I have one reader connected to my ipad. Got it for free so I had to try it. I have accepted only one payment so far so not much experience about it, but some comments:
For private individuals a facebook account is needed to accept payments.
The legal agreement is a mess, they even warn that your data can be transferred to countries where privacy laws are not in par with european standards and data is stored for 7 years
Location of the transaction is stored and cannot be turned off, it's unclear why this is needed.
They seem to comply with PCI data security standards but are not audited (yet?)
The customer must sign the transaction on the ipad screen with finger (even harder with iphone). it's very hard to check that to the signature on the back of the card. also the customer must type his/her email on the screen if they want a receipt (there is no receipt printer). So each transaction takes a long time.
So it's good for selling at fleamarkets and such but for serious business it's no match for a payment terminal. Also if you don't already own iphone/ipad then it's also more expensive.
> The customer must sign the transaction on the ipad screen with finger (even harder with iphone). it's very hard to check that to the signature on the back of the card.
In my experience, signing works really well. Also, in Sweden nobody checks the signature. I don't even bother signing my card, and I can't understand how anybody can read the signature on the card. I think it's happened once that someone's wanted to check my signature against the card.
I guess that checking the signature is a US thing, in the UK, Switzerland and Spain if you don't pay with a chip & pin card they ask for ID, and that works pretty fine security wise.
In my experience, checking the signature just doesn't happen in the US. In fact, most of the time you seem to be given your card back before you even give them the signed receipt.
Checking the signature was the norm in the UK before chip-and-PIN.
One thing that may not be too familiar to the Americans, but this looks a lot sturdier (read:larger) because it isn't a swiper like Square. It is a chip reader, see: http://en.wikipedia.org/wiki/Chip_and_PIN
Heads up, If you're an American going to Europe, regular swipe only credit cards won't work as often here. Nearly all point-of-sale credit card machines require chip & pin. Or you'll wind up like some tourists in my local supermarket unable to use their credit card.
Whilst many places often refuse to swipe any more (which I suppose is their prerogative) it does actually work. If the chip/pin reader has the swipe slot at the top then it will work.
Tesco don't have the swipe slot, and they now train till staff to say they can't swipe cards. But it does work on the till itself (I know this because when a friend visited we made the poor till attendant try it :)).
EDIT: also, interestingly, it looks like this service only uses the chip feature, not the pin :)
IIRC, the law states that if your card has a Chip/Pin, you have to use it. It basically ignores the case of swipe cards.
Generally I've found that swipe almost always works, it's just that most people don't know that it does. (And you have to be willing to help show them how.)
Heads up, if you're an American going to Europe, be aware that attitudes to living on credit or via credit cards are at times very different.
In Belgium and the Netherlands, it's not usual to see supermarkets even taking credit cards, and some restaurants (!) don't either. This is changing, but slowly.
Conversely, good luck buying gas from an automatic pump if you're in the US and paying with a European card. In the absence of a PIN they'll ask for a ZIP code, which you don't have.
As a Brit in NY, when I swipe my UK card to by a Metro pass I'm asked for my ZIP code. I just put in the ZIP code of my apartment and have never had any trouble. A teller at the bank told me that since it isn't a US card they ignore it anyway...
I was once told travelling in the US on a Canadian credit card to just input '00000' and that it should do the trick on all of the self-serve pumps. Worked for me on multiple pumps.
Credit cards are also not so popular in Germany. Supermarkets accept the local bank debit card, but I typically leave my Visa to home.
Usually I remember to get enough money from ATM's. The worst day to forget to withdraw some cash is the first of May, when it's a bit different because all the ATM's are closed to prevent the protesters from breaking them.
I live in Belgium and all supermarkets I know of take credit cards. Maybe we don't agree on the definition of supermarket (to me it means something like Wal-Mart; in Belgium: Carrefour, Champion, Colruyt, ...), but I'll say that if it has a parking, then it most probably takes credit cards.
This is nonsense (at least in the UK and France). Yes there is preference for chip & pin but every reader I've seen supports swipe & sign still. Chips break, contacts corrode. It's there as a backup.
(And yes, this totally defeats the security aspect of C&P)
"(And yes, this totally defeats the security aspect of C&P)"
As I understand it, C&P isn't meant to be more secure for users - it's meant to be more "secure" for banks, since if someone fakes your signature it's not your fault (and the bank has to swallow the loss), but if someone gets hold of your PIN it IS your fault.
> Yes there is preference for chip & pin but every reader I've seen supports swipe & sign still.
Many automated machines (e.g. gas stations) don't support swipe at all, only chip & pin.
And in Belgium, most of the terminals in smaller shop seem to be swipe-less, they're pretty big square things and only have a slot for chip-based (above the screen rather than below), no swipe slot.
Yes, southern europe generally supports and even uses credit cards. Holland has banned swipe all together. You need an authentification chip and a pin.
In our defense: we had to, because the skimming by eastern european criminal organisations was getting out of hand. There were incidents were they completely replaced cash machienes with identically looking clones.
So, in holland, get money at a tourist bank, the airport or your hotel. Beyond those places, you cant swipe anywhere.
For transactions in the UK the merchant can also take a signature for low value transactions on a chip and pin card. There is more risk with this though.
In France, they only seem to have automatic fuel pumps and they only accept local credit cards. They don't take cash and there is no staff to appeal to. As a foreign tourist (not even from the US) I had been reduced to begging the natives to fill up my car for me in return for cash and had been looked at like a bum (hobo, scammer). Oh well, I guess 'tat fiiil tiiiich zi roasbifs!' :)
that ain't true. My Visa is swipe, and my Amex chip. All places accept both swipe and chip & pin, no matter how small the place is. Just make sure that if you swipe you have ID w/ photo with you.
In Holland the policy is now to only allow pin based transactions using the chip. The magnectic stripe is no longer supported.
So, although most hardware is still technically capable to swipe, no bank is supporting it any more.
It was in response to eastern europe based organized crime, that was modifying cash machienes.
Likewise, all online bank transactions use a secondary device for authentification.
If you visit holland, and only bring a credit card, make sure you get cash at your hotel, the airport or a bank, because you cant use it anywhere else.
What's all this "sign with your finger" nonsense? With Chip & PIN cards (i.e., all our modern credit cards) you should just need the chip & PIN. Signatures are only a backup authentication.
Also, signing with anything other than a pen and paper is still a disastrous user experience (see every courier's PDA system ever built)
A good example of this is the Apple Stores in Europe: like in the US, staff use iPods to take orders and checkout. The difference is when it comes to payment: instead of swiping the credit card and signing on the iPod screen, transaction details are wirelessly sent to one of many Chip & PIN readers around the store, and you then complete your purchase there.
This isn't how it works in the UK. Here, staff inputs the order details, etc. on the iphone which is in a special case with a chip & pin reader and a keypad on the back. You insert your card, turn the iphone over, and enter your pin on the physical keypad which ostensibly separately transmits the transaction to the processor. Seems like a really nice solution and is something these guys should be able to leverage.
Sounds cool...I guess that's a new VeriFone piece of tech. It has been a while since I went into an Apple Store, they certainly used to use separate terminals.
Dutch cards all have a chip on them, which encrypts the transaction. In other words, the machiene doesnt have to be secure, since it never gets access to the private key inside the chip inside the card.
They can still screw around with that one single transaction, but they cant duplicate the card.
Its like an ssl tunnel straight from your card to your bank. The other party is just passing the encrypted one time permission slip to charge money.
It completely ended skimming here. As for unsecured devices like an iPad, the goverment mandates two way authentification. This is done by sending an authorisation code per text message, or an auxiliery device, not connected to anything, that uses the signing chip on the card, to provide the user with a one time authentification code.
Even signing with pen and paper is a baggage we're carrying with hardly any guarantee of identification, and has challenges like your signature being too simple or changing over time. This is utterly rubbish and should be made obsolete in the digital age, IMHO.
Where are the finger print scanners or iris scanners when we need them?
Swede here -- the company is Swedish and I have used it on several occasions, as a payer. It works great. As others have mentioned, it reads the chip, and is sturdy. Not using PIN though, you sign the receipt with your finger, which works really well. You can also get the receipt via email.
IIRC the rules on who carries the liability for fraudulent transactions differ between chip & pin and signature authenticated transactions. With a signature, all the liability is placed on the vendor for cardholder present transactions, whereas with chip & pin the liability is supposed to rest with the card issuer. The systems are set up so that if chip&pin transactions are not possible, they can fall back to signature authentication if the card settings permit it (and they all do, because to do otherwise would be a massive customer service failure).
So, if you're going to use this system, you will have to take the liability issues into account.
(The cynic within me suggests that even in the case where a fraudulent chip & pin transaction has occurred, merchant agreements probably do their utmost to shift liability to the vendor regardless though.)
Absolutely - what's not clear at all is where the liability lies. In the UK at least, and I assume the rest of Europe, if a retailer uses a PIN the liability for fraud rests with the card issuer.
But if the retailer lets the user sign instead the liability is with them: this is an incentive for retailers to accept and promote Chip/PIN over a signature.
iZettle read the chip (good), but then you sign for the goods (bad). It's not at all clear if that means liability for fraud now rests with the seller rather than the issuer. Their help page is very vague on the subject, and alludes to the fact card issuers won't allow PINs to be captured on mobile devices (this makes some sense, from a phishing perspective).
In fact, iZettle's help page has zero results when you search for 'fraud'. I think this is something they should address.
Coincidentally (shameless plug here), I blogged about this exact problem a month or so ago, bemoaning the lack of a good Chip & PIN solution. I'm not convinced iZettle is it...I've now written up some more concerns about fraud in a new post, here: http://cleveryou.net/post/23162180527/izettle-square-killer
Exactly this. I've had a chip and pin card since they were introduced in the UK and never had to sign anything related to payment. It's always a case of entering your PIN on the terminal and authorise.
I was previously under the assumption that you can't authorise a payment via a signature nowadays in the UK?
What if the retailer does not accept chip and PIN?
Where the retailer has not upgraded to chip and PIN technology, you will be asked to
follow the current card payment process using your signature to confirm the
transaction.
I disagree. These systems will just take over as by design they are like a Trojan horse. Sure i think that Europeans are less easy going than their us counterparts, none the same I think these apps will take off with or without a pin. Furthermore once you have signed and paid once your card details are securely stored and their is no need to use it ever again. Just like purchasing on-line you can just use a consumer app to make payment with out the need for the card - and as such the pin and even signature is irrelevant!
You need to bear in mind that in most of Europe there was a large advertising campaign when Chip & PIN was introduced, along the lines of "signatures are very insecure, so we're introducing Chip & PIN". So there may well be some resistance from users who have been educated to understand that at point-of-sale they should be using PINs. There may well be people put-off with signing rather than using a PIN.
The name was pretty clear to me, I read it as a pun/play on the verb "to settle", i.e. to perform a financial transaction in order to resolve a debt.
You triggered my curiousity, though: what's your (mis)interpretation? I don't understand the reference to "at home" at all, and basic Googling failed to resolve it.
Another point about their communications is that their main (English) front page copy says "[...] is as easy as pie", an idiomatic expression that to me screams of the US, which was funny because of the European angle.
It seems they're actually fellow Swedes (yay); I've seen some ads for their card reader in local press, too. The reader was then coupled with (if I recall correctly) a phone with a business-type subscription, the ad was by one of the local/Nordic cell phone operators. Interesting.
Well, a Zettel is a small sheet of paper in German. I have no idea if this is the background, but I really read this as iZettel - and it doesn't make any sense.
On the other hand, "Kindle" is something like an angel in German (or a beer), and I think it is a great name anyway!
I always thought it was the bavarian/austrian/swiss diminutive for Zettel. Didn't make much sense to me either, except maybe because an old fashioned receipt is a small "Zettel"?
The problem with this name is that there are several possibilities for pronouncing it... a German "z" ([ay-tse-tl])? An regular English "z" ([ay-ze-tl])? An "s" ([ay-se-tl])?
However successful this product becomes (which looks doubtful given its dependence upon signatures), its irritating generic web 2.0 startup name will prevent me from ever taking it seriously.
The thing that makes me worry is the "Super social" tag. If there's one thing I like about Square compared to all the other nonsense Web2.0 garbage out there, it's that it isn't trying to spam my Facebook page with all my purchases. (The closest thing is that there's a "find nearby businesses" in the Pay With Square app. That's fine.)
"Social" in this context just sounds like "here is another way we think we can make more money off of you". Bah. I've no love for my credit card company but at least it's not trying to be a social network. (Yet. (That I know of.))
"iZettle is neither memorable, nor makes any sense"
YMMV - I thinks it's both memorable and makes sense (sounds like "I settle"). Also, I've never seen a Square device so their domain isn't memorable to me!
Square is kind of annoying because it conflicts with Squaresoft in my mind (later renamed Square/Enix after the merge), which is collaquially called Square.
Doesn't seem to accept Visa at the moment. As much as I like the idea (despite the name) of a European Square, not accepting Visa is less than optimal, especially as they try to gain traction.
I read that. Hence why I said at the moment. It'd be great for them to get it sooner rather than later. At least in the UK, most basic accounts issue Visa debit cards and a lot of the basic credit cards are also Visa.
Tried it with an iPhone and it worked great. I hope iZettle will be developed for Android also, since the phone I'm always carrying is running Android.
I would be worried letting someone read my card information via an Android phone. Malware would easily be able to sit in the background and intercept information from the reader. At least on iOS you know any interception would have to be on transmition from the app to the server, which is not all client side.
Perhaps that's a little unfair. I guess as more and more apps and devices become avaliable for reading you card inforamtion more and more opportunities exist for stealing your info.
Yes very true, and you could easily hack once of the physical readers they use now. Almost every shop I go into seems to have a different make or model of card reader.
I guess with Android there is more change of the device owner not knownig it's there, it's much easier to say phish someone into installing malware onto an Android device than it is to jailbrake their iOS phone.
I wouldn't like to be in the shoes of fraud departments right now...
A couple of years ago when I worked with card security, the current status was that while there were proof-of-concept examples of EMV cloning, at the time there weren't any cases at all (worldwide, for any bank) of real fraud with cloned EMV chips - it would be too expensive, and it's far simpler for criminals to simply find places which just check the magstripe and not the chip.
Also, check out the newly announced Swish (https://www.getswish.com, site in Swedish), which offers the same functionality, but with cooperation with several major banks. It seems to bypass swiping credit cards completely, by communicating wirelessly with cell phone numbers.
Economically, I can understand that people start to copy concepts and transfer good ideas into their homecountry. That´s nothing new - you can find that across human history and it was often connected to progress. Basically, copycats act like spice merchants in late centuries. They scout for some new spices and try to find out if they can match or create demand in other regions of the world.
However, what I really dislike is when people also start copy the look and feel of the innovator´s website. I think we should apply the same moral values to startup ideas as we do in science: That implies to create your own work, not to rephrase and to mention the original source. This piece might be missing in the system.
Honestly, I tend to say that the website clearly shows a lot (!) of elements and interactions that are derived from Square. And it does not look like a co-existent happenstance.
certain product-websites tend to converge ... not because noone is creative but they work. there's absolutely no sense for them to create a totally different page that may not work as good just because they want to be different.
Their is another company that is breaking into this market in US, Brazil and Europe. They are working on making it easy to accept cards in Europe and also getting the governmental approval for coupon fiscal in Brazil.
The company Tillify.com are also rolling native apps and web apps for all devices that work consumer side and vendor side, They are also using the mobile phone number as a digital id to enroll consumers into their platform.
In Europe the card acceptance system will need to read the chip, but not enter the pin. The best solution is to accept the signature on the panel. This is what izettle have done. Its a u-turn on chip and pin but the only way it can be done as you cant pass the pin through the app for security issues. In larger outlets no doubt a wired card reader will be used and the pin will be entered into that reader as current systems do.
I think everyone here is missing the point. The dongle and the card swipe/read is merely a short term Trojan horse into changing payment. Further more it is a means to the end of cash payments. If you imagine that these apps will become the "Facebook" of commerce and how that can happen you will see the bigger picture. These apps allow everyone to pass currency using a device, sure they need a card right now as that is the "old skool" method we all respect. Once the card is swipped their is no need to do it ever again. Both parties are registered on the app and thus the "mobile wallet" has been created. Next they will role out "self serve" apps and cardless payment.
What we are talking about here is merely a means to an end. Sadly it also means that these apps will Facebook commerce and while they are doing that they will put eCommerce on the back seat. Wait and see what happens.
This will be perfect for my dad's art gallery. Fewer and fewer people bring cash a long so he loses out on sales that way. It's a very small art gallery and conventional payment terminals are too expensive to buy/hire.
For private individuals a facebook account is needed to accept payments.
The legal agreement is a mess, they even warn that your data can be transferred to countries where privacy laws are not in par with european standards and data is stored for 7 years
Location of the transaction is stored and cannot be turned off, it's unclear why this is needed.
They seem to comply with PCI data security standards but are not audited (yet?)
The customer must sign the transaction on the ipad screen with finger (even harder with iphone). it's very hard to check that to the signature on the back of the card. also the customer must type his/her email on the screen if they want a receipt (there is no receipt printer). So each transaction takes a long time.
So it's good for selling at fleamarkets and such but for serious business it's no match for a payment terminal. Also if you don't already own iphone/ipad then it's also more expensive.