Frequently Asked Questions

Software Compliance is the term used to cover the management of the application software in the Skyzer terminal fleet, and ultimately, the ongoing security and compliance of the New Zealand payments industry.

By way of background, in 2012 a number of important new requirements were introduced into the New Zealand payments market around ensuring that EFTPOS terminals are kept in a compliant state for the duration of their service life.

Among these new requirements, all terminal Vendors operating in the New Zealand market, now have a legal responsibility to ensure that payment devices deployed to the field are kept up to date with current software. Whilst we continue to drive innovation in the New Zealand payments market, we also need to share the responsibility of safeguarding the security of electronic payments from potential fraudsters, hackers and scammers.

With the ever-increasing pace of technological change in the payments arena, we expect that the frequency of EFTPOS terminal software releases will increase.

It’s important to note that these new requirements for participants in the payments market are compulsory – not optional – for us all to operate in New Zealand.

This has prompted Skyzer to consider how to provide sustainable long term software support long after the device is sold and deployed to the field.

The solution was to introduce a modest monthly software licence fee payable per terminal. Under this software licence, a terminal will receive unlimited software upgrades, as and when they become available, using Skyzer’s remote Terminal Management System. This will ensure that both Eftpos Re-sellers and their customers will no longer have to worry whether their software is compliant and up to date, and will also minimize the risk of fraud by maintaining the highest possible level of software compliance.

Terminal security is extremely important to every merchant. There are a variety of ways to ensure that you can protect your EFTPOS terminals and stay protected from fraudulent behaviour.

The first step is to create a list of the EFTPOS terminals on your premises and include the following details for each terminal:

  • The make, model and serial number
  • Where each EFTPOS terminal is kept
  • Any stickers on the EFTPOS terminal and where they are placed
  • The type of cables connected to the EFTPOS terminal

There are also activities you can carry out daily that will help prevent you being a victim of fraud. On a daily basis check the serial number underneath the EFTPOS terminal against the serial number you have recorded on your list and/or that is displayed electronically on the EFTPOS terminal (if applicable). These serial numbers must match. Also, check that the merchant name on the receipts being issued by the terminal is correct.

Other ways to protect your terminal include:

  • Locking it in its position with a cable lock or something similar.
  • Regularly conducting an inventory check on your EFTPOS terminals. Report missing or stolen terminals to your terminal provider immediately.
  • Always verify the credentials of service staff or ‘official’ visitors to your premises. Do not allow unannounced and unidentified service visits or inspections.
  • If an EFTPOS terminal is being connected (e.g. a new terminal) make sure only authorised personnel from your terminal provider do this.
  • Dispose of old EFTPOS terminals securely – please return old terminals to your acquirer or your terminal provider.

Load More

Payments Industry Terminology

The Payments industry can sometimes be a minefield of acronyms, industry jargon and complex definitions.

Here are a few of the main terminologies you will hear within the Payments industry and an explanation of each to ensure you are fully informed.

Acquirer is the term give to the bank that enables you to accept Debit and / or Credit Cards as a method of payment. Your bank will charge you a Merchant Service Fee (MSF) on any credit cards accepted through your Eftpos device.

Contactless is the term given to credit cards and debit cards that use radio-frequency identification for making secure payments. The embedded chip and antenna located on the card enables cardholders to wave their card over the Eftpos device at the point of sale to process a payment transaction.

Contactless transactions are traditionally much faster than normal transactions where the card is swiped or inserted, as for transactions under $80NZD, no PIN is required.

Electronic Funds Transfer at Point of Sale (EFTPOS) is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located within a merchants premises.

An Eftpos Reseller is a company that leases Eftpos terminals to merchants. These resellers will advise the merchant on which terminal is the most suitable to meet their business needs, and will provide service and support to maintain that Eftpos terminal.

EMV stands for Europay, MasterCard and Visa and is a global standard for inter-operation between Chip Cards and Eftpos terminals for authenticating credit and debit card transactions.

This standard was developed to ensure a seamless customer payment experience, regardless of whether the cardholder is using their Chip card in their home country or overseas.

Issuer is the term given to the Bank that provides a Debit or Credit card to their customers. As an example, if Westpac provides one of its customers with a Mastercard then Westpac is the Card Issuer.

A merchant is any business that accepts Debit and / or Credit cards as a method of accepting payment for goods and services.

Near Field Communications (NFC) is a short-range (less than 4cm) wireless technology that provides communication between two electronic devices e.g. between a smart phone and an Eftpos terminal. NFC payments are also known as ‘contactless’ payments.

Nitro is Skyzer’s fully integrated payment solution. Nitro is made up of two main components. The first is a POS resident software component that resides on the Point of Sale, and the second being the terminal application.

PCI stands for Payment Card Industry and consists of all the organizations which store, process and transmit cardholder data. The Payment Card Industry Security Standards Council was formed in 2006 and developed the Payment Card Industry Data Security Standards which are used throughout the industry.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard written by the Payment Card Industry Security Standards Council for merchants that handle branded credit cards from the major card brands. This standard governs the rules around the secure storage, processing and transmission of cardholder data and all Eftpos terminals sold in New Zealand and deployed onto the Eftpos networks must meet the relevant PCI DSS requirements.

The Payment Application Data Security Standard (PA-DSS) is a subset of PCI-DSS, and was developed to provide a definitive data standard for software vendors that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure cardholder data. Fortunately, all of Skyzer’s payment solutions have been deemed “Out of Scope” of the PA-DSS standard by Paymark as at no stage does cardholder data ever leave the payment device unencrypted.

In 2013, telecommunication providers 2 Degrees, Spark and Vodafone formed a joint venture partnership with Paymark to form a TSM (Trusted Services Manager). TSM is the infrastructure that sits between service providers (e.g. banks, loyalty providers, merchants) and your mobile phone provider. It will provide the infrastructure to enable you to use those applications to make credit card payments using your mobile phone.

Load More