Know and understand electronic funds transfer at point of sale (EFTPOS) terminals including checking of the validity of cards, the use of chip and PIN, the use of contactless cards, the use of Near Field Communication (NFC) payment, the communication

Published by Patrick Mutisya · 14 days ago

ICT Applications – EFTPOS

ICT Applications – Electronic Funds Transfer at Point of Sale (EFTPOS)

Learning Objective

Students will be able to describe how EFTPOS terminals work, including the validation of cards, the use of chip‑and‑PIN, contactless cards, Near Field Communication (NFC) payments, and the communication that takes place between a supermarket’s computer system and the bank’s computer.

Key Concepts

  • Card validity checking – verification of card number, expiry date, and magnetic stripe or chip data.

  • Chip and PIN – use of an EM \cdot chip to store encrypted data and a Personal Identification Number for authentication.

  • Contactless cards – transactions performed by tapping the card on the terminal; typically limited to low‑value purchases.

  • Near Field Communication (NFC) payment – wireless communication (usually 13.56 MHz) that enables payments via smartphones, smartwatches or contactless cards.

  • Communication between supermarket and bank – exchange of transaction data over secure networks using protocols such as ISO 8583.

Typical EFTPOS Transaction Flow

  1. Customer presents card (chip, magnetic stripe, or NFC device).

  2. Terminal reads card data and checks basic validity (Luhn algorithm, expiry date).

  3. If chip‑and‑PIN is required, the terminal prompts for PIN entry.

  4. Terminal creates an authorization request containing:

    • Merchant ID

    • Transaction amount

    • Card PAN (Primary Account Number) – encrypted

    • Timestamp

  5. Request is sent via the supermarket’s POS network to the acquiring bank.

  6. Acquiring bank forwards the request to the card‑issuing bank through the payment scheme (Visa, Mastercard, etc.).

  7. Issuing bank validates the request, checks available funds, and returns an approval or decline code.

  8. Response travels back to the terminal, which prints a receipt and updates the supermarket’s sales database.

Components and Their Functions

ComponentFunctionTypical Example
Card Reader (magnetic stripe / EM \cdot chip)Reads card data and performs basic validity checks.Contactless reader, chip slot
PIN PadSecurely captures the customer’s PIN and encrypts it for transmission.Integrated keypad on terminal
Terminal ProcessorCreates and formats the ISO 8583 message, handles encryption, and manages network communication.Embedded Linux POS terminal
POS Software (Supermarket Computer)Records the sale, updates inventory, and sends transaction data to the terminal.Retail management system (e.g., SAP Retail)
Acquiring Bank ServerReceives the request, forwards it to the card scheme, and returns the response.Bank’s payment gateway
Issuing Bank ServerAuthenticates the cardholder, checks balance, and issues approval/decline.Bank’s core banking system

Security Measures

  • End‑to‑end encryption (E2EE) of card data from terminal to bank.

  • Dynamic data authentication (DDA) and application cryptograms for chip cards.

  • Tokenisation for NFC payments – the device sends a one‑time token instead of the PAN.

  • PCI‑DSS compliance for all entities handling card data.

  • Limit on contactless transaction value (e.g., $50) to reduce fraud risk.

Communication Protocols

The most widely used protocol for EFTPOS messaging is ISO 8583. A simplified representation of an ISO 8583 message is shown below:

\$\$

\begin{array}{l}

\text{MTI (Message Type Indicator)} \\

\text{Bitmap (indicates which data elements are present)} \\

\text{DE 2 – Primary Account Number (PAN)} \\

\text{DE 3 – Processing Code} \\

\text{DE 4 – Transaction Amount} \\

\text{DE 7 – Transmission Date & Time} \\

\text{DE 11 – System Trace Audit Number} \\

\text{DE 12 – Local Transaction Time} \\

\text{DE 13 – Local Transaction Date} \\

\text{DE 37 – Retrieval Reference Number} \\

\text{DE 41 – Card Acceptor Terminal ID} \\

\text{DE 48 – Additional Data (e.g., NFC token)} \\

\text{...}

\end{array}

\$\$

Secure sockets (TLS) are layered on top of the payment network to protect data in transit.

Sample Transaction Diagram

Suggested diagram: Flowchart showing the interaction between Card → Terminal → Supermarket POS → Acquiring Bank → Card Scheme → Issuing Bank → Response back to Terminal → Receipt.

Common Issues and Troubleshooting

  • Card declined – insufficient funds: Verify balance with issuing bank.

  • Invalid card number: Check Luhn checksum; re‑read the card.

  • PIN entry error: Ensure PIN pad is functioning and that the PIN is entered correctly.

  • Contactless not working: Card may be out of range or exceed the contactless limit; fallback to chip‑and‑PIN.

  • Network timeout: Verify internet/VPN connection to acquiring bank.

Assessment Questions

  1. Explain how a chip‑and‑PIN transaction differs from a magnetic‑stripe transaction in terms of security.

  2. What is the purpose of the Luhn algorithm in card validity checking?

  3. Describe the role of NFC in modern EFTPOS systems and give two examples of devices that use NFC for payment.

  4. List three security standards or protocols that protect EFTPOS transactions.

  5. Draw a brief sequence diagram (you may describe it in words) that shows the messages exchanged between the supermarket computer and the bank computer during an approval request.