Electronic Fund Transfer (EFT) devices at the point of sale, referred to as any of, EFT-POS devices, PIN Pads, chip and PIN card readers, signature terminals, payment devices, or authorization terminals (collectively referred to herein as “terminals”), are widely deployed to end user locations with merchants and retail outlets. These terminals at the point of sale enable customers to transact with merchants using a secure payment means, such as a credit card or bank debit card. Typical terminals include various card readers for example magnetic stripe readers, smart card readers and/or contactless device interface readers, for example RFID readers. Some terminals have in-built printers. Some terminals interface and have connectivity with the point of sale electronic cash registers.
The terminals have user interfaces which include various screens, touch-screens, keypads and/or stylus pens for touch screen signature capture. The terminals are tamper proof and support several security services and are typically capable of authenticating a secure personal identification number using cryptographic techniques including an encrypted keypad and encrypted messaging. The terminals typically support peripherals and related messaging with controllers, electronic cash registers, bar code readers, optical mark sense readers and printers.
The terminals are primarily used for initiating electronic funds transfer. Within the financial services payments industry is a sector known as the Retail Electronic Payment Systems (REPS). The REPS execute point of sale payments that are completed spontaneously at a location other than the acquirer. The REPS is comprised of: credit card systems, Electronic Funds Transfer (EFT) systems primarily deployed for debit card processing, and cash acceptance and bill payments systems. Major payment functions include: authorization and customer credit and debit card transactions, capture of sales draft information over a secured network.
These terminals and REPS provide a far reaching established network, however the network is operated by an acquirer, which could for example be a bank or other financial institution. Therefore, the acquirer has control and access to all devices and data communicated over its network.
Many entities have a need of distributing their products or services at multiple locations, leveraging for example retailer locations. These entities (referred to as an “operator”) often use their own networks (with their hardware, software and network components) to distribute their products or services. An example is a lottery corporation, which often uses proprietary lottery stations and has a need for broadly distributed proprietary network. The distribution and maintenance of the hardware, software and network components to provide this proprietary network requires initial and ongoing costs, including potentially a purchase cost to the merchant or operator and a maintenance cost for the operator.
Lotteries have a pressing need to increase the quantity of points of sales and expand into new sales channels to follow consumer spending locations and demographic segments. A primary driver of lottery sales is the density and consumer convenience of the lottery sales terminal. Expanding access points is limited by the cost of the dedicated full service terminals requiring retailer high minimum weekly sales and/or the availability the full service terminals. However, lottery operators are constrained in their ability to leverage existing networks owned by others, as there is a high sensitivity of data communicated during lottery transactions, coupled with the reluctance of the REPS to permit access by others which may compromise REPS security.
US patent publication 20030228910 discloses a lottery management system. A means is provided for connecting a third party device with a lottery network. However, this invention merely connects a foreign device to a lottery network through a connectivity network. The third party device and its connectivity network may be either open for installing applications/connectivity or under the control of the lottery operator or its player-customer. It does not overcome the limitation that the data is available to the foreign network operator or attackers.
It would be beneficial to enable operators, such as lotteries, to leverage the REPS network and their terminals. However, it is not realistic to expect operators to expose their communicated data to another party, such as the acquirer, potential attackers or even other operators. Nor do acquirers want to expose their merchant information to operators or other acquirers.
What is required is a system and method for enabling one or more operators to leverage one or more networks of terminals operated by one or more acquirers without compromising the performance or security of the closed nature of either network. Multiple operators need to communicate with multiple acquirers. Sometimes an operator may legally only communicate to a subset of the acquirer's terminals.