Card-Present Terminal Decisions
Before selecting terminals, understand:
- Card-present fraud risks
- Terminal operations management
- EMV liability shift rules
- PCI DSS physical security requirements
Terminal choice affects your liability, fees, and fraud exposure. The wrong terminal costs you more than the hardware.
Most SMBs pick based on price or what their processor bundles. Then they discover limitations six months later.
What Matters
- EMV chip transactions shift liability. If you accept a dipped chip card and it's fraudulent, the issuer eats it. If you swipe, you eat it.
- Contactless is expected. Customers increasingly tap. If you can't accept tap, you look dated.
- Keyed transactions are high-risk. Every keyed entry is a liability and fraud exposure.
- Terminal security is your problem. Tampered terminals mean stolen cards and your account shutdown.
- Omnichannel needs planning. If you sell online too, unified processing matters.
EMV vs. Contactless vs. Swipe
EMV (Chip Dip)
| Aspect | Details |
|---|---|
| Security | Highest for card-present. Chip generates unique cryptogram per transaction. |
| Liability | Fraud liability shifts to issuer when chip is read. |
| Speed | 2-4 seconds. Slightly slower than tap. |
| Customer expectation | Standard. Everyone expects chip readers. |
Contactless (Tap)
| Aspect | Details |
|---|---|
| Security | Same cryptogram technology as chip. |
| Liability | Same liability shift as EMV. |
| Speed | 1-2 seconds. Fastest card method. |
| Customer expectation | Growing. Post-COVID, many prefer no-touch. |
| Requirements | NFC-enabled terminal. Most modern terminals include this. |
Swipe (Mag-stripe)
| Aspect | Details |
|---|---|
| Security | Lowest. Static data, easily cloned. |
| Liability | Fraud liability stays with merchant. |
| Speed | Fast, but irrelevant given liability. |
| When acceptable | Fallback only when chip fails. Should be rare. |
Rule: Chip and tap always. Swipe as last resort.
Mobile POS Options
Mobile POS (mPOS) means a card reader connected to a phone or tablet.
When Mobile POS Works
- Mobile businesses (food trucks, market vendors)
- Pop-up retail
- Service businesses at customer locations
- Low-volume retail testing a location
- Backup terminal when primary fails
When Mobile POS Doesn't Work
- High-volume retail (too slow, battery issues)
- Situations requiring receipt printer integration
- Complex inventory/POS needs
- Unreliable phone connectivity
Common Mobile POS Options
| Device | Best For | Notes |
|---|---|---|
| Square Reader | Very low volume, simplicity | Locked to Square ecosystem |
| Stripe Terminal | Developers, omnichannel | More technical setup |
| PayPal Zettle | PayPal users, low volume | Limited customization |
| Clover Go | SMBs wanting Clover ecosystem | Hardware leasing traps |
Mobile POS Trade-offs
| Pro | Con |
|---|---|
| Low upfront cost | Higher per-transaction fees |
| Portable | Battery dependent |
| Quick setup | Limited integration |
| Good for testing | May outgrow quickly |
Countertop Terminals
Traditional terminals that sit at checkout.
Key Features to Require
- EMV chip reader
- NFC/contactless
- PIN pad (for debit)
- Internet connectivity (Ethernet preferred, WiFi fallback)
- Receipt printer (built-in or separate)
Key Features to Evaluate
| Feature | Why It Matters |
|---|---|
| Dual-facing screen | Customer can see amount, enter PIN, tip |
| Integrated printer | Fewer failure points |
| Battery backup | Continues during brief power outages |
| PCI PTS certification | Security compliance |
Terminal Locking
Some processors bundle "free" terminals that only work with them. When you leave:
- Terminal becomes paperweight
- No token portability
- Forced to start over
Ask before accepting bundled hardware: "If I switch processors, can this terminal work with others?"
MOTO/Keyed Transaction Risk
MOTO (Mail Order / Telephone Order) and keyed transactions are high-risk.
When Keyed Entry Is Acceptable
- Established B2B customer calling with a repeat order
- Card present but chip won't read (1 attempt only)
- Phone orders with verified existing accounts
When Keyed Entry Is a Red Flag
| Scenario | Risk |
|---|---|
| Walk-in customer says chip "doesn't work" | Possible counterfeit or card testing |
| Employee keying cards at end of shift | Possible collusion or internal fraud |
| High keyed ratio at one register/employee | Internal fraud signal |
| Keyed transactions for pickup orders | Card may not be present at all |
Liability Shift Loss
Keyed transactions do not get EMV liability shift. If the charge is fraudulent, you eat the loss.
Employee Training
Train staff:
- Never key a card if the customer refuses to try chip/tap
- If chip fails twice, ask for different card
- Document why any keyed transaction was necessary
- Never key a number read over the phone by a walk-in customer
Monitoring Keyed Ratio
Track keyed transactions as percentage of total CP volume.
| Ratio | Status |
|---|---|
| < 2% | Normal. Cards occasionally fail. |
| 2-5% | Investigate. Check by employee. |
| > 5% | Problem. Review immediately. |
"Can we pull a report showing keyed transaction percentage by employee or register?"
Device Fleet Hygiene
If you have multiple terminals, fleet management matters.
Reader Labeling and Inventory
- Label each terminal with unique identifier
- Track serial numbers and locations
- Know which terminal is at which register/location
- Maintain spare for quick replacement
Connectivity Best Practices
| Connection | Pro | Con |
|---|---|---|
| Ethernet | Most reliable, fastest | Requires wired infrastructure |
| WiFi | Flexible placement | Interference, security concerns |
| Cellular (LTE) | Works anywhere | Monthly cost, slower |
| Bluetooth to phone | Portable | Battery dependent, pairing issues |
Recommendation: Ethernet for fixed locations. Cellular for mobile. WiFi as middle ground.
Firmware Update Cadence
- Terminals require firmware updates for security and features
- Schedule updates during off-hours (after close or before open)
- Test after update before peak hours
- Some processors push updates automatically (verify this is happening)
Offline Mode Risks
Many terminals can accept transactions offline and batch-upload later.
Risks:
- Offline transactions have no real-time auth
- If card is actually declined, you don't find out until batch
- Fraud risk is higher
- Weekend offline batches can mean Monday surprises
Guidance: Disable offline mode unless absolutely necessary. If required, set low limits.
Battery and Charging Discipline
For mobile and battery-backup terminals:
- Charge overnight
- Replace batteries proactively
- Don't drain to zero (damages battery)
- Have backup charger/battery
When a Reader Disappears from Dashboard
If a terminal stops appearing in your processor dashboard:
- Check power and connectivity first
- Verify firmware is current
- Check if it was reassigned or removed
- Contact processor support if unresolved
- Consider it potentially compromised until explained
IVR/Phone Payment Risk
Taking card numbers over the phone creates PCI scope and fraud exposure.
PCI Scope Implications
If staff hear or transcribe card numbers:
- Your environment is in PCI scope
- Call recordings with card data are violations
- Systems that display card numbers need protection
Authentication Challenges
Phone payments have:
- No 3DS option
- No device fingerprint
- No address verification at point of call
- Only CVV as protection
Fraud Patterns
| Pattern | Description |
|---|---|
| Social engineering | Fraudster calls claiming to be customer, provides stolen card |
| ATO via support | Fraudster calls to add card or change details |
| Employee collusion | Staff takes card info for personal use |
When Phone Payments Are Acceptable
- Established B2B relationships with known contacts
- Follow-up to in-person transaction (card failed, callback with different card)
- Low-ticket, low-risk items
Better Alternatives
| Instead of Phone | Do This |
|---|---|
| Customer reads card over phone | Email/text a payment link |
| Staff keys card number | Send hosted checkout link |
| Repeat B2B orders by phone | Set up on-file billing |
Related: Invoicing
Omnichannel Considerations
If you sell in-person and online, unified processing simplifies everything.
Benefits of One Processor for Both
| Benefit | Why It Matters |
|---|---|
| Unified reporting | One dashboard for all transactions |
| Single reconciliation | One deposit, one statement |
| Token sharing | Cards saved online work in-person and vice versa |
| Consistent pricing | No managing two rate structures |
When Separate Processors Make Sense
- Specialized CP processor with better terminal support
- Legacy in-person setup that works, new online launch
- Temporary while migrating
Omnichannel Pitfalls
- Different merchant IDs for CP and CNP can confuse reconciliation
- Customer disputes may land in wrong system
- Token portability between channels isn't automatic
- Reporting gaps between systems
"Are our in-person and online transactions on the same merchant account? Do saved cards work across channels?"
Terminal Security
Terminal tampering leads to card skimming, data theft, and account termination.
Tamper Inspection Checklist
Weekly check:
- Terminal casing intact, no unusual gaps
- Card slot matches original design
- No overlay on PIN pad
- No loose cables or wires
- Tamper stickers/seals unbroken
- Serial number matches your records
Physical Security Basics
- Terminals should be visible to staff, not hidden
- Cable terminals to prevent grab-and-run theft
- Limit who can access back of terminal
- Lock terminals in safe overnight (high-risk locations)
What to Do If Tampering Suspected
- Stop using the terminal immediately
- Do not process transactions
- Contact your processor security team
- Preserve the terminal as evidence
- Review recent transactions for anomalies
- File police report if theft confirmed
Test to Run
2-week terminal audit:
Week 1: Baseline and inspect.
- Pull keyed transaction percentage by terminal/employee
- Inspect all terminals for tampering
- Verify firmware is current
- Check connectivity type and reliability
Week 2: Remediate and measure.
- Address any high keyed ratios
- Update firmware if needed
- Fix connectivity issues
- Re-check keyed ratio
Success criteria: Keyed ratio under 2%, all terminals current on firmware, no tampering signs.
Scale Callout
| Volume | Focus |
|---|---|
| Under $100k/mo CP | Get a basic EMV/NFC terminal. Square or Stripe Terminal are fine. Don't overthink it. |
| $100k-$1M/mo CP | Fleet management matters. Standardize terminals, track keyed ratios, schedule firmware updates. |
| Over $1M/mo CP | Multi-location consistency, dedicated terminal support, employee training programs, regular security audits. |
Where This Breaks
-
Multi-location businesses with inconsistent terminal versions. Old terminals at some locations create liability gaps and reporting inconsistencies.
-
Mixed CP/CNP with reconciliation complexity. Separate merchant IDs for channels creates accounting headaches.
-
High-turnover staff requiring constant retraining. Security and procedure training gets neglected with frequent staff changes.
Analyst Layer: Metrics to Track
| Metric | What It Tells You | Target |
|---|---|---|
| Keyed transaction % | Liability exposure and fraud risk | < 2% |
| EMV dip vs. tap ratio | Customer preference, terminal capability | Track trend |
| Offline transaction % | Batch risk | < 1% or 0% |
| Terminal uptime | Hardware reliability | > 99% |
| Chargeback ratio by channel | CP should be lower than CNP | CP < 0.3% |
Next Steps
Choosing terminals?
- Compare EMV vs contactless vs swipe - Know the trade-offs
- Evaluate mobile POS - When mPOS works and doesn't
- Check countertop features - What to require
Managing existing fleet?
- Monitor keyed transaction ratio - Under 2% target
- Implement tamper inspection - Weekly checks
- Follow fleet hygiene - Labeling, connectivity, firmware
Concerned about security?
- Train employees on keyed transactions - When to refuse
- Secure physical terminals - Cable, lock, visible
- Know response protocol - Stop, preserve, report
Related Pages
- Card-Present Fraud - In-person fraud risks
- Terminal Operations - Day-to-day management
- Buying Payments - Processor selection
- Invoicing - Phone payment alternatives
- EMV & Contactless - Chip security
- PCI DSS - Physical security requirements
- Processor Management - Acquirer relationships
- Reading Statements - Fee analysis
- Decline Codes - Transaction failures
- Chargeback Prevention - Dispute reduction
- EMV Liability - Liability shift rules
- Checkout Conversion - Omnichannel integration