Report on ISO8583,EDCPOS vs mPOS and EMV vs Magnetic Strip Cards
-
Upload
darshana-senavirathna -
Category
Documents
-
view
1.104 -
download
4
Transcript of Report on ISO8583,EDCPOS vs mPOS and EMV vs Magnetic Strip Cards
0
EPIC TECHNOLOGY GROUP
Report on ISO8583,EDCPOS vs mPOS and EMV vs Magnetic Strip Cards
Assignment
Darshana Senavirathna
8/31/2015
1
Contents ISO8583 ......................................................................................................................................................... 2
ISO 8583 Message Structure ......................................................................................................................... 3
1. Message Type Indicator (MTI) .......................................................................................................... 3
Digit 1 .................................................................................................................................................... 4
Digit 2 .................................................................................................................................................... 4
Digit 3 .................................................................................................................................................... 5
Digit 4 .................................................................................................................................................... 6
2. Bitmaps ............................................................................................................................................. 7
3. Data elements ................................................................................................................................... 8
References .................................................................................................................................................. 16
Magnetic Stripe Card vs EMV Chip Cards ........................................................................................... 17
Magstripe Cards for Financial Purposes ................................................................................................. 17
The flow of a Magstripe transaction ....................................................................................................... 20
2. EMV chip cards .................................................................................................................................... 20
3. Comparison between Magnetic Stripe Card and EMV chip card ........................................................ 23
4. Conclusion ........................................................................................................................................... 25
5. References .......................................................................................................................................... 25
EDCPOS vs mPOS Devices ......................................................................................................................... 26
Electronic Data Capture (EDC) .................................................................................................................... 26
Mobile Point of Sales (mPOS) ..................................................................................................................... 27
Comparison of EDCPOS and mPOS ............................................................................................................. 28
Security ............................................................................................................................................... 28
Price .................................................................................................................................................... 28
Convenience ........................................................................................................................................ 28
Connectivity ........................................................................................................................................ 29
Other Aspects ...................................................................................................................................... 29
Conclusion ........................................................................................................................................... 29
2
ISO 8583
Introduction
In the modern world the electronic payment sector plays a huge role in financial transactions. The
electronic card payment sector has become very popular for last three decades.
Normally an electronic card payment happens from a transaction acquiring device such as POS (Point-of-
Sales) or an ATM (Automated Teller Machine) which subsequently having various authorization and
verification process along with the checking of the status of the user financial information through
relevant financial institutions. This process is complex and involves message exchanges between
different organizations.
ISO 8583 defines a common global standard format for the financial transaction card originated
messages which may interchange between acquirers and card issuers.
ISO 8583 Consists of 3 Parts
ISO 8583-1:2003
(Revision for 8583: 1993)
• Specifies message structure, format and content, data elements and values for data elements
ISO 8583-2:1998
• Application and registration procedures for Institution Identification Codes
ISO 8583-3:2003
• Maintenance procedures for messages, data elements and code values
3
ISO 8583 Message Structure
This consists of 3 parts
The Message Structure of ISO 8583 message
1. Message Type Indicator (MTI)
Message Type Indicator (MTI) is a 4 digit numeric field which determines the high level function of the
message. Each digit represents information which describes the characters of the message according to
ISO 8583.
Example 1.1
1.Message type indicator (MTI)
2.One or more bitmaps, indicating which data elements are present
3.Data elements, the fields of the message
2 1 1 0
Digit 1 Digit 2 Digit 3 Digit 4
4
Digit 1
Digit 1 describes the ‘version of ISO 8583’ which is being used for the message transmission. From the
example 1.1 it says the message belongs to ISO 8583-3:2003 version.
Numerical
Value
Meaning
0 ISO 8583-1:1987 version
1 ISO 8583-2:1993 version
2 ISO 8583-3:2003 version
3,4,5,6,7 Reserved for ISO use
8 Reserved for National use
9 Reserved for Private use
Digit 2
Digit 2 explains ‘Class of the message’. From the example 1.1 the message implies it is an “Authorization
Message” Since the Digit 2’s value is ‘1’.
5
Numerical
Value
Meaning
0,9 Reserved by ISO
1 Authorization Message
2 Financial Message
3 File Action Message
4 Reversal and Chargeback Message
5 Reconciliation Message
6 Administrative Message
7 Free Collection Message
8 Network Management Message
Digit 3
Third Digit specifies the message function which defines how the message should flow within the
system.
For instance there can be functions such as ‘Requests’ which are intended for end-to-end
communication. This could be a message which sends from acquirer to issuer and back with timeouts
and automatic reversals in place.
One other type of message is that point-to-point message where it may travel from one point to
another. For example this could be a message which sends from terminal to acquirer, from acquirer to
network, from network to issuer etc. with a transmission guarantee over each link.
6
Position Meaning
0 Request
1 Request Response
2 Advice
3 Advice Response
4 Notification
5 Notification Acknowledgement
6 Instruction (ISO 8583:2003 only)
7 Instruction Acknowledgement (ISO 8583:2003 only)
8,9 Reserved for ISO use.
According to the example 1.1 the digit three value of 1, it implies the message is a Request Response
message according to ISO 8583 standard.
Digit 4
This digit defines the location of the message source within the payment chain. This is also called
‘Message Origin’
Position Meaning
0 Acquirer
1 Acquirer Repeat
2 Issuer
7
3 Issuer Repeat
4 Other
5 Other Repeat
6,7,8,9 Not Defined / Not Available
According to the example 1.1 the message source is Acquirer.
2. Bitmaps
Bitmap is a field which indicates the other data of a message. This is either a field or subfield of data.
Each and every message contains at least one Bitmap which is called the ‘Primary Bitmap’
Bitmap is generally transmitted as 16 hexadecimal characters or 8 bytes binary data. A bitmap indicates
which fields are included in the message. Furthermore if the most significant bit is 1 (present) it
indicates ‘Secondary Bitmap’ is available.
For example let’s take the following Hexadecimal Message:
C150001100AD4804 Example 2.1
The following is the converted binary message from the hex decimal message.
1100,0001,0101,0000,0000,0000,0001,0001,0000,0000,1010,1101,0100,1000,0000,0100
As indicated by the above translation, the first 4 digits indicate as 1100 where the very first (Most
Significant Bit) shows the value as 1 (present) where it indicates there is a ‘Secondary Bitmap’ Present in
the message.
8
According to the above message the following fields are present in the message.
2, 8 ,10 ,12 ,28 ,32 ,41 ,43 ,45 ,46 ,48 ,50 ,53 ,62
3. Data elements
Data Elements are the individual fiends which carrying transaction information. From the initial 1987 ISO
8583 introduction, it specified 128 data elements which increased up to 192 data elements in later
revisions. Notably in 1993 revision some new definitions were added while some were deleted.
Each data element is described in standard format which defines the permitted content of field and the
field length.
Abbreviation Meaning
a Alpha, including blanks
n Numeric values only
s Special characters only
an Alphanumeric
as Alpha & special characters only
ns Numeric and special characters only
ans Alphabetic, numeric and special characters.
b Binary data
z Tracks 2 and 3 code set as defined in ISO/IEC 7813 and ISO/IEC 4909 respectively
. or .. or ... variable field length indicator, each . Indicating a digit.
x or xx or xxx fixed length of field or maximum length in the case of variable length fields.
Furthermore the field length is also determined as follows
Type Meaning
9
Fixed no field length used
LLVAR or (..xx) Where LL < 100, means two leading digits LL specify the field length of field
VAR
LLLVAR or (...xxx) Where LLL < 1000, means three leading digits LLL specify the field length of
field VAR
LL and LLL are hex or ASCII. A
VAR field can be compressed
or ASCII depending of the
data element type.
LL can be 1 or 2 bytes. For example, if compressed as one hex byte, '27x
means there are 27 VAR bytes to follow. If ASCII, the two bytes '32x, '37x
mean there are 27 bytes to follow. 3 digit field length LLL uses 2 bytes with a
leading '0' nibble if compressed, or 3 bytes if ASCII. The format of a VAR data
element depends on the data element type. If numeric it will be compressed,
e.g. 87456 will be represented by 3 hex bytes '087456x. If ASCII then one byte
for each digit or character is used, e.g. '38x, '37x, '34x, '35x, '36x.
ISO-defined data elements
Data Field
Type Usage
1 b 64 Bit map (b 128 if secondary is present and b 192 if tertiary is present)
2 n ..19 Primary account number (PAN)
3 n 6 Processing code
4 n 12 Amount, transaction
5 n 12 Amount, settlement
6 n 12 Amount, cardholder billing
7 n 10 Transmission date & time
8 n 8 Amount, cardholder billing fee
10
9 n 8 Conversion rate, settlement
10 n 8 Conversion rate, cardholder billing
11 n 6 System trace audit number
12 n 6 Time, local transaction (hhmmss)
13 n 4 Date, local transaction (MMDD)
14 n 4 Date, expiration
15 n 4 Date, settlement
16 n 4 Date, conversion
17 n 4 Date, capture
18 n 4 Merchant type
19 n 3 Acquiring institution country code
20 n 3 PAN extended, country code
21 n 3 Forwarding institution. country code
22 n 3 Point of service entry mode
23 n 3 Application PAN sequence number
24 n 3 Function code (ISO 8583:1993)/Network International identifier (NII)
25 n 2 Point of service condition code
26 n 2 Point of service capture code
27 n 1 Authorizing identification response length
28 x+n 8 Amount, transaction fee
11
29 x+n 8 Amount, settlement fee
30 x+n 8 Amount, transaction processing fee
31 x+n 8 Amount, settlement processing fee
32 n ..11 Acquiring institution identification code
33 n ..11 Forwarding institution identification code
34 ns ..28 Primary account number, extended
35 z ..37 Track 2 data
36 n ...104 Track 3 data
37 an 12 Retrieval reference number
38 an 6 Authorization identification response
39 an 2 Response code
40 an 3 Service restriction code
41 ans 8 Card acceptor terminal identification
42 ans 15 Card acceptor identification code
43 ans 40 Card acceptor name/location (1-23 address 24-36 city 37-38 state 39-40 country)
44 an ..25 Additional response data
45 an ..76 Track 1 data
46 an ...999 Additional data - ISO
47 an ...999 Additional data - national
48 an ...999 Additional data - private
12
49 a or n 3 Currency code, transaction
50 a or n 3 Currency code, settlement
51 a or n 3 Currency code, cardholder billing
52 b 64 Personal identification number data
53 n 16 Security related control information
54 an ...120 Additional amounts
55 ans ...999
Reserved ISO
56 ans ...999
Reserved ISO
57 ans ...999
Reserved national
58 ans ...999
Reserved national
59 ans ...999
Reserved national
60 ans ...999
Reserved national
61 ans ...999
Reserved private
62 ans ...999
Reserved private
63 ans ...999
Reserved private
64 b 16 Message authentication code (MAC)
65 b 1 Bitmap, extended
66 n 1 Settlement code
67 n 2 Extended payment code
68 n 3 Receiving institution country code
13
69 n 3 Settlement institution country code
70 n 3 Network management information code
71 n 4 Message number
72 n 4 Message number, last
73 n 6 Date, action (YYMMDD)
74 n 10 Credits, number
75 n 10 Credits, reversal number
76 n 10 Debits, number
77 n 10 Debits, reversal number
78 n 10 Transfer number
79 n 10 Transfer, reversal number
80 n 10 Inquiries number
81 n 10 Authorizations, number
82 n 12 Credits, processing fee amount
83 n 12 Credits, transaction fee amount
84 n 12 Debits, processing fee amount
85 n 12 Debits, transaction fee amount
86 n 16 Credits, amount
87 n 16 Credits, reversal amount
88 n 16 Debits, amount
14
89 n 16 Debits, reversal amount
90 n 42 Original data elements
91 an 1 File update code
92 an 2 File security code
93 an 5 Response indicator
94 an 7 Service indicator
95 an 42 Replacement amounts
96 b 64 Message security code
97 x+n 16 Amount, net settlement
98 ans 25 Payee
99 n ..11 Settlement institution identification code
100 n ..11 Receiving institution identification code
101 ans ..17 File name
102 ans ..28 Account identification 1
103 ans ..28 Account identification 2
104 ans ...100
Transaction description
105 ans ...999
Reserved for ISO use
106 ans ...999
Reserved for ISO use
107 ans ...999
Reserved for ISO use
108 ans ...999
Reserved for ISO use
15
109 ans ...999
Reserved for ISO use
110 ans ...999
Reserved for ISO use
111 ans ...999
Reserved for ISO use
112 ans ...999
Reserved for national use
113 ans ...999
Reserved for national use
114 ans ...999
Reserved for national use
115 ans ...999
Reserved for national use
116 ans ...999
Reserved for national use
117 ans ...999
Reserved for national use
118 ans ...999
Reserved for national use
119 ans ...999
Reserved for national use
120 ans ...999
Reserved for private use
121 ans ...999
Reserved for private use
122 ans ...999
Reserved for private use
123 ans ...999
Reserved for private use
124 ans ...999
Reserved for private use
125 ans ...999
Reserved for private use
126 ans ...999
Reserved for private use
127 ans ...999
Reserved for private use
128 b 64 Message authentication code
16
References
http://www.codeproject.com/Articles/100084/Introduction-to-ISO
https://www-
01.ibm.com/support/knowledgecenter/SSMKHH_10.0.0/com.ibm.etools.mft.samples.iso8583.doc/do
c/background.htm
http://www.chileoffshore.com/en/toolkits/iso8583-tools/show-bitmap
https://en.wikipedia.org/wiki/ISO_8583
17
Magnetic Stripe Card vs EMV Chip Card
1. Magnetic Stripe Card
Magnetic storage technology was developed during the period of World War II which was used for the
computer related information storing after the world war. In 1960’s IBM developed a method to store
data using a similar technology with plastic cards which now called as Magnetic Stripe Card.
Magnetic Stripe Card is also called ‘Magstripe’ or ‘Swipe Card’ which is made from a plastic card which
has a stripe of iron oxide to store information. Magstripe cards are being used as Identification Cards,
Credit and Debit Cards, Access Control Cards, Transportation Cards etc.
Magstripe Cards for Financial Purposes
Magstripe Cards have been widely used as electronic payment cards (Debit/Credit cards) since the
inception of electronic card payment. In Magstripe card certain information has been recorded in the
Magnetic Strip. This magnetic stripe has been divided in to three tracks.
Front Side of A Magstripe Card Backside of a Magstripe Card
Track 1
Track one is 210 bits per inch (bpi), and holds 79 six-bit plus parity bit read-only characters.
Track one contains specific bank information such as
18
Account Number
Card Holder’s name
Expiration Data
Certain Security Codes
The information on track one is contained in two formats -- A, which is reserved for proprietary use of
the card issuer, and B, which includes the following:
1. Start sentinel -- 1 character
2. Format code="B" -- 1 character (alpha only)
3. Primary account number -- up to 19 characters
4. Separator -- 1 character
5. Name -- 2-26 characters
6. Separator -- 1 character
7. Expiration date or separator -- 4 characters or 1 character
8. Service Code
9. Discretionary data -- enough characters to fill out maximum record length (79 characters total)
10. End sentinel -- 1 character
11. Longitudinal Redundancy Check (LRC), a form of computed check character – 1 character
1 2 3 4 5 6 7 8 9 10 11
% B 1234567890123445 ^ DARSHANA/S. ^ 1701 1200000 0000000000000**XXX****** ? *
19
Track 2
Track two contains 75 bits per inch density, and holds 40 four-bit plus parity bit characters.
Generally track 2 contains information such as
Card Number
Expiration Date
Encrypted PIN.
This track format is as follows.
1. Start sentinel -- 1 character
2. Card Number
3. Separator -- 1 character
4. Expiration date or separator -- 4 characters or 1 character
5. Service Code
6. Encrypted PIN
7. End sentinel -- 1 character
8. LRC -- 1 character
1 2 3 4 5 6 7 8
; 1234567890123445 = 1701 1200 XXXX00000000 ? *
Track 3
Track three is having a density of 210 bits per inch, and holds 107 four-bit plus parity bit characters.
20
Generally not used worldwide. Sometimes even physically not present in cards from certain
manufacturers.
The flow of a Magstripe transaction
1. When the card is swiped through the device, data from the magnetic stripe is captured and included in the transaction request. Ideally the
2. The request, with the captured data, goes from the device to the acquirer. 3. The request then goes to the issuer. 4. The issuer uses the data from the card, as well as information such as the transaction amount, to
make an authorization decision. 5. The response is then sent back to the acquirer. 6. The response then goes to the device.
2. EMV chip cards
EMV was initially developed by EuropePay, VISA and MasterCard organizations on 1993 with having the
objective of improving the security of an electronic transaction. EMV is a smart card which is also called
as ‘Chip Cards’ or ‘IC Card’. EMV stores data on a ‘chip’ instead of a ‘magnetic stripe’ which enables to
store a higher amount of data on the card.
Even though EMV uses ‘Chip’ to store data, still the magnetic stripe is available in most of the EMV cards
to enable backward compatibility.
Types of EMV
There are different types of EMV cards in terms of the contact. One type should be inserted physically to
the acquiring machine while the other type is contact less card which can be read over a short distance
through RFID (Radio Frequency Identification) technology.
21
Types of Authorization
There are two types of authorization of EMV card. One is ‘Chip-and-Pin’ and the other is ‘Chip-and-
Signature’. This is used according to the requirement of Issuer.
From Chip-and-Pin it requires to add the PIN number at the point of sales. From Chip-and-Signature
method, customer signature is sufficient for the authorization of the transaction.
EMVCo
As mentioned above , EMV initialized by Europay , Mastercard and VISA has now expanded and now
working under an organization called ‘EMVCo’ which controlled split equally by VISA, MasterCard , JCB
,American Express ,China Union and Discover.
EMV Chip Card
RFID Card
22
The flow of EMV transaction.
1. The card is inserted to the terminal’s chip card reader. Terminal reads the chip card and initially determines whether it is a financial card and proceeds. If the card is a financial card it starts acquiring data from card. Then the chip card creates a request cryptogram. The cryptogram is a collection of several pieces of data related to the card and the transaction that is encrypted under a special key stored in the card.
2. This request cryptogram, along with other EMV-related information from the card and the terminal, is sent to the acquirer.
3. Then, the request cryptogram is sent to the relevant issuer by acquirer.
4. The issuer verifies the request cryptogram and optionally generates a response cryptogram.
By verifying the cryptogram, the issuer is assured that the transaction came from the chip card (and was not fraudulently introduced into the transaction request path). If the request cryptogram is verified successfully, the issuer may optionally generate a response cryptogram. (The issuer can also send a command back to the chip card as part of the transaction response that will update some specific fields within the chip.)
5. The response cryptogram is passed in the response that goes back to the acquirer.
6. Then, the response cryptogram is passed in the response to the device.
23
7. At this point, the device has to once again communicate with the chip card, because the card will try to verify the response cryptogram. By doing so, the chip card can be assured that the response came from the issuer, and was not fraudulently introduced into the transaction response path.
3. Comparison between Magnetic Stripe Card and EMV chip card
1. Security
Duplication:
The information which is stored inside Magstripe card can be copied and duplicated easily. The
main reason for this is the information which has been stored is straight forward with using very
minimal encryptions (only PIN code is encrypted and stored on the Magstripe).
Since EMV card uses encryption methods such as Triple DES with independent keys it is
technically impossible to forge a fake card. This is very helpful to secure financials by a time of a
loss of the card or information of the card has been exposed to vulnerable parties (ex. Via
Internet Transaction).
Authentication
Generally in Magstripe card it doesn’t require for the user to insert the PIN instead a placement
of signature is sufficient in Point-of-Sales. (However for ATM transactions it is required to insert
the PIN) This is a disadvantage of Magstripe if the card is stolen.
In EMV cards it uses a PIN verification system in Chip-to-PIN method. From this method the
financials will be protected in even the card is stolen.
Card-Swipe vs. Card-in-device
In general Magstripe transaction once the card is swiped and acquired information by the
device, further interaction will not happen between card and the device during the time of the
transaction.
In EMV method, the card has to be inside the device for the time of the transaction where it
sends information and waits until it receives information from the issuer to validate about the
transaction. This prevents in-line security issues.
2. Data Storing
Size of Storage
24
In Magstripe the information which can be used in device is very limited. It only includes the
most important information about card, card holder and issuer. This is a limitation when it
comes to the security feature expansion.
Furthermore once the information has been recorded on the card, further changes doesn’t
happen where the information existing is not getting updated.
In EMV since it uses an electronic chip, the data storage space is significantly higher than
Magstripe where it also allows EMV to use security features such as data encryption.
Multiple Usage of the Card
In Magstripe the since the storage size limitations the card can be used for a single purpose (ex:
- As Debit Card and Credit Card you have to use two different cards even from the same issuer)
In EMV since the storage size is high multiple card information can be stored in the same card.
For example you can use the same card for your debit and credit transactions. The future aspect
of this is integration of all the cards such as driving license cards, national security card,
insurance card, identification card, credit cards & debit cards (even from different issuers) to a
one single card where it is continent for the user and environmental friendly in large scale.
3. Durability
Magstripe cards are very sensitive for the magnetic fields which might cause a loss of the
information of the card. Furthermore the scratching or folding might make the card damaged
and unusable.
Since EMV uses an electronic chip, magnetic fields cannot interfere with the data. Furthermore
EMV card can tolerate scratching and folding for some extend since it’s memory is centralized
into few millimeters of the card.
4. Cost
The cost of Magstripe Card is comparatively low which remains between $0.35 to $0.75.
The cost of EMV is comparatively higher which is between $0.97 to $1.38.
25
4. Conclusion
Magstripe is a cheaper and easy to use solution for the financial institutions. However Magstripe
became unsecure by the time and since it has a very limited storage the further expansions and
developments are technically not possible. Furthermore Magstripe is easily getting damaged due to
various reasons.
Because of the above reasons Magstripe is a decline methodology which will be totally replaced from
EMV during next few years’ time.
EMV is a timely a much secured method which can be used for further expansions as well because of its
high storage. Furthermore Magstripe has the ability for the integration of multiple cards to one single
card which will be the future of electronic cards along with RFID facility where swipe is not necessary for
the transactions. EMV doesn’t get interfered because of magnetic stripes and can tolerate folding and
scratches for some extend which improves the durability of the card. Simply is enabling more options for
the future improvement while providing valid solutions for the existing problems in Magstripe cards
which can be considered as the future of the electronic card industry.
5. References
1. https://en.wikipedia.org/wiki/Magnetic_stripe_card
2. https://en.wikipedia.org/wiki/EMV
3. http://www.parappsys.com/news/industry-insights/chip-cards-what-and-why-of-emv.html
4. http://quickbooks.intuit.com/r/emv-migration/how-do-emv-transactions-differ-from-magnetic-
stripe-transactions
5. http://www.parappsys.com/news/industry-insights/comparing-chip-card-and-magnetic-stripe-
card-transaction-flows.html
6. http://blog.toasttab.com/emv-chip-card-magnetic-stripe-card-security
7. http://www.cardlogix.com/docs/pis/CardLogix_PIS_SmartCardsVsMagStripe.pdf
8. http://www.emv-connection.com/emv-faq/#q5
26
EDC POS devices vs mPOS devices
Point of Sales (POS)
The point of sale (POS) is the time and place where a retail transaction is completed. It is the point at
which a customer makes a payment to the merchant in exchange for goods or after provision of a
service.
Electronic Data Capture (EDC)
EDC which stands for Electronic Data Capture which allows you to capture and authorize a credit card
transaction, effectively giving business the ability to accept credit and debit cards and complete the
transactions. EDC POS devices are the hardware components which can capture relevant financial data.
In a typical EDC there are three main components.
I. A Graphical User Interface.
The graphical user interface gives easy-to-use access for the users who are having different levels of
education which gives large icons and fonts. Furthermore some modern graphical user interfaces of
EDC POS devices contain advertisements and offers.
II. A Validation component
Objective of this component is to identify, verify and validate the user information and financial
information. Various methods of capturing information from cards are being used in modern devices
such as through Magnetic Strip Scanner, EMV (Europe Pay-Master-Visa) scanners and from finger
print scanners.
III. A reporting tool for analysis of the collected data
27
This is a tool where you can analysis the financial information which had occurred via the devices.
EDC POS devices
Mobile Point of Sales (mPOS)
Mobile Point of sale (mPOS) is a device to perform the functions of POS device from a smartphone,
tablet or some other wireless device. mPOS allows providing financial service in place by improving the
customer experience. mPOS is a cost effective method since it capable to install and use in any smart
device and also this allow small business owners to do electronic transactions without investing in
electronic register. There are different payment methods for mPOS, such as magnetic stripe, EMV chip-
enabled cards, or contactless cards
Any smartphone or tablet can be transform into a mPOS by installing the relevant software that provide
by the vendor and the card reader needs to plug into the mobile device’s audio jack. Customer data is
not store in the device, it encrypted and stored in the cloud to protect the cardholder
information. Customer will receive a digital receipt after the transaction.
Types of mPOS devices:
mPOS Dongles & Attachments - These are mobile peripherals that are connected physically via a port to a mobile device (smartphone or tablet), in order to process payments.
28
External mPOS Devices - These are Mobile Point of Sale devices that connect wirelessly, via Bluetooth or Wi-Fi, to a mobile device, in order to process payments.
Comparison of EDCPOS and mPOS
Security
EDC POS is a dedicated device which is solely built for the use of Electronic Payment. Since
EDCPOS is a purpose built device which is focused on electronic financial transaction, the
security is very high.
Since mPOS is used in a Smart Device, it has to run on the top of existing operating systems and
along with the existing applications. The existing applications and the operating system may
include security loopholes vulnerable programs where can be used for a security breach or
attack by the hackers. Furthermore the mobile device is designed for general purpose and not
specially designed for electronic financial undertake with required security measures.
Price
The Price of a EDCPOS device hardware stands between $200-$1000 USD .This cost excludes
the cost of installation, maintenance and the software cost. The total cost of an EDC POS system
is significantly high.
From the other hand mPOS device is cheap (starting from $50), which can be used with the help
of an existing smart device where the software / application cost is comparatively low (which
probably an application which can be downloaded from Merchant’s bank for free or a small
amount) where the maintain cost is negligible.
Convenience
Both of the devices (EDC POS & mPOS adapter) should be charged by time to time which has a
significantly high time of battery life where both are convenient for use. However in mPOS
device the mobile smart devices also should be charged frequently which is not convenient for
day-to-day use.
29
Since mPOS is running on a smart device operating system as an application, the crash rate may
be higher than EDCPOS. Since EDCPOS is a purpose built device the hardware and software
constrains have built in a way to avoid crashes because of its architecture.
The usability EDC POS device is better comparatively mPOS where in EDCPOS has relevant
specific buttons (press buttons/touch buttons) where end user can easily recognize and use. In
mPOS it has a touch mobile screen where the touch may not be convenient for frequent use. (It
should be noted in mobile screen the screen display dimming time to time may also not be
convenient where if it is turned on all the time it may cause increasing the rate of battery
discharging.)
mPOS devices are connected to the mobile smart device using audio adaptor or via Bluetooth.
These connections might reduce the lifetime of the mobile device and /or respective
connectivity adaptor /device of mobile device.
Connectivity
Generally most of the EDCPOS and mPOS devices are using GPRS internet connectivity where in
some cases EDCPOS uses dedicated ADSL lines. However unlike EDCPOS in mPOS the internet
connectivity is shared with other applications of the devices where it may slower down the
functionalities of mPOS application.
Other Aspects
In EDCPOS it is possible for the merchant to print a receipt /invoice for the transaction and take
the customer signature where it can be used as a physical proof for the transaction for the
future purposes. But in mPOS printing receipts is not possible since the unavailability of the
printer instead it has the option of signing digitally on the screen which may be not convenient
for the customer. Furthermore in mPOS transaction customer doesn’t get a physical proof
(receipt) for the electronic transaction occurred.
Conclusion
EDCPOS is a purpose built device which is the most secured and most convenient device electronic
financial transaction. However the device hardware cost and other related costs are significantly high.
30
mPOS whole system is not purpose built which affects the convince and security where the cost of
mPOS hardware and related costs are comparatively lower than EDCPOS.
EDCPOS is ideal for the environments where the electronic cards are frequently used such as super
market chains, vehicle gas stations, food franchises etc. where it is also affordable for the organizations
to maintain such system and devices.
mPOS is suitable for the environment where the electronic payment is not frequently used or much
popular and also the user / organization cannot afford a costly system such as EDCPOS. This system is
ideal for the startups , small scale convenient stores, and rural shops etc.
Reference
1. https://en.wikipedia.org/wiki/Point_of_sale
2. https://en.wikipedia.org/wiki/Electronic_data_capture
3. http://www.mastercard.com/corporate/mpos.html
4. http://www.alibaba.com/showroom/pos-terminal-price.html
5. http://www.entrepreneur.com/encyclopedia/point-of-sale-pos-system
6. http://techcrunch.com/2013/09/25/mpos-price-war/