As fast as technology keeps changing today, it could be tempting to put off a payment system upgrade, thinking that things will just change once again after the money is spent.

But there does come a point where older hardware will no longer support software or firmware updates—including new security protocols. There’s also a point where retrofit kits on top of retrofit kits can be complex and cumbersome, potentially impacting the overall customer experience. And with the increasing number of security breaches related to businesses nationwide, the number of credit card security updates has gone from one every 18-24 months to one or two each year.

“Everything has just intensified,” said Brian Garavaglia, Business Development Manager, PDQ Manufacturing, Inc. “A lot has changed in regular processing, in credit card protocol and with EMV technology now coming into play.” So is it time to upgrade? Car wash payment systems continue to advance in technology, connected capabilities and security.

Car wash operators have already negotiated the challenges of upgrading equipment to comply with the Payment Card Industry Data Security Standard (PCI DSS), which aims to protect sensitive consumer information. More recently, however, the push to adopt EMV (Europay, MasterCard and Visa) chip card technology has been at the forefront. At current, there’s no mandate requiring businesses to accept the new chip cards; for businesses—car washes included—willing to accept liability for charge backs resulting from counterfeit cards, there’s no law against it. “But as we go forward, that may change,” Garavaglia said. “EMV is not going away. Every other major economy is already on it.”

For those ready to make the shift, payment systems from companies such as PDQ, Innovative Control Systems, DRB Systems and Unitec seek to meet the need. PDQ, certified for doing EMV transactions with two processing groups, offers a radio-frequency identification (RFID) system option; a built-in web interface for updating, reporting and monitoring; complete integration with the car wash system and more. Innovative Control Systems has products that range from a simple direct fit replacement, to those for “the merchant who wants it all: EMV, end-to-end encryption and contactless,” said Nicholas Tylenda, Innovative Control Solutions’ Director, Strategic Business Development. DRB Systems, which passed 4 million users of its FastPass RFID Tags earlier this year, has handheld portable touchscreen terminals, self-pay stations and near field communications (NFC) technology. And the latest offerings from Unitec include features like remote access capabilities; embedded loyalty programs/cross-merchandising options/advertising opportunities; separately keyed cash access with alarm; change in the form of bills, coins or both and more.

But these days, the most important features have to do with security—at least until the next tech iteration, which will likely involve further NFC and mobile payments.

“We specialize in car wash payment systems for both convenience store applications as well as stand-alone investor sites,” said Brad Quay, Unitec’s Director of Sales, Eastern Region. “Unitec prides itself on designing and implementing technology and features based on collaboration with our partners, both operators and distributors. When tasked with incorporating EMV and NFC into our payment systems, we took the time to understand the significant impact this had on our customers. We carefully sought out vendors with the most fitting and cost-effective solutions and we educated operators about how EMV may, or may, not impact their business.”

In terms of security, EMV and PCI are complementary standards, Tylenda said. “PCI requirements help to protect cardholder data as it travels from the card to the processor,” he said. “EMV helps ensure that only legitimate cards are accepted by merchants and, if PIN security is enabled, to ensure that the cardholder is authorized to use the card. By making it difficult to steal the data in the first place and then devaluing the usefulness of any stolen data being presented to them, a merchant is doing everything that they can to protect their customers and their business.”

But we’re in a time, Tylenda said, where data breaches hit the news on a regular basis. “I think that the concept of taking data security seriously and making it part of day-to-day operations has taken root. It is clear to everyone that you cannot just throw antivirus on a machine and call it a day. Security is becoming ingrained in the culture of businesses now. I see more and more car wash owners taking a proactive approach looking for ways to minimize risk. They are more likely to take advantage of the tools available to them. There is no silver bullet that protects against all threats, but all the incremental steps that merchants are taking leads to powerful protection that encourages attackers to look elsewhere for easier prey.”

As for those who have not yet upgraded, he continued, “There will come a time that the costs of not being EMV compliant will become too much for a merchant to accept. Fraud-related chargebacks and EMV non-compliance fees are putting considerable pressure on merchants to make the switch.”

But pressure also comes from the cardholders. “The perception of security is an ever-increasing factor in the decision-making process of customers when they decide where to spend their money,” he said. “Merchants need to be sensitive to the fact that their customers are concerned for their private data. Taking that visible step of upgrading hardware lets the customer know that the merchant shares that same concern.”

Garavaglia notes, however, that even when EMV hardware is installed, if the card is still swiped through a magnetic stripe, it’s likely not processing off of the chip—and is therefore not as secure as true chip transactions. That can happen when the processor the operator is working with is not yet certified, so it’s important to ask the right questions. Tylenda said he’s noticed a lot of frustration due to solutions coming to market slowly.

“The perception is that a merchant just has to add an additional piece of hardware and then they suddenly have the ability to process chip card transactions,” he said. “The reality is that there is vigorous testing and certification that needs to be done on the hardware and software of each solution. Each solution also needs to be separately tested and certified against each payment processor that will use it. These certifications are time-consuming and costly. There is also a long waiting list for new solutions to be tested.”

For some operators, a retrofit still may be the way to go; for attended-point-of-sales like at a full-service wash, Tylenda said, “the upgrade path is usually just the addition of an EMV-enabled counter-top terminal. These terminals will include the reader, PIN pad and the module for contactless payment all in one device.” Unattended terminals, however, are a different story. Currently available hardware typically has the PIN pad separate from the card reader and the contactless reader.

Quay, meanwhile, said the choice to retrofit or replace depends both on the equipment age and the goals of the car wash operator. “The cost for retrofitting is typically less, but operators with older equipment will reach a point where retrofits are no longer viable due to product limitations. For those with simple needs, retrofits may make sense. Operators should understand the capabilities available through new systems to determine how they would benefit from this investment. Maintenance should also be a consideration, as costs will typically increase as equipment ages and could be less with a replacement vs. a retrofit.”

One last thing to consider with an upgrade: As consumers are using cards in place of cash more and more, cash-free payment systems might be worth a closer look.

“Cash-free payment systems are ideal when the costs and associated risks of accepting cash outweigh the benefits,” Quay said. “Assuming the operator is accepting cash already, the costs would be mostly in managing cash—between the site and their bank—and potential costs from vandalism and theft. When purchasing equipment, considerable savings can be realized without cash. It should be fairly simple to determine the benefits based on cash payment history, but more difficult to predict potential loss of business without cash. The loss would be less if there are alternative and convenient means to accommodate the cash customer. Also, there is an inherent benefit to improved transaction times when people use a card versus taking the time to feed currency into a machine.”

Garavaglia, for one, says he still sees some resistance from operators when it comes to moving ahead. “But we’re seeing this kind of technology elsewhere, when you go to Target, and Walmart, and the grocery,” he said. “There’s growing acceptance as people are getting more familiar with it.” “A lot has changed in regular processing, in credit card protocol and with EMV technology
now coming into play.”