Skip navigation
All Places > Developer News and Updates > Blog > Author: zkurka

Developer News and Updates

2 Posts authored by: zkurka

During all of my college years I had to have a beer in hand to write a good paper.  I think it was more habit than anything else, but it always seemed to set the stage for the appropriate combination of relaxation and focus to crank out a 25 page gem.  After a short time my classmates thought that I devoted half my life to essays and dissertations, but when I described the setting and the process to them the response became, "he's just got the term paper thing down pat, he's an expert at it.".  I never felt like an expert at writing much of anything.  In fact, ask any of my current work colleagues and they will tell you documentation of any sort is a consistent failing of mine.  I always looked at writing in the context of one of my professors that was on page 1100 of his doctoral thesis written in or about a dead language (I can't recall which).  I would consider him, or Tolkien, or Thoreau, an expert writer though the stigma of my skill with a pen persisted in the microcosm of my academic peers.  Being an expert is obviously subject to context and the perspective/level of expertise of the objective viewer.

 

Alex Trebek once said, "We are all experts in our own little niches".  Wise words from a man who has been exposed to more overactive grey matter than any other mere mortal.  Running a business is not really a niche, but within that business there are many niches that can influence its success.  Most businesses consider the POS a niche that they don't want to take on so they farm out that expertise.  That means as payments enablers we are looked at as the experts of that niche and responsible for the success or failure of that component of their business.

 

I lived in the standard college house with 5 disgusting guys collaborating to create an expert pig sty.  One of those students was a computer science major that felt every detail of the networking in the house had to be explained in detail.  Some of the roommates didn't care, two of us listened and absorbed enough of the information to work for Vantiv today.  Years later when Canada shifted their processing model to require Pay at Table, a common question popped up about the line of who administrated the payments and who services the wireless network as they were both now tied to the business' ability to function.  Often times the POS provider would indicate that the merchant had their own systems admin who administered the network.  A little deeper digging indicated that this was the merchant themselves.  The situation where merchants felt enabled to be experts in the niche of the wireless network yet farm out all of their POS activities worried me.  I set out to test this worry in hopes of assuaging some misguided nervousness.

 

Armed with a 400.00 dollar laptop and some publicly available (albeit not entirely on the up and up) programs I ventured into downtown.  The first test was to check network permeability.  WP2 security while now commonplace, was still uncommon at the time.  I set out to see how many networks I could "sniff" packets on that were supposedly secure.  It turns out all of the WEP protected networks were as open as the bible on a Sunday morning within 5 minutes.  At that point I could have either stolen data or crashed them all, but I was trying to prove a theory, not be a bad guy, so I went to the next thing.  Credentials.

 

Last year while visiting my uncle he was extremely proud of the fact that he set up his home network which involved voice command theater systems and multiple access points all by himself.  The first thing I noticed was the SSID (Network ID you see when you search) was still default.  I suspected that meant that other things were left as default as well.  Sure enough I, and everyone who could use Google search, was an admin on his router.  His iPad somehow stopped working on that router while I was sitting one chair away.  "How did you hack my network?" was his question.  I replied that the pejorative word "hack" was implicit that I did something that I did not have the proper credentials to do.  Given that context of using all his default settings and me knowing what they were, I was in fact his network admin at that given time.

 

The same approach to credentials testing was applied to my experiment years earlier.  I realized in several hours of an afternoon I had access to over a dozen business networks in a 4 block span.  I knew the owner of one business really well.  I showed him that I had access to all of his POS equipment,  accounting computers, even his iPhone.  I pointed out to him that my level of expertise is limited to listening to a guy with more expertise on the topic talk once and awhile, combined with being able to Google things.  He admitted that he had thought his expertise which consisted of running a setup disc was good enough.  He hired his POS provider (who found this networking skill to be a logical extension of the POS business) to secure his network.  As I sit here and type on his Guest network everyone is happy and he has the piece of mind that an expert is in charge, his POS provider.

 

In a way my business owner friend and I are a great example of perspectives on expertise.  Many of my friends think of me as an authoritative mountain biker.  My friend raced with me in college and while I could kick his backside then, he developed his niche expertise to go professional for several years.  This example is important to understand when the average business owner thinks the network (an extension of their POS)  requires only their level of expertise.  The business owner can the best hitter in their summer softball league.  As good as his level of expertise is, there is a whole world of A, AA, AAA, and MLB pitchers out there that can strike him out from their desk chair.

 

In a world of Major League pitchers it is really important where we understand ourselves to be as far as expertise within our niche, and where it makes sense, improve it.  Although, I started as a novice in the area of networking, I consistently try to improve to stay ahead or in line with the needs of the businesses relying on our niche.  I see everyday that many of the people I work with are doing the same.  The trust of the business owners most days depends on our expert opinion.  In the world of payments we need to write like Tolkien, pitch like Koufax, or at least strive to do so every day.

 

I like Ben Franklin.  He said, "An investment in knowledge pays the best interest."  I like to think he was talking about expertise.  I want to think he was talking about our niches in business environments.  I hope he was suggesting we take our niche and become the best experts we can.  I know we was drinking a beer when he wrote it.

zkurka

Immortal Technology

Posted by zkurka Aug 19, 2016

I have stated on several occasions to think about upgrade cycles on your POI (point of interaction) hardware at 2-3 years.  One of my coworkers absorbed these statements in the literal sense that 2 years is all they will last in contrast to the common wish that your pin pads are the Highlander, and while only rarely has a  VeriFone 1000SE led to decapitation, is more or less expected to live forever.  

 

The concept of the 2 year replacement cycle is in the light side, I try to say 2-3 because this timeline is often correlated with a PCI expiration.  EMV and NFC were market disruptors in 2015 causing an atypical replacement cycle that fell perfectly between the PCI expirations of 1.x in 2013 and 2.x next April, 2017.  2-3 years could be thought of as the literal average life cycle for hardware in some cases, similar to the lifespan in years of a car driven 30k a year being less than a car driven 5k.  To quote a famous college professor, “it’s not the years, it’s the mileage.”

 

Though that concept of wear and tear leading to shorter lifespans of product is true over a wider array of devices outside of payments, oddly the hardware trusted to enable the most fundamental part of commerce, the exchange of goods for currency, is viewed with contempt and as a necessary evil.  As such it’s uncommon for users or installers to make a concerted attempt to understand POIs.  It’s often just expected to work, and when it does not the responsibility is often pushed to someone else.

 

I often describe the concept of the 2-3 year life cycle as “just like your cell phone”.  My attempt isn’t to suggest that after 2 years you have to worry about your POI hardware overheating, butt dialing, and leaking purple smoke (though I have to admit that would be a cool indicator of end of life).  The attempt here is to shift the paradigm by creating a correlation to the one piece of hardware that most folks can’t live without.  Missing a cell phone has been shown to cause extreme anxiety and in some cases violent responses.  While I don’t see anyone going fetal or getting in a fistfight over a Verifone anytime soon hopefully there is some middle ground.  I muse at a world where POI hardware is purposely retired in favor of newer, more feature rich, and secure tech just as is embraced with the cell phone.  If viewed in this way, natural life cycles would be embraced.  Unfortunately we might be quite a ways away from this relationship with our POS.  A good exemplification of this is the Vx805 shortage in Q4 2015.  The reaction was externalization of the responsibility for the shortage.  I don’t think I heard a single “I” statement in the explanations for 3 months.  If this was a shortage of iPhone7s at the month of the release I suspect the statement would be, “shoot, I should have preordered my iPhone7.”  The tough part about this argument is that it is entirely emotional in that the smartphone is perceived as a desired evil rather than a necessary one.  If you lean towards being one of those adherents enjoy your sinful Apple bliss and please read the next, more mathematical approach.

 

In 2007 my old 20” TV started on the downward spiral.  I was in the middle of my 3rd stint in college and measuring money tightly enough that I knew the cost per egg in the 18ct carton.  It was about 12 cents.  When I added the English muffin, generic American cheese, cooking spray, and a dash of Tapatio, my breakfast sandwich in the morning was just shy of 50 cents (Take that McDonalds!).  My roommate at the time was 1 year out of school and reaping the benefits of having a real life adult job had purchased a 39” Sony 3 months prior.  Now I am not suggesting anyone will ever go out and buy an iSC480 to top your L5200, but I had a real bad case of technology envy.  I looked at a lot of TVs over the next week, but the one I kept coming back to was the gorgeous utopic depictions on the Sharp Aquous.  To add to the already consternating decision it was also on sale….for 900.00!  What is a poor college student to do, but rationalize.  In this case the approach to a 900.00 TV was the same as the Egg McMuffin.  Without boring you with math I figured out my average usage if I expected a 4 year lifespan.  It basically came down to costing me 40 cents a day based on the amount of TV I was watching at the time.  Basically a new TV per diem was cheaper than a breakfast sandwich.  Based on that line of thought what does a set of new pin pads for each lane cost when broken down over the hours of operation and days open per year over 2-3 years.  My guess is that if you get a Starbucks drink each morning at 3.50, your barista could be exchanged for a couple Ingenico touch screens.

 

I wouldn’t be on a soap box professing that we need to change the way we think about our hardware as a worthy investment either by emotional perception or financial rationalization if I wasn’t seeing a slightly dangerous trend in the industry combined with the current doctrine of thought.  At risk of one last analogy, think about the evolution of the automobile over the last 30 years.  In 1980 there used to be minimal electronics and several dozen moving parts.  If something did break the repair was either done with a hammer or a bigger hammer.  Conversely cars today all have computers and of something breaks the clunks, creaks, or splinters of metal are no longer the indicator for the mechanic, replaced by computer diagnostics.  Remote diagnostic services even have the ability to shut your car off it they sense danger.  Our POS hardware is on the same technological tangent.  Chip readers, integrated scanners and contactless modules add to the complexity of the design and opportunities for failure.  PCI security requirements that mandate features to protect data, but can potentially render the pad inoperable necessitate a different thought approach.  We need to perceive the POI hardware as a tool worthy of the investment on a regular cadence rather than an unwanted and unsavory expenditure.

 

Maybe I am a unique technology user.  My phones are new every 2-3 years.  I never expect a longer life out of them and always strategize the purchase of a new one before the demise of the old.  This means I get exactly the life out of the phone that I expect to.  The Sharp is still alive.  I am going to undoubtedly watch some Netflix in high def this evening.  If I got home and the Sharp was dead, I would memorialize it with a cheap breakfast sandwich and start doing the math to justify my next TV.  After all, it doesn’t owe me 4 dimes in fact I have to cost per day down to 5.4 cents.  As I expected to pay 40 cents a day, I am far into the win column on that purchase.

 

I challenge each of you reading this to figure out the cost of the POI Hardware over 3 years.  Also how much does your breakfast cost?