Main Nav

Posted by mberman on October 5, 2012
Hi all, We're looking at portable POS for our athletics folks and talking to a company called Revel Systems. Does anyone have experience with them? Someone else doing iPad credit-card-swipe that you like doing business with? (and is fully PCI compliant!) Just looking for references! Thanks, - Mark -- Mark Berman, Chief Information Officer Siena College 515 Loudon Road Loudonville, NY 12211 (518)782-6957, Fax: (518)783-2590 Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution. CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Mark I would go for iPhone credit card swipe using Square. https://squareup.com/ It appears their Register product works with an iPad, but I am not familiar with it. Julie Ouska CIO/VP of IT Interim Executive Director CCCOnline Colorado Community College System Julie.ouska@cccs.edu (720) 858-2781
Posted by: jouska on October 5, 2012
Square... Jim James M. Dutcher - Chair - SUNY Council of CIOs SUNY Cobleskill - CIO: PMP, CISSP, SCP/Security+, CISA EMail : dutchejm@cobleskill.edu EMail : jim@dutcher.net (personal) Office: (518) 255-5809 Cell : (518) 657-1056 (work) Cell : (607) 760-7455 (personal) Skype : james_dutcher http://www.cobleskill.edu
Posted by: jdutcher on October 5, 2012
That's what they use in the Apple store. Dr Robert Paterson V. P. I T, Planning & Research Molloy College rpaterson@molloy.edu Sent from my iPhone
Posted by: rpaterson on October 5, 2012
Good afternoon, We are currently using Squareup. The reader is free and works on either an Android or Apple device. The transaction fee is flat 2.75% per transactions. Setup is quick and simple. There is no PCI requirement because the credit card transaction is processed through Squareup.com Thank you, William W. Hanby Chief Information Officer | Office of Information Technology Hastings College | 710 N. Turner Ave. | Hastings, NE 68901 o. 402.461.7339 | c. 402-705-1906 | whanby@hastings.edu
Posted by: whanby on October 5, 2012
I recently attended a conference where a PCI vendor was doing a presentation. He stated that currently there are no PCI compliment mobile POS. He stated that if you use something like Square the swipe process is compliment but where the breakdown is if the credit card cannot be swiped. The systems will allow you to manually type the credit card on the device, which then bypasses the encryption. By no means am I an expert, just passing some information to think about. Dennis Michaels Chief Information Officer Niagara County Community College 716.614.6744
Posted by: dmichaels on October 5, 2012
Good points Dennis....here are some reference links from both sides:

http://creditcardprocessingadvice.com/squareup-and-pci-compliance/


https://squareup.com/security/levels


Regards,

Jim 

James M. Dutcher - Chair - SUNY Council of CIOs

SUNY Cobleskill - CIO: PMP, CISSP, SCP/Security+, CISA

Dennis Michaels <dmichaels@NIAGARACC.SUNY.EDU> wrote:
I recently attended a conference where a PCI vendor was doing a presentation.  He stated that currently there are no PCI compliment mobile POS.  He stated that if you use something like Square the swipe process is compliment but where the breakdown is if the credit card cannot be swiped.    The systems will allow you to manually type the credit card on the device, which then bypasses the encryption. 

By no means am I an expert, just passing some information to think about.

Dennis Michaels
Chief Information Officer
Niagara County Community College
716.614.6744

Posted by: jdutcher on October 5, 2012

We just completed a PCI-DSS gap analysis and were told that not only were these devices not PCI compliant, they were not secure.

 

Regards,

 

Timothy D. Carroll

Timothy D. Carroll

Assistant Vice President, Information Technology

Roane State Community College

 

 

From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dutcher, James M
Sent: Friday, October 05, 2012 3:19 PM
To: CIO@LISTSERV.EDUCAUSE.EDU
Subject: Re: [CIO] iPad based Point-Of-Sale

 

Good points Dennis....here are some reference links from both sides:

 

 

 

 

 

Regards,

Jim 

James M. Dutcher - Chair - SUNY Council of CIOs

SUNY Cobleskill - CIO: PMP, CISSP, SCP/Security+, CISA


Dennis Michaels <dmichaels@NIAGARACC.SUNY.EDU> wrote:

I recently attended a conference where a PCI vendor was doing a presentation.  He stated that currently there are no PCI compliment mobile POS.  He stated that if you use something like Square the swipe process is compliment but where the breakdown is if the credit card cannot be swiped.    The systems will allow you to manually type the credit card on the device, which then bypasses the encryption. 

By no means am I an expert, just passing some information to think about.

Dennis Michaels
Chief Information Officer
Niagara County Community College
716.614.6744

Posted by: carrolltd on October 8, 2012

Thanks to everyone for the comments. FYI: One thing that Revel provides that Square, I think, does not is some inventory control along with historical reporting. They also provide hardware that ties into a cash drawer so they can take and track cash as well as credit.  It sounds like not too many of you all are doing much in this area, are we out there on the bleeding edge on this? I have to say that the main place I’ve seen these things in use is at crafts fairs where the vendors don’t take advantage of the fancier capabilities.

 

- Mark

--

Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590

Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

 

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.

 

 

 

From: Dutcher, James M [mailto:DutcheJM@COBLESKILL.EDU]
Sent: Friday, October 05, 2012 3:19 PM
Subject: Re: iPad based Point-Of-Sale

 

Good points Dennis....here are some reference links from both sides:

 

 

 

 

 

Regards,

Jim 

James M. Dutcher - Chair - SUNY Council of CIOs

SUNY Cobleskill - CIO: PMP, CISSP, SCP/Security+, CISA


Dennis Michaels <dmichaels@NIAGARACC.SUNY.EDU> wrote:

I recently attended a conference where a PCI vendor was doing a presentation.  He stated that currently there are no PCI compliment mobile POS.  He stated that if you use something like Square the swipe process is compliment but where the breakdown is if the credit card cannot be swiped.    The systems will allow you to manually type the credit card on the device, which then bypasses the encryption. 

By no means am I an expert, just passing some information to think about.

Dennis Michaels
Chief Information Officer
Niagara County Community College
716.614.6744

Posted by: mberman on October 8, 2012
Tim, Do you know on what basis they said the security was lacking? Revel is offering their PCI compliance certification. - Mark From: "Carroll, Tim" > Date: Monday, October 8, 2012 9:01 AM Subject: Re: iPad based Point-Of-Sale We just completed a PCI-DSS gap analysis and were told that not only were these devices not PCI compliant, they were not secure. Regards, Timothy D. Carroll Timothy D. Carroll Assistant Vice President, Information Technology Roane State Community College [cid:image001.jpg@01CDA533.79172ED0] From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dutcher, James M Sent: Friday, October 05, 2012 3:19 PM To: CIO@LISTSERV.EDUCAUSE.EDU Subject: Re: [CIO] iPad based Point-Of-Sale Good points Dennis....here are some reference links from both sides: http://creditcardprocessingadvice.com/squareup-and-pci-compliance/ https://squareup.com/security/levels Regards, Jim James M. Dutcher - Chair - SUNY Council of CIOs SUNY Cobleskill - CIO: PMP, CISSP, SCP/Security+, CISA Dennis Michaels > wrote: I recently attended a conference where a PCI vendor was doing a presentation. He stated that currently there are no PCI compliment mobile POS. He stated that if you use something like Square the swipe process is compliment but where the breakdown is if the credit card cannot be swiped. The systems will allow you to manually type the credit card on the device, which then bypasses the encryption. By no means am I an expert, just passing some information to think about. Dennis Michaels Chief Information Officer Niagara County Community College 716.614.6744
Posted by: mberman on October 9, 2012

Mark,

 

According to our consultant, there are wireless POS terminals that are PCI compliant.  However, you will need to take precautions because they place your wireless network “in scope”.  The devices, according to the PCI Council document, “Accepting Mobile Payments with a Smartphone or Tablet”, May 2012, states that “Validated P2PE solutions ensure that cardholder data is encrypted before it enters a mobile device.”  Devices, like Square, do not meet this standard.

 

If you use a validated device for P2PE from your acquirer and take the required precautions for your network, you may be okay.  However, I would recommend you check with your acquirer or payment card vendor.  You may be required to fill out a P2PE self-assessment questionnaire as part of your annual PCI-DSS evaluation.

 

Regards,

 

Tim

Tim Carroll

Assistant Vice President, Information Technology

Roane State Community College

 

-----Original Message-----
From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Berman, Mark
Sent: Tuesday, October 09, 2012 6:47 AM
To: CIO@LISTSERV.EDUCAUSE.EDU
Subject: Re: [CIO] iPad based Point-Of-Sale

 

Tim,

 

Do you know on what basis they said the security was lacking? Revel is offering their PCI compliance certification.

 

- Mark

 

 

From: "Carroll, Tim" <Carrolltd@ROANESTATE.EDU<mailto:Carrolltd@ROANESTATE.EDU>>

Date: Monday, October 8, 2012 9:01 AM

Subject: Re: iPad based Point-Of-Sale

 

We just completed a PCI-DSS gap analysis and were told that not only were these devices not PCI compliant, they were not secure.

 

Regards,

 

Timothy D. Carroll

Timothy D. Carroll

Assistant Vice President, Information Technology Roane State Community College

 

[cid:image001.jpg@01CDA533.79172ED0]

 

From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dutcher, James M

Sent: Friday, October 05, 2012 3:19 PM

To: CIO@LISTSERV.EDUCAUSE.EDU<mailto:CIO@LISTSERV.EDUCAUSE.EDU>

Subject: Re: [CIO] iPad based Point-Of-Sale

 

Good points Dennis....here are some reference links from both sides:

 

http://creditcardprocessingadvice.com/squareup-and-pci-compliance/

 

 

https://squareup.com/security/levels

 

 

Regards,

 

Jim

 

James M. Dutcher - Chair - SUNY Council of CIOs

 

SUNY Cobleskill - CIO: PMP, CISSP, SCP/Security+, CISA

 

Dennis Michaels <dmichaels@NIAGARACC.SUNY.EDU<mailto:dmichaels@NIAGARACC.SUNY.EDU>> wrote:

I recently attended a conference where a PCI vendor was doing a presentation.  He stated that currently there are no PCI compliment mobile POS.  He stated that if you use something like Square the swipe process is compliment but where the breakdown is if the credit card cannot be swiped.    The systems will allow you to manually type the credit card on the device, which then bypasses the encryption.

 

By no means am I an expert, just passing some information to think about.

 

Dennis Michaels

Chief Information Officer

Niagara County Community College

716.614.6744

 

Posted by: carrolltd on October 9, 2012
Just a curiosity question, but why does a Credit Card payment system need to be iPad based?  Aren't we really just looking for a "portable" solution?

At our college, we worked with our Bank to get handheld dedicated CC scanners which operate on cellular networks only, no WiFi.  As I understand it, those devices can talk to multiple cellular networks to find the best signal, and all data is encrypted from start to finish.  Meaning they are completely outside of your PCI scope, even if a user needs to hand type a CC number into the device if the card won't scan.  Of course, there is a nominal monthly data fee for the service, but I believe it more than pays for itself in reduced staff time dealing with PCI requirements.

It's been a charm for us in our annual PCI assessments.

Perhaps I am missing something on the importance of it being iPad based?

On 10/9/2012 8:21 AM, Carroll, Tim wrote:

Mark,

 

According to our consultant, there are wireless POS terminals that are PCI compliant.  However, you will need to take precautions because they place your wireless network “in scope”.  The devices, according to the PCI Council document, “Accepting Mobile Payments with a Smartphone or Tablet”, May 2012, states that “Validated P2PE solutions ensure that cardholder data is encrypted before it enters a mobile device.”  Devices, like Square, do not meet this standard.

 

If you use a validated device for P2PE from your acquirer and take the required precautions for your network, you may be okay.  However, I would recommend you check with your acquirer or payment card vendor.  You may be required to fill out a P2PE self-assessment questionnaire as part of your annual PCI-DSS evaluation.

 

Regards,

 

Tim

Tim Carroll

Assistant Vice President, Information Technology

Roane State Community College

 

-----Original Message-----
From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Berman, Mark
Sent: Tuesday, October 09, 2012 6:47 AM
To: CIO@LISTSERV.EDUCAUSE.EDU
Subject: Re: [CIO] iPad based Point-Of-Sale

 

Tim,

 

Do you know on what basis they said the security was lacking? Revel is offering their PCI compliance certification.

 

- Mark

 

 

From: "Carroll, Tim" <Carrolltd@ROANESTATE.EDU<mailto:Carrolltd@ROANESTATE.EDU>>

Date: Monday, October 8, 2012 9:01 AM

Subject: Re: iPad based Point-Of-Sale

 

We just completed a PCI-DSS gap analysis and were told that not only were these devices not PCI compliant, they were not secure.

 

Regards,

 

Timothy D. Carroll

Timothy D. Carroll

Assistant Vice President, Information Technology Roane State Community College

 

[cid:image001.jpg@01CDA533.79172ED0]

 

From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dutcher, James M

Sent: Friday, October 05, 2012 3:19 PM

To: CIO@LISTSERV.EDUCAUSE.EDU<mailto:CIO@LISTSERV.EDUCAUSE.EDU>

Subject: Re: [CIO] iPad based Point-Of-Sale

 

Good points Dennis....here are some reference links from both sides:

 

http://creditcardprocessingadvice.com/squareup-and-pci-compliance/

 

 

https://squareup.com/security/levels

 

 

Regards,

 

Jim

 

James M. Dutcher - Chair - SUNY Council of CIOs

 

SUNY Cobleskill - CIO: PMP, CISSP, SCP/Security+, CISA

 

Dennis Michaels <dmichaels@NIAGARACC.SUNY.EDU<mailto:dmichaels@NIAGARACC.SUNY.EDU>> wrote:

I recently attended a conference where a PCI vendor was doing a presentation.  He stated that currently there are no PCI compliment mobile POS.  He stated that if you use something like Square the swipe process is compliment but where the breakdown is if the credit card cannot be swiped.    The systems will allow you to manually type the credit card on the device, which then bypasses the encryption.

 

By no means am I an expert, just passing some information to think about.

 

Dennis Michaels

Chief Information Officer

Niagara County Community College

716.614.6744

 

Posted by: dkoontz@mbc.edu on October 9, 2012
Post a Comment

Research and Publications

Conferences and Events

Career Development

Focus Areas and Initiatives

Connect and Contribute

About EDUCAUSE

Close

 


Current Issue
March/April 2013
EDUCAUSE Review

Publications

Research

Close


Annual Conference
October 15–18, 2013
Save the date!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

See All Events

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Find or Post a Job

Leadership and Management Programs

EDUCAUSE Institute
Advanced Programs
Project Management

 

Fellowships and Awards

Fellowships
Awards Programs

Getting Involved

Mentoring
Volunteer
Speak at an Event

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

Advance Your Career

 

Close

Latest Topics

EDUCAUSE organizes its efforts around three IT Focus Areas

 

Enterprise and Infrastructure

Enterprise and
Infrastructure

Policy and Security

Policy and
Security

Teaching and Learning

Teaching and
Learning

 

Join These Programs If Your Focus Is

Close

From the Blogs
The Role of Campus Leadership in Ensuring IT Accessibility
by
Diana Oblinger

Find Others

Share Ideas

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

Create Your Profile

 

Close

2013 Strategic Priorities

  • Connected Learning
  • Enterprise IT
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.
 

Discover Membership