Locking Credit Card Processing Terminals is Wrong and Should be Deemed Illegal

I’ve witnessed a disturbing trend since late 2015. Credit card processing devices sold by PAX, Ingenico, and Verifone now allow their devices to be locked by processors. This will prevent a merchant from switching the service to another processor. I could understand if the processor or the independent sales organization (ISO) owns the device and has placed it at its own cost, although it’s never totally “free.” Regardless, they will not allow removal of the lock even if the merchant owns the terminal and has fulfilled the contractual obligations. This practice is akin to purchasing a vehicle, yet not being allowed to transfer the title even after it’s been paid in full. That is totally illegal, and it certainly is unreasonable and unethical.  Universally, laws recognize protection of, and the right to, an individual’s personal property. The same principal should apply here.

One of my newest clients who owns his Verifone Omni vx520 asked me to reprogram his device. He called WorldPay, the processor. The tech support staff told him they didn’t have the removal instruction because it doesn’t exist. When he asked them for a supervisor, they said a supervisor is not available and will call him back. No one did. He called them one week later, but he was told WorldPay doesn’t provide that instruction and he couldn’t talk to a supervisor either. I, on the other hand, know the removal instruction exits. It’s obvious the top executives in WorldPay have made the decision to not provide their own staff with the instruction. This is wrong no matter what processor is doing it.

A U.S. senior Verifone executive emailed me today saying “We were told the processors, in your case, Worldpay, would never hold a merchant hostage if they wanted to leave their services. What you are telling us is that is NOT experience you are having.” Well. That is obviously not true. When I pushed the issue further, a Verifone’s senior executive and its legal counsel both told me there is nothing they could do. I beg to differ. There is somethings they could do, but they are not. No one is.

What I take from it is that WorldPay,Vantiv, Elavon, Global Payments, TSYS, and other processors haven’t fulfilled their promise to Verifone, and most definitely to other manufacturers. The download information to remove security certificates and reprogram terminals should NOT be a top secret.

I have learned that EMVCo (www.emvco.com), the company that was established by Visa, MasterCard, Discover, American Express, JCB, and China UnionPay, have issued a set of protocols that essentially mandates the locking mechanism. The intention, and the reason given, is (supposedly) to make it impossible for hackers and fraudsters to tamper with the software and steal information related to each transaction. However, EMVCo has, in my opinion, flagrantly contributed to the violation of the right to own personal property laws.

Terminal manufacturers, too, have caved in to EMVCo members with their massive lobbying power by not protesting this hostage situation. I understand the security protocol promulgated by EMVCo. But the literally few terminal manufacturers should have said something and raised concerns. I could appreciate the right by sales organizations that need to make switching impossible if they own the terminal. But if a merchant owns it, they should be able to reprogram the device.

Processors and sales organizations should not be allowed to choke hold merchants by shackling tactics. This is patently wrong and inexcusable. Our industry already has a bad reputation, almost as bad as Comcast. This practice doesn’t help heal the wounds merchants already feel we’ve inflicted on them.

The world of this industry has turned into a dog-eat-dog territory where every player passes the buck to the rest saying this stuff isn’t their business. I beg to differ. It is when these decisions adversely affect merchants and constrain them.

I suggest lawmakers notice this unscrupulous practice and announce it illegal with no delay. First and foremost, however, merchants and merchant-based organizations should raise your voices. If you own your device, you should call your existing processor and ask if your device could be reprogrammed for a different processor’s file. If you hear no, and then if the tech support person tells you he/she doesn’t have the download/reprogramming instructions to give you, express your dissatisfaction, lodge a complaint Online and with Better Business Bureau, and then call your lawmakers, specifically the State and Federal House Representatives and Senators. Also, call your State Attorney General and Consumer Financial Protection Bureau. There is some work involved here. But you can be heard only if you make the noise.

This unethical practice should be recognized as predatory and illegal in all states.

I’ve provided removal instructions for Verifone’s Omni vx520 in my book, Credit Card Processing: Exposé, if the processor is on the following list: Total Systems Services (TSYS), First Data, and Paymentech. If I find instructions for other processors, I will share them in future blogs.

Alex Nouri, Author

Locked Devices

4 thoughts on “Locked Devices

  • March 31, 2018 at 8:07 am
    Permalink

    Where can I get your certificate removal instructions for Vx520 and ICT220 terminals?

    Reply
  • May 13, 2019 at 6:33 pm
    Permalink

    I am continually searching online for ideas that can assist me. Thx!

    Reply
  • May 15, 2019 at 4:28 pm
    Permalink

    Thank you for another informative web site. Where else could I get that type of info written in such a perfect way? I have a project that I am just now working on, and I’ve been on the look out for such information.

    Reply
  • May 19, 2019 at 1:01 am
    Permalink

    Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a little bit, but instead of that, this is fantastic blog. An excellent read. I will definitely be back.|

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *