In 2012 Lilitab began shipping the first fully integrated tablet kiosk-credit card reader combination. While other companies do provide card reader options, those are typically after thoughts, or “bolt-ons” such as plugging a third party reader into the headphone jack of the iPad™ or other tablet computer. We designed our reader as an integral part of the Lilitab Swipe point of sale (POS) solution. This assures customers that their personal information is safe and protected from compromise and fraud, such as the use of credit card “skimmers”.
This article focuses how we transform a simple, elegant tablet kiosk to a professional solution, turning it into the next stage of evolution for retail.
Lilitab starts with only the best components. The high quality of our Lilitab kiosk solutions, from the high-strength ABS enclosures to the sleek and secure styling to the flexible set of options, has been described in the press and other places on this site. The key element of any POS is the magnetic stripe card reader. We use the MagTek MagneSafe 3-track encrypting card reader. With the MagneSafe reader, card data is encrypted right at the head immediately when the swipe occurs. The encrypted data is passed to our custom-built logic board, or PCB. The PCB essentially is nothing more than a conduit between the tablet and the reader.
When using an iPad, a small computer chip (microcontroller) on the PCB contains programming that moves the card data between the MagneSafe reader and the iPad’s operating system, iOS. At no time does the PCB or microcontroller ever see private customer data; it’s encrypted at the reader as soon as the card is swiped. In addition to passing card data to the iPad, commands generated by the iPad can be passed to the reader, i.e. two-way traffic is supported. This allows software integrators to change various parameters on the MagneSafe reader customizing the output. For example, setting how many validation characters of a card can be seen, typically “the last four”.
One question developers generally ask is “If the data is encrypted, how can I debug my application”? Lilitab works with our partners in various ways to answer this question from providing unencrypted reader options for early development to providing engineering support during the development process. In addition to our hardware, we provide a comprehensive Software Development Kit that includes two sample iOS apps in order to get started. To validate the proper function of your Lilitab Swipe hardware out of the box, we provide the LilySwipe app, available in the Apple App Store.
So, what happens after the card info is passed from the magnetic stripe through the MagneSafe through the PCB and to the iPad operating system? It’s read by the app- and this is where your customization as a Lilitab Swipe integrator begins.
As mentioned previously, to help support your development, Lilitab provides our comprehensive SDK to get you started. It is by no means the “end all” solution…you will need to develop your own use-cases, design and implement your UI/UX, build your program logic and interface to your merchant processing back end. One word of advice…don’t scrimp on software development. This is not a simple “Hello, World!” application. Your code will talk to hardware via specialized protocols and integrate with a secure back-end system. Remember, you are handling your customers’ personal information.
Here’s the good news-that personal information is still encrypted. You couldn’t read it even if you tried. Not only does that protect your customers, it also reduces your PCI scope.
PCI, or the Payment Card Industry, provides a set of security standards that regulate how credit/debit card data can be handled. There are pages and pages of documentation on this at the PCI web site. The bulk of these refer to what you can do with personal customer data, such as how long and how you would store it, encryption, etc. In general, unless you are willing to deal with the requirements, restrictions, complicated testing, and so on, it’s best to never keep or handle customer data. If you have a business that accepts credit/debit cards, you already know this…you’re probably paying a monthly/yearly PCI fee to your payment processor.
By encrypting the data at the swipe so that you never can see it, much of these regulatory restrictions become “out of scope”. Please check the Lilitab web site for a statement about our PCI compliance in this area.
Sleek styling, flexible options, and a highly secure, integrated card reader set the Lilitab Swipe apart from any other product on the market today. For more information, please contact us at firstname.lastname@example.org.
Ken Maskrey, Director of Systems Engineering.