 percent over the 39-month period, according to Visa statistics, while that figure was closer to 80 percent for merchants who have completed the upgrade.

Still, that doesn’t mean credit-card fraud is going to disappear. According toresearch by intelligence firm Gemini Advisory, as of November 2018 chip-enabled cards represent 93 percent of the more than 60 million payment cards stolen in the past 12 months, thanks to the lack of U.S. merchant compliance with the EMV implementation.

Other Gemini findings include:

  • 45.8 million or 75 percent are Card-Present (CP) records and were stolen at the point-of-sale devices, while only 25% were compromised in online breaches.
  • 90% of the CP compromised U.S. payment cards were EMV enabled.
  • The United States leads the rest of the world in the total amount of compromised EMV payment cards by a massive 37.3 million records.
  • Financially motivated threat groups are still exploiting the lack of merchant EMV compliance.

In addition, a new type of card fraud is gaining in popularity. Unlike the skimmers fraudsters attached to gas pumps and other devices to capture credit card information (one of the types of fraud EMV was designed to eliminate) a “shimmer,” according to Krebs on Security, fits in the card slot between the chip on the card and the chip reader — recording the data on the chip as it is read by the underlying machine. The fact that the device fits in the slot itself instead of fitting over the card reader, it’s difficult to spot.

Here’s how Krebs described shimming in 2017:

“Data collected by shimmers cannot be used to fabricate a chip-based card, but it could be used to clone a magnetic stripe card. Although the data that is typically stored on a card’s magnetic stripe is replicated inside the chip on chip-enabled cards, the chip contains additional security components not found on a magnetic stripe.

“One of those is a component known as an integrated circuit card verification value or “iCVV” for short — also known as a “dynamic CVV.” The iCVV differs from the card verification value (CVV) stored on the physical magnetic stripe, and protects against the copying of magnetic-stripe data from the chip and using that data to create counterfeit magnetic stripe cards.”

The weakness a shimmer exploits lies with the card issuer as opposed to the payment device.

“The only way for this attack to be successful is if a [bank card] issuer neglects to check the CVV when authorizing a transaction,” ATM giant NCR Corp. wrote in a 2016 alert to customers. “All issuers MUST make these basic checks to prevent this category of fraud. Card Shimming is not a vulnerability with a chip card, nor with an ATM, and therefore it is not necessary to add protection mechanisms against this form of attack to the ATM.”

(If I needed any persuasion that payment card fraud was still a problem, I recently received a call from my bank alerting me that my debit card had been compromised. Someone had used what was obviously a cloned card to withdraw $300 at an ATM 30 miles away from where I live. The bank blocked the card when the fraudster attempted to make a withdrawal at another ATM. A few days later, my son’s debit card was compromised as well. In both cases, the money was refunded to our accounts and the dispute was closed in less than a week. When I posted a comment to the neighborhood Nextdoor social media site about the incident, dozens of people in my area said they had also been victims of payment card fraud. The speculation was that the issue occurred at a nearby convenience store, although nothing was proven.)

The current state of EMV affairs

By all appearances, EMV adoption among kiosk deployers essentially stands where it did a year ago. Deployers seem to be carrying on with existing equipment until the end of its lifespan, with any new deployments.

Part of the reason is likely, as mentioned in last year’s analysis, that the relatively low transaction averaged for many kiosks translates to less overall chargeback risk, which in turn means less incentive to upgrade. Given that risk, it doesn’t make much sense to invest in an upgrade it of the deployer plans to swap it out in a year or two.

“For kiosks we have seen very little in the way of EMV retrofits of fielded kiosks running in mag stripe even though there are surface mount devices well suited to field retrofits available,” said Rob Chilcoat, president, North American Operations with UCP Inc., a provider of EMV-compliant chip-and-pin hardware and payment gateway solutions for attended and unattended card payment terminals in North America.

In addition, some of the concerns about whether a kiosk would be considered attended, “semi-attended” or unattended under EMV requirements may have been overblown.

The Path to EMV
What are some other risks in deploying non-EMV kiosks? Comments from the experts:

  • There are current deployers with standard ecommerce websites using a third-party shopping cart on their kiosks that have no clue about EMV. Kiosk software like KioWare can intercept the shopping cart MSR checkout and perform the EMV transaction; however, they still need the third-party shopping cart to know the transaction has succeeded; ie, we need an API to call. This API is often lacking as most don’t care about kiosks and EMV integration, although it is slowly changing. This is definitely affecting existing kiosks going EMV, but it is also affecting new kiosk projects that had hoped to use their existing third-party shopping cart.
  • If a card data breach is tracked back to a kiosk, the merchant associated with that kiosk would be in hot water. This is why data in the clear between a card reader and a web hosted payment page (the old way of doing things) is such a PCI no-no.
  • Ultimately PCI compliance comes down to the merchant themselves, ISVs want to enable the merchants to use a PCI-DSS pre-certified solution, but that doesn’t completely relieve the merchant themselves from final PCI compliance. Implementing EMV pretty much removes mag stripe data from the environment except in cases where a card has no chip, or the chip is damaged. In the case of a card not having a chip, the issuer of the card would be the least compliant (culpable) party if the merchant is EMV capable. In the event of a damaged chip, this is why it is also important to implement end-to-end encryption, to render malware sniffing attacks unfruitful.

“’Semi-attended’ doesn’t exist as far as the PCI Security Council and EMVCo are concerned; a device is either a Cardholder Activated Terminal (CAT) or it isn’t in their eyes,” Chilcoat said.

“This ‘semi-attended’ term was coined by processors to justify using less costly attended devices at self-checkout and other indoor self-service scenarios where the kiosks are being tended to by an employee of the store,” he said. “This PCI gray area still exists and we do see people ordering attended devices from us for this purpose. We advise against it, but we can’t stop them from doing what they want with a terminal. It really comes down to what the merchant’s processor will allow.”

Still, deployers shouldn’t be lulled into a false sense of security by thinking a low transaction amount means they’re insulated from major losses. Yes, if a fraudulent card is used on a small transaction at the kiosk, it can just be considered a cost of doing business. On the other hand, if someone is able to collect cardholder data at the kiosk and then sell it on the dark web causing massive fraudulent transactions elsewhere, and that gets tracked back to a non-EMV compliant kiosk, it won’t be trivial to a kiosk deployer.

But for new projects, EMV is definitely the norm.

“In terms of kiosks, the biggest thing that’s changed is the move from EMV being an optional form of payment to a requirement for our customers,” said Bruce Rasmussen, director of sales with payment technology provider Ingenico Group.

“Currently we do not have any customers in the pre-deployment stage that are not already planning to support EMV now or in the next phase of their project,” Rasmussen said. “Additionally, merchants are continuing to redefine their customer interface to capture a new segment of the market, and payments continues to play a large role in this transformation.”

In particular, he said, there is a growing emphasis on supporting mobile wallets in payment solutions, which in turn drives demand for EMV contactless. With the majority of legacy cashless options only supporting magstripe transactions, merchants are putting updating their payment solutions to accept contactless at the top of their requirements.

“We see growth in contactless card payments and payments via smart phones driving growth in NFC adoption at the kiosk,” Rasmussen said. “The mandate from the card brands to support EMV contactless payments as of October 2019 is driving adoption for EMV since managing a contact and contactless certification may be the most economical and efficient use of resources to achieve a certification.”

Ultimately, although the process continues to be a gradual one, it’s only a matter of time before the vast majority of self-service kiosks in the marketplace are EMV-compliant.

“In terms of new kiosks, we have not shipped anything mag stripe only for a long time,” Chilcoat said. “I think overall EMV migration has hit a tipping point where chip card payments is the expected user experience and kiosk companies are seeing that and including it in their RFP requirements.”

EMV Update Credits and Members:
EMV References and Article

Protect Yourself From Fraud and Identity Theft In 2018

Reprinted with permission From Dane County Credit Union.. Thanks to author Anna Kucirkova.

Protect Yourself From Fraud and Identify Theft In 2018

Fraud protectionFraud protection. Unfortunately, we live in a time when identity theft and fraud are running rampant. Almost every month we hear of major security breaches, with companies like Yahoo, Uber, Equifax, and Dropbox all compromised. When these types of breaches occur, millions of usernames and passwords are hacked, often resulting in identity theft and fraud.

So what can you do to protect yourself in 2018? What steps can you take to ensure that you don’t get hacked?

We’re going to break down the how, what, and why of protecting yourself, touching on everything from your digital accounts to your bank account.

9 Steps To Protect Yourself From Identity Theftpaper-shreds

 

Many times, identity theft starts with a digital breach. From there it often moves to bank accounts and credit cards, which can be an absolute nightmare. In order to protect yourself against these things, follow these ten steps.

#1 – Shred your documents

Don’t toss bank statements and credit card receipts in the trash. Destroy them using a cross-cut shredder or shredding service.

#2 – Strengthen your passwords

Use random combinations of letters, numbers, and special characters. Create different passwords for each account and alter them frequently. Alternatively, you can use a password manager like OnePass or Dashlane to create and manage all your passwords for you.

#3 – Check your credit reports

You’re entitled to one free credit report every year from each of the three major credit reporting bureaus. Request one report every four months and review it for suspicious or incorrect information. LINK TO CREDIT REPORT SERVICE

#4 – Guard your Social Security Number

Avoid sharing it when it’s not absolutely necessary, and don’t keep it, or your Social Security card, in your wallet. After all, this is typically a key identifier for many accounts.

#5 – Be smart about social media

It is smartest to leave personal details, such as your birthday or address, off your profiles. This information can be used in an effort to get you to click on malicious links. Utilize your privacy settings and be cautious about whom you accept as a connection.

#6 – Secure your phone

Lock your device with a password, turn off Bluetooth when you’re not using it, and be cautious when downloading apps — only download from sources you know and trust. Additionally, consider using end-to-end encrypted messaging apps such as WhatsApp.

#7 – Know the signs of phishing

Phishing is when a scammer creates a legitimate looking email or contact that is intended to steal personal for information. For example, you they may create a password reset email that looks like it’s from Google in an effort to get you to type in your password. Watch out for emails, links, or unsolicited phone calls asking for your personal information.

#8 – Monitor your financial statementsHow do you recover from identity theft?

Report any suspicious activity in your bank accounts and credit card accounts as soon as you notice it. Many banks offer fraud protection apps that are worth investigating for another level of security. If your bank or credit-card company offers free online or mobile apps that will warn you of suspicious account activity as soon as it’s detected, sign up for them.

#9 – Keep your mail safe

Stealing your mail is one of the easiest ways for a thief to steal your identity. Consider using a locked mailbox or P.O.Box, and have the post office hold your mail if you go out of town. Additionally, shred any mail that could contain personal information such as credit card or bank statements.

These guidelines can help you keep sensitive information safe. Remember to be proactive to protect your personal information. These tips will be useless after your identity is stolen.

Fraud Alerts and Security Freezes

You can stop ID thieves before they cause damage by placing a security freeze on your credit reports at all three major credit bureaus: Equifax (www.equifax.com); Experian (www.experian.com); and TransUnion (www.transunion.com). Freezes will prevent identity thieves from looking at your credit report. To sign up for one, go to each bureau’s home page and locate the security-freeze link.

If you haven’t placed a security freeze on your accounts, and you spot a sign of identity theft, put an initial fraud alert on your credit report immediately. It is fast, free, stays in place for 90 days, and gives you extra legal protection. After that, request a security freeze.

Filing a fraud alert is appropriate anytime your identity information has been compromised, like when you lose your wallet, cell phone, or computer, or if your home or car is broken into. But you should also do it after more-subtle warning signs, such as finding unauthorized charges on your credit-card statement (even if quickly resolved) or failing to receive expected bills or mail.

Fraud alerts are free; security freezes typically cost $5 to $10 per person per credit bureau each time you place or temporarily lift one. Prices range from free to $20 depending on state law. But if you’re a victim of identity fraud, freezes are usually free. You can initiate a freeze online directly with each credit bureau; for fraud alerts, you only need to inform one bureau, which will pass the request on to the other two.

How Do I Protect My Identity For Free?

There are various services you can pay for that will actively protect your identity and let you know if something goes amiss. Lifelock is an example of a company like this.

And while using a theft protection agency can give you peace of mind, there are multiple things you can do yourself, at no cost, to help protect your identity:

Never give your Social Security number or other information to strangers who call, text, or send e-mail messages to you. Phony “phishing” e-mails can look like they came from your bank or your credit card company. Also, don’t write your Social Security number on checks (except those you send to the IRS), non-credit applications, or other forms. Treat your SSN as a sacred, secret piece of information.

Never keep sensitive information in easy-to-access places. For example, never put your computer passwords on an unprotected file on your computer. Also, don’t write them down and then put them in open places. For example, never put passwords on your computer monitor or under your keyboard.

Also, when choosing passwords, don’t use simple passwords like “password” or your first or last name.

Keep financial account statements, medical records, and tax filings in a secure place at home, especially if you let workers or others inside; shred documents when you no longer need them. Generally speaking, any sensitive records that you need to keep should be locked away.

Don’t post your birthday, mother’s maiden name, first pet’s name, or other personal information on websites like Facebook, Flickr, LinkedIn, Facebook, or Twitter. They’re often used to verify your identity and could grant an identity thief electronic access to your accounts.

If your bank or credit-card issuer offers free online or mobile alerts that will warn you of suspicious account activity as soon as it’s detected, sign up for them.

Finally, sign up for Credit Sesame’s credit monitoring service before you become a victim. Credit Sesame membership is 100% free, and no credit card is required to sign up. All Credit Sesame members get $50,000 in free identity theft insurance and live support through the process of identity restoration.

How Do You Prevent Credit Card Skimming?

How do you recover from identity theft?

A credit card skimmer is a portable capture device attached in front of or on top of a legitimate scanner. The skimmer passively records the card data as you insert your credit card into the real scanner.

Credit card thieves will often temporarily affix the card skimmer device to gas pumps, ATMs, or other convenient self-service point-of-sale terminals. Criminals like gas pumps and ATMs because it is easy to retrieve their skimmers and these places generally receive a lot of traffic.

Inspect the card reader and the area near the PIN pad as many banks and merchants realize that skimming is on the rise and will often post a picture of what the real device is supposed to look like. Of course, a card skimmer could put a fake picture over the real picture so this isn’t a fail-safe way to spot a skimmer.

Most skimming devices are temporarily affixed to the gas pump or ATM so they can be easily retrieved once they’ve collected cardholder data. If you think the scanning device doesn’t look like it matches the machine’s color and style, it could be a skimmer.

Unless skimmers are running a large operation, they are probably only skimming one gas pump at a time. Take a quick look at the pump next to yours to see if the card reader and setup look different. Trust your gut – if you are in doubt, use a different gas pump or ATM in another location.

Try to avoid using your PIN at the gas pump. Choose the credit option that allows you to avoid entering your PIN. Even if there is not a card skimmer camera in sight, someone could be watching you enter your PIN and subsequently mug you and take your card to the nearest ATM to withdraw some cash.

How Do I Protect My Financial Accounts?

How do I protect my identity for free?

Keeping tabs on every aspect of your financial life is critical to protecting your accounts and everything in them. Banks and other financial institutions also make mistakes all the time! Whether it’s a glitch in the system or simple human error — it can cause you big financial trouble without you realizing it. So here are some ways to protect your money — from system glitches and people both inside and outside the bank:

Check your accounts DAILY

It may seem kind of extreme, but it’s not — especially when it comes to fraud associated with a debit card and/or checking account. Monitoring your accounts daily will not only allow you to always have a good idea of what’s going on with your money, but it will also help you spot any potential fraudulent activity immediately.

Know your protections

Debit and credit cards come with very different protections under the law for you as a consumer. Here’s what you should know:

The definition of credit card fraud: If your credit card number is stolen, not the physical card, “you are not responsible for unauthorized charges under federal law,” according to the Consumer Financial Protection Bureau.

If the actual card is stolen, you are liable for no more than $50 in authorized charges — as long as you report it to your card issuer. Some issuers won’t even charge you the $50.

The definition of debit card fraud: If you report the card as lost or stolen within two business days, you won’t be responsible for more than $50 of unauthorized transactions. According to the CFPB, “if an unauthorized transaction appears on your statement (but your card or PIN has not been lost or stolen), under federal law you will not be liable for the debit if you report it within 60 days after your account statement is sent to you.”

If someone uses your physical ATM or debit card without your permission (meaning it was stolen) and you report the fraudulent charges within 60 days after your statement is mailed to you, you could lose as much as, but no more than, $500.

If someone uses your ATM or debit card without your permission and you don’t report it within 60 days after your statement is mailed to you, the potential damage is unlimited. You could lose all the money in that account, the unused portion of your maximum line of credit established for overdrafts, and even more.

Choose a financial institution with good customer service

Whether it’s a local bank, credit union, or multinational financial institution, find good customer service. The best places will always work with you to help get fraudulent charges or purchases off your account.

Never share your banking information with anyone

Don’t share any of your sensitive information via text, email, phone, social media, or any other app. If you ever receive a request to share your information, do not respond or provide any piece of information about yourself.

Use strong passwords & two-factor authentication

Two-factor authentication (sometimes called two-step authentication) requires you to take an extra step to authenticate who you are when you sign in or when you are doing a transaction.

Whatever the extra step is, opt in for it! It’s another layer of security for you and your money.

Don’t access your financial accounts from just anywhere

You should never log into your account — or any other account that contains your financial or card information — from an unsecured device or unprotected Wi-Fi network.

What Do You Do When Someone Steals Your Identity?

What can you do to protect yourself from identity theft?

If you suspect identity theft, act immediately to minimize negative consequences:

Put a fraud alert and/or security freeze on your credit reports

A fraud alert puts a red flag on your credit report and notifies lenders and creditors that they should take extra steps to verify your identity before extending credit. Initial fraud alerts are free and remain in place for 90 days. In some cases, extended fraud alerts incur a small fee, but under most circumstances fraud alert services are free to victims of identity theft.

Another option is to place a security freeze on your credit reports. A freeze prevents creditors (except those with whom you already do business) from accessing your credit report(s) at all. Most new applications will automatically be declined because without access to your file, the creditor will have no way to evaluate your credit. Not every state allows credit freezes to be placed by consumers who are not victims of identity theft, but every state allows identity theft victims to freeze their files. Some states charge a fee to freeze the file, and another fee to thaw it.

Contact any institution directly affected

If you know your credit card was stolen, immediately report the theft to the credit card issuer. If your checkbook or debit card was stolen, contact your financial institution. Keep a list of what’s in your wallet, along with the contact information for each item.

Contact the Federal Trade Commission (FTC)

File an Identity Theft Affidavit and a police report and create an Identity Theft Report. You can file your report online, by phone (toll-free): 1-877-ID THEFT (877-438-4338); TDD (toll-free): 1-866-653-4261, or by mail — 600 Pennsylvania Ave., Washington DC 20580.

The FTC will provide you with information about what to do next, depending on the type of fraud.

File a police report

To complete the Identity Theft Report, you’ll need to contact your local police and report the theft. Be sure to get a copy of the police report and/or the report number. Both your police report and the FTC Identity Theft Affidavit combine to create your Identity Theft Report. Your Report is essential when working with the credit reporting agencies or any other entities the identity thief may have contacted to open accounts in your name.

Report the theft to the Social Security Administration

If your social security number has been stolen, contact the Social Security Administration (800-269-0271) and the Internal Revenue Service (800-829-0433). It’s important to talk to both agencies if you think your Social Security number has been compromised.

Contact the Post Office

If you have reason to believe the identity thief may have submitted a fraudulent change-of-address to the post office or has used the U.S. mail to commit the fraud against you, contact the Postal Inspection Service, which is the law enforcement and security branch of the post office, and fill out the necessary paperwork.

These are only the first few steps. Total recovery from identity theft is a long, drawn-out process.

How Do You Recover From Identity Theft?

How do I protect my identity for free?

Once you have discovered the fraud and taken the initial steps to freeze or protect your accounts, take a deep breath and begin to repair the damage. The first step is to close any new accounts opened fraudulently in your name. Then, work with your bank and creditors to remove fraudulent charges from your accounts. Next, contact the credit reporting agencies and have the errors corrected. Finally, think about adding an extended fraud alert or credit freeze on your accounts.

Depending on your situation, you might need to take additional steps. If your social security number was compromised, contact the Social Security Administration and report it. You also need to replace all of your government issued IDs.

One unpleasant task is keeping debt collectors from trying to collect on fraudulent debts.

Additionally, you may have to work with law enforcement and creditors for months to clear your name of any criminal charges due to the identity theft. For certain types of accounts, you might have to contact additional offices. These include utility companies, phone service providers, government benefit offices, student loans, accounts at other banks, rental landlords, your personal finance officer, and the courts if you have a bankruptcy filed in your name.

Keep Yourself Safe

In our technologically bound and increasingly digital world, identity theft has become a major racket. Be sure to stay safe by staying smart. Do everything you can at home to increase your security, but also be wary of public Wi-Fi spots, be on the lookout for skimmers, and keep an eye on all of your financial and credit records. If you become a victim of identity theft, be immediately proactive in reporting the fraud and work with law enforcement and the agencies to fix your credit.

Some Additional Thoughts

 

  • Segregate your online purchases on second card that is not tied to your main bank account.
  • Cash is a good option at new restaurants.
  • Rf shielding holders if out in public, traveling a lot.
  • Better passwords. Use a service like LastPass.
  • Stay up to date with patches.
  • Avoid loading financial banking apps on mobile Android.
  • Authenticate with fingerprint on phone (biometrics).
  • Look at card readers before you insert. Skimmers are very skilled.
  • Don’t run windows unless you have to.
  • Avoid writing ssn on documents. Health documents are the worst and most often breached.

Design Capabilities for the POP Industry

Design Tools For POP Industry

How using the latest innovative software and products can save clients time and expense

As the Creative Director at Frank Mayer and Associates, Inc., a big perk of my job is staying immersed in the tech world and discovering the latest software and products developing at rapid speed.

Ryan Lepiankan with Frank Mayer. Creative Director and Design professional specializing in Point of Purchase display and retail kiosk design.

With an unending catalog of options available, it’s an exciting task to curate the programs we use to benefit our clients. Below is a sampling of tools we employ to better serve our customers with their point-of-purchase projects.

Unreal Engine 4

In the not so distant past, creating a video to stage a client’s display would require days, or even weeks, of work carefully piecing together each frame. Unreal Engine 4 has completely revolutionized the presentation landscape. Now, we can create instantaneous renderings at any size and resolution and can make modifications that don’t require large time commitments.

Originally developed as a software for first-person shooter games, the earliest development of Unreal Engine was significant because the program supported “modding,” or allowing players to modify code, insert artwork, and more.

Fast forward nearly two decades, and the latest edition, Unreal Engine 4, continues to improve its capabilities as more industries outside of gaming find the program useful.

At the time of Unreal Engine 4’s release, I was exploring how to get our design models into virtual reality and saw this software as a perfect avenue. Not only does it offer a great physically-based material creation kit that allows designers to quickly craft true-to-life materials and finishes, but it also has a blueprint system, which means I can make designs interactive without having to learn special coding.

So, what does this mean for our clients?

Click for full size

Unreal Engine 4 allows us to showcase their displays in real-time with superior quality graphics. Companies can view their designs as a fully representative 3D model on a desktop, or experience it in VR even before prototypes are built.

Virtual Reality

Click for full size

Interacting with a display can be an important undertaking before a client invests in the prototype phase. Virtual reality makes this possible.

Repurposing the same modeling/texturing/lighting work we did to create rendered images from Unreal Engine 4, virtual reality can simulate how a target audience will engage with various features. In this fully computer-generated world, clients can test their merchandising display by swiping a credit card, using a kiosk’s touchscreen, pulling product off a shelf, and much more.

This rich experience enables brands and retailers to document any immediate design or engineering modifications to their project, saving money and time before a prototype is created.
3D Printer

Sometimes you can’t beat seeing and feeling a physical replica or segment of a display. With our in-house 3D printing capabilities, we can provide a 3D visualization or proof of concept prototype components in a fraction of the time it takes to go through full engineering and traditional prototyping.

Often an image can go from a designer’s screen to a printed part in less than 24 hours, providing a fully visually and mechanically representative prototype on a greatly accelerated schedule.

Like virtual reality, offering 3D printing provides an opportunity to evaluate key components before moving on to the next stage of the process.

Conclusion

As with all new technology, it’s important to decipher the programs that will save on time and costs for both our business and the clients we serve. Along with the programs listed here, we strive to seek out the latest services to ensure our customers benefit from the newest innovation, and we look forward to what comes next.

Five Ways Digital Signage is Changing Advertising

This post originally published on https://www.meridiankiosks.com/5-ways-digital-signage-is-changing-the-advertising-game/

Ask any consumer today what grabs their attention or where they get their information and their answers will most likely differ from what they may have been 10 or 15 years ago. As technology and the variety of different media outlets have grown exponentially, many consumers have shifted their attention from more traditional media forms, such as magazines, newspapers, and stationary billboards to more modern mediums like social media, web-based outlets, and digital signage. While these more modern outlets often provide the exact same information as the ones that came before them, they have the ability to offer curious consumers the opportunity to learn and more easily engage with the information they are provided.

As this shift has occurred and consumer preferences have changed, so have the ways in which businesses successfully inform and market to them. While there’s no denying that the more traditional forms of promotion and advertising are effective for reaching consumers, digital signage has the ability to provide them with a unique user experience from the start—driving awareness, offering an interactive experience, and providing a seamless, user-friendly interface throughout the entire interaction.

Curious how digital signage could change the advertising game for your business or organization? Keep reading.

Drives Awareness

Living in the age of technology that we do, consumers are easily captivated by almost anything with a digital screen. Think about it–if you’re walking down the street or through a mall, are you more likely to notice the print display hanging in the storefront or the interactive digital display? Probably the digital display. Digital signage does so much more than just grab customers’ attention, though, it is also an effective tool for sharing information and driving consumer awareness on the path to purchase.

Offers an Interactive Experience

While the aforementioned more traditional forms of promotion and advertising have undoubtedly withstood the test of time, today’s consumers have grown to expect immediate gratification—including quick answers to their questions. Many digital signage models feature an interactive touch screen, which provides consumers access to numerous different layers of information—extending far beyond what meets the eye upon first glance. Digital signage can also include VoIP and SMS Text Messaging capabilities—enabling consumers to call businesses directly from the kiosk or text information from the screen to their personal cell phone to refer back to later on.

Provides a User-Friendly Interface

In addition to providing an eye-catching display, Interactive digital signage also offers a user-friendly interface–complete with simple menu options and navigation features. From the most tech-savvy to the least, consumers of all kinds can interact with and absorb information from the display. Similarly, with ADA compliance, Voice Over IP (VoIP), and Telecommunication Device for the Deaf (TDD) integration capabilities, digital signage can accommodate consumers of all abilities.

Improves Efficiency

Not only is digital signage easy for consumers to use, one of the most significant benefits for businesses and organizations is that the content is easy for them to update as well. Did the time change for an event? No problem. Just implemented updates for a product line? Get the word out! Once they have finalized the changes that need to be made, businesses and organizations can simply log into the back-end of their platform and add, remove, or change any of their content, all with the click of a few buttons.

Can Include Revenue-Generating Advertising

While some businesses and organizations choose to solely focus their digital signage solution on their own company, others have implemented revenue-generating platforms on which other non-competing businesses or organizations in the area can advertise as well. This is an especially useful option when looking for a way to offset the initial cost of deployment.

As consumers have become increasingly technology-driven, digital signage has emerged as an effective advertising and information sharing platform. As a result, this transformation has successfully enhanced the ways in which businesses and organizations promote themselves to consumers.

To learn more about Meridian’s self-service digital signage hardware and software solutions, visit our digital signage page.

ADA Considerations – Self-Service for All

Originally posted here

Touchscreen-based self-service technology is changing the way we do business, but one of the key challenges to widespread adoption is finding a way to make that technology useable by everyone.

Self-Service For All – ADA feature

By Richard Slawsky contributor

Interactive touchscreens are quickly becoming a key player in the kiosk world. Businesses ranging from fast-casual restaurants to health care facilities and mall makeup stores are finding uses for touchscreen-based kiosks, offering services ranging from food ordering to patient check-in to complexion matching.

The latest of the many reports forecasting the growth of the kiosk industry predicts the market will increase at a 9.7 percent compound annual growth rate, reaching $88.3 billion by 2022 from $46.1 billion in 2015. Drivers of that growth include increased customer’s interest towards self service, development in the retail and entertainment industries and innovations in touchscreen display and glass technology. The retail industry holds the lion’s share of the market, with about 40 percent of the overall revenue.

The growth of touchscreen-based self service hasn’t been without its challenges, though. Foremost among them has been the issue of making that technology available to all users, including those with disabilities. Another has been the expanded form factors such as tablets on the low end and large 85-inch touchscreens on the high side.  That’s a shift from the mostly 17-inch and 19-inch screens that dominate the ATM, airline and POS self-checkout precursor worlds.

The compliance conundrum

The U.S. Census Bureau estimates that about 19 percent of the country’s population, or about 57 million people, have some form of disability. Those include 8.1 million people who have difficulty seeing, including 2 million who were blind or unable to see. In addition, about 7.6 million people have impaired hearing. Roughly 30.6 million have problems walking or climbing stairs, or use a wheelchair, cane, crutches or walker, and 19.9 million people had challenges lifting and grasping. This includes difficulty lifting an object or grasping a pencil (or pressing buttons on a touchscreen interface).

To ensure those with disabilities can enjoy the same rights as everyone, in 1990 Congress passed the Americans with Disabilities Act (ADA). The law was designed to afford protections against discrimination similar to those of the Civil Rights Act of 1964. According to the U.S. Department of Labor, the ADA prohibits discrimination against people with disabilities in several areas, including employment, transportation, public accommodations, communications and access to state and local government programs and services.

For a business that incorporates kiosks into its operations, that generally means that a kiosk needs to be useable by all of its customers, no matter what their physical challenges may be. In many cases meeting that standard is easier said than done.

“ADA concerns are pretty much the same concerns that one would have for any type of a consumer self-service interactive solution,” said Ron Bowers, senior vice president of business development at Grafton, Wisconsin-based kiosk vendor Frank Mayer & Associates. “Some individual deployments are only adhering to the accessibility-by-wheelchair aspect.”. “Some individual deployments are only adhering to the accessibility-by-wheelchair aspect.”

Unfortunately, those basic accommodations can result in a business overlooking more than 35 million potential customers.

It’s worth noting that a large percentage of customers in wheelchairs also suffer from physical impairment.

Some of the biggest challenges kiosk deployers face is the degree of interpretation that must be applied to some of the regulations.  How many accessible units and what level of accessibility constitutes acceptable access?  Another is new regulations and retrofitting existing units can be problematic, said Craig Keefner, manager for Olea Kiosks.

“Complicating retrofits can be the issue of recertifying for UL,” Keefner said. “One change to the overall machine can require the new configuration to be recertified. If Walmart has to change all of its self-checkouts, that’s a big change.”

To help add clarity to exactly what kiosk deployers must do to be ADA compliant, in mid-September the Architectural and Transportation Barriers and Compliance Board released a final rule for electronic and information technologies used by federal agencies as well as guidelines for customer premises equipment and telecommunications equipment, including kiosks. The Access Board is an independent federal agency devoted to accessibility for people with disabilities.

A sample of the guidelines for kiosks outlined in the Access Board rule

  • In general, devices with a display screen shall be speech-output enabled for full and independent use by individuals with vision impairments.
  • Speech output shall be provided for all information displayed on-screen.
  • Where speech output is required, braille instructions for initiating the speech mode of operation shall be provided.
  • Devices that deliver sound, including required speech output, shall provide volume control and output amplification.
  • At least one mode of operation shall be operable with one hand and shall not require tight grasping, pinching, or twisting of the wrist. The force required to activate operable parts shall be 5 pounds (22.2 N) maximum.

The final rule is listed in the Federal Register. Covered organizations must meet compliance standards by Jan. 18, 2018.

Although much of the language in the final rule will likely keep lawyers busy for years to come, there are some guidelines that are easy to interpret. In general, the rules say that the technology with a display screen shall be speech-output enabled for full and independent use by individuals with vision impairments. Input controls shall be operable by touch and tactilely discernible without activation.

Running the risk

Missing out on revenue from millions of customers with disabilities is just one of the pitfalls of not complying with ADA regulations, or at least making every effort to make sense of the standards.

For violations that occurred after April 28, 2014, the maximum civil penalty for a first violation of ADA regulations is $75,000. For a subsequent violation, the maximum civil penalty is $150,000.

In addition, self-service kiosks are increasingly a target for ADA lawsuits. In March 2017, for example, the American Council of the Blind filed a lawsuit in the U.S. District Court for the Southern District of New York against fast casual restaurant chain Eatsa on behalf of a blind customer. Under Eatsa’s business model, customers order from tablet-based kiosks and pick up their food from a cubicle when it’s ready.

Customer Michael Godino claims he was unable to use a self-order kiosk in an Eatsa to place an order because the kiosks weren’t accessible for blind customers.

“Because the self-service mobile applications, touchscreen tablets, and visually-marked cubbies Eatsa utilizes rely on exclusively visual displays and do not provide any form of audio output or tactile input, Eatsa’s design is entirely inaccessible to blind customers,” according to the lawsuit.

Restaurants aren’t the only businesses open to ADA lawsuits. A proposed class action suit against mall operator Simon Property Group claims a Proactiv skincare products kiosk, located in the Simon-run Miami Mall in Florida, discriminates against blind and visually impaired individuals. The lawsuit argues the Proactiv automated retail kiosk, which uses a touchscreen display, doesn’t offer a way for blind consumers to purchase its products.

“Sighted customers can independently browse, select, and pay for Proactiv brand skincare products at the Miami Mall Proactiv kiosk. However, blind customers are denied the opportunity to participate in this retail service,” the complaint reads. “Moreover, [the defendant] has failed to provide an alternative channel for blind customers to enjoy the retail service provided through the Proactiv kiosk, such as the training of qualified readers to assist visually impaired and blind customers.”

There are about 1,000 Proactiv kiosks in malls in the United States, Canada and Japan.

And just in case a business operator thinks having a staff member on hand to assist disabled customers with using self-service technology, chances are that’s not enough to keep from running afoul of the ADA.

“It depends on the application and if the assistant is as available as the kiosk to provide services,” said Adam Aronson, CEO of San Rafael, Calif.-based Lilitab Tablet Kiosks. Lilitab designs, engineers and markets a range of tablet kiosk products. “If the cashier typically has longer lines than the kiosk, that’s not the same service level,” Aronson said.

While lawsuits against kiosk deployers related to ADA compliance are always a concern, other dangers include the negative publicity from being perceived as a business that is insensitive to the needs of disabled customers. Just a few months ago cable news was filled images of U.S. Capital Police forcibly removing disabled demonstrators from a protest over the Senate’s now-defunct health care bill. Nobody wants their business to be featured in similar reporting.

Of course, things are rarely simple when it comes to government regulations and the ADA is no different. Complicating the landscape is HR 620, the “ADA Education and Reform Act of 2017,” currently making its way through Congress. According to the Center for American Progress the bill, sponsored by Rep. Ted Poe (R-Texas), would require anyone seeking to file a lawsuit against a business for ADA violations to first provide written notice to that business, outlining the provisions of the law that apply to the violation. Business owners would then have 60 days to acknowledge the violation and another 120 days to at least make “substantial progress” towards rectifying it.

Opponents of the bill claim it would gut enforcement of the ADA by allowing businesses to stall the correction of violation for months or years, while those in favor say it would prevent the “drive-by lawsuits” that end up forcing business owners to pay settlements to lawyers who make a career out of filing ADA suits. The ADA bars the awarding of monetary damages in successful lawsuits, but does allow the awarding of “a reasonable attorney’s fee.”

Meeting the challenge

In an effort to sort through the confusion over ADA guidelines, kiosk deployers are taking their own steps to accommodate disabled users.

The easiest steps to take are those that offer access to individuals in wheelchairs or who are otherwise vertically challenged. That includes offering at least one kiosk with adjustable height or a lower point of access.

“Swiveling mounts or adjustable height mounts may assist in accessibility – but they don’t solve the problem just by being available,” said Laura Miller, director of marketing with York, Pa.-based KioWare Kiosk Software.

“The physical placement of the kiosk is just as important as the presence of accessibility features and testing is needed even with the purchase of an accessible kiosk,” she said. “If the path to the kiosk is too narrow to approach head on, for instance, it becomes moot that the kiosk itself is accessible because getting to the kiosk is too challenging or the space too constricted. Vertical and horizontal reach must be considered.”

As mentioned earlier, though, making the kiosk available to those in a wheelchair isn’t enough.

“No longer can you get away with a kiosk just being ‘reachable’,” said Frank Olea, CEO of Cerritos, Calif.-based Olea Kiosks. “Most companies will say their product is ADA compliant, but they fail to mention they’ve only covered a very small spectrum of individuals with disabilities. Sure, someone in a wheelchair can reach the screen, but serving people with disabilities goes far beyond that.”

As demonstrated by the Eatsa scenario, one of the biggest challenges in deploying interactive self-service technology is accommodating visually impaired users. A touchscreen relies heavily on users being able to see the screen, so deployers need to find ways to communicate that information in other ways.

“Without access to speech feedback for on screen contents and a method for determining what item the user is activating, a person who is blind or visually impaired cannot effectively make use of a touchscreen or tablet based kiosk,” said staff at the American Foundation for the Blind.

“For those with low vision, small or ornate fonts are difficult, if not impossible, to read,” AFB officials said. “Low contrast between the foreground and background can also make on-screen and print-labeled items difficult to read.”

In addition, glare on the screen and on any print-labeled areas of the machine can cause readability barriers for people with low vision, the AFB said.

“What I advise people to do is to recreate a version of the kiosk software that can be used by people with visual problems,” said Mike James, CEO of Washington D.C.-based Kiosk Group Inc.

“Information can be presented in large text and contrasting colors for people who are marginally blind, and to have a system for audio feedback for those who are completely blind,” James said. Those prompts can be used in conjunction with Braille keyboards to assist with navigation.

Accommodating users with hand mobility issues is a concern as well. An ‘Automated Passport Solution’ Olea built for deployment in the Dallas Fort Worth Airport incorporates the Nav-Pad, a keypad designed by London-based Storm Interface that provides accessibility to a kiosk’s functions for those with physical or sensory impairments. The APS kiosk shortens the clearance process for international travelers by collecting biographical and passport information from passengers before they are seen by a customs officer.

The Nav-Pad, developed in partnership with the Trace Research & Development Center, was originally designed for use in military and industrial applications where the user might be wearing heavy gloves. One of the pioneers in the space, Storm Interface also offers the Audio-Nav Keypad, an assistive USB device offering menu navigation by means of audio direction.

The work continues

As ADA compliance becomes a bigger and bigger issue for hardware manufacturers, software developers and kiosk deployers, a variety of industry groups are working to develop solutions that can meet the needs of disabled users.

The Kiosk Industry Association, for example, has formed an ADA working group  and committee expressly for ADA to try and standardize guidelines for the industry. A big initiative for the association is meeting with the US Access Board directly to help communicate industry information and context to the standards body directly.

Other organizations with ADA initiatives include the Electronic Transactions Association, which has also formed a working group. The ETA represents more than 500 companies worldwide involved in electronic transaction processing products and services, working to influence, monitor and shape the payments industry by providing leadership through education, advocacy and the exchange of information.

“The purpose of the group is to promote compliance and the development and deployment of products and services to help ensure access to the payment system,” said Meghan Cieslak, ETA’s director of communications. “The group is comprised of industry experts, start-ups, as well as ISOs and VARs – all focused on helping disabled Americans access the payment system.”

The Kiosk Industry Association is consulting with the ETA on access initiatives and has also enlisted the assistance of the ATM Industry Association which already has a formal ADA document via EFTA for their members.

It’s also critical for deployers to think about accessibility from the very beginning of a kiosk project. A paper co-authored by Peter Jarvis and Nicky Shaw, both from Storm Interface, along with Robin Spinks from the U.K.’s Royal National Institute of Blind People (RNIB) included the following recommendations:

“Accessibility is most effectively achieved when adopted as a primary system specification,” the group wrote.

“It is most successfully implemented if considered during the concept design process,” they wrote. “Accessibility should be a primary objective during the origination of hardware solutions, application software and content to be delivered.”

In addition, consideration should also be given to the environment in which the system will be installed, they wrote, and that terminals located in public or unsupervised environments will need to survive regular cleaning and sanitization procedures using sprayed liquid disinfectants and other cleaning agents.

Along with providing hardware designed for accessibility, the application or website on the kiosk must be built with more than a cursory nod toward compliance in order to have these other components “work” in a successful and accessible deployment. The kiosk system software can utilize accessibility features and the hardware can provide sound, include keyboards and be height adjustable, but if the application isn’t built with accessibility in mind, or modified to make sure accessibility features are fully integrated, usability and accessibility will suffer for it.

These concerns, and others, are driving the various partnerships on ADA issues.

“It was pretty much a no-brainer for us to go ahead and work together on standardizing,” Keefner said.

“I’ve been really passionate about it and I’ve talked to kiosk manufacturers about binding together to create standards on kiosk design so people who walk up to a kiosk know where to find the audio jack, know where to find the braille keyboard or whatever,” said Kiosk Group’s Mike James. “Those features could be the same for every project.”

Unfortunately, despite the additional clarification on access rules it’s likely that in the short term it’s likely that many compliance issues are likely to be hashed out in court.

“It seems that there are a few people out there who have made it their job to litigate any non-ADA-compliant situations that arise,” Miller said. “This is not exclusive to kiosks, but they have not been completely spared, and while it seems relatively obscure at this point, those individuals looking for violations will likely eventually hit on the existence of kiosks as fodder for their litigious pursuits.”

Resources for kiosks and ADA compliance

ADA Committee and ADA Working Group for Kiosk Association

ADA White Paper on Kiosk Industry

Access Board final rule for information and communication technology

Trace Research and Development

National Council on Disability Report

Interactive Accessibility   – accessibility consulting firm

Digital Business kiosk consultants

COMMENTS

Richard and Craig

I wanted to congratulate you both on an excellent and  informativearticle. Thank you for helping to bring the importance of ADA and ACAA mandates to the attention of the Kiosk Industry and to those agencies deploying and operating ICT in public environments. Thanks also for recognizing Storm Interface in the text of the article and for including some of those images showing deployed installations. We are constantly working to improve and add to the range of accessibility and assistive technology products available to kiosk designers. There are some exciting new developments in process which will help to deliver the “multi-modal” methods of system interface that are widely predicted to be the next big step in system accessibility. The priority will be to ensure our partners in the kiosk industry are kept aware of and fully supported in the deployment of Assistive Technology Products (ATP).

Hopefully your article will receive the recognition it deserves and I will have an opportunity to work with you both to maintain awareness of accessibility issues within the kiosk industry.

Best Regards

Peter Jarvis
Senior Executive VP