TruRating is a system for collecting consumer ratings for services received via the payment process.
The Rating is collected by presenting a single question on the PIN entry device (PED) display during a transaction (which may be before, during or after payment) and getting a single numeric key press response (0-9) from the keypad or from a set of numbered buttons on devices that uses a touch-screen (PIN on glass technology) as opposed to a traditional keypad.
Questions are supplied as text so that merchants can adjust the questions according to their business requirements. The use of signed text (prompts) is therefore impractical.
The PIN Entry device must be able to perform a command (code-named “1AQ1KR”) that takes some arbitrary text (formatted according to the capabilities and requirements of the device) and waits for just one key press from the user (or times out) before returning the value of the chosen key.
It is always important to allow a customer to opt-out of providing a rating and therefore at least one key on the keypad or button the touch-screen will be available to the customer to ‘skip’ the rating question shold they wish. On a traditional device with a keypad this is often the key labelled Cancel or Stop for example. The merchant should not have the ability to skip the rating question on behalf of the customer.
1AQ1KR can be implemented in a number of different ways depending upon the technology supported by the PED. In some cases it’s a text only implementation, whilst in others a graphical implementation that supports a mixture of text and graphics using a forms capability within the device to provide the optimum customer experience.
Protecting against fraudulent capture of PIN
A common concern over the use of free text during numeric data entry is the fraudulent capture of PINs. However it is not possible to enter a PIN in a single digit since all PINs must be at least 4 digits in length, and TruRating requires just a single key press response.
It could be possible to capture a PIN by executing a series of these commands in sequence, all with the identical text “Enter your PIN” displayed on the PED. There are several ways that an implementation of 1AQ1KR can address this concern. One example would be to reject subsequent calls to the command within a 30 seconds timeout period, returning immediately with an error code. This will effectively limit the caller to the maximum of a single numeric key press per transaction, thus preventing fraudulent PIN capture.
It is recognised that many PED operating systems support the ability to switch between languages for a displayed prompt, by selecting some particular function key. The TruRating question is available from TruService in multiple languages – as requested by TruModule. It is therefore possible to match the selection of languages that the PED normally supports (e.g. default language of the PED).
In order to provide a consistent behavior of language selection in 1AQ1KR as in other prompt commands, it is proposed that if the key press returned identifies a function key that would normally invoke a switch in language, then the caller may re-issue the command using the appropriate question text and code table for the language selected.