How Software Ate the Point of Sale

Or, why paying for stuff is so complicated now

A cash register among debris
Adam Hunger / Reuters

I’m standing at the counter of a Vietnamese restaurant in Berkeley, ordering a pork bun. There was a time when I knew exactly what would happen next. I’d hand over my card, the cashier would swipe it, a little receipt would curl out of a machine, I’d sign it, and I’d crumple the bottom copy into a pocket. Easy.

Now all kinds of things can happen. I might stick my card directly into a point-of-sale (POS) system. Maybe I swipe; maybe the cashier does. Perhaps a screen is swiveled at me. I could enter my PIN on a little purpose-built machine; I could sign with my finger on a screen; I could not have to sign or enter a PIN at all. I could tap my phone on a terminal to pay. Usually, there’s a chip reader for my no-longer-new chip card. When I put the card in one of the machines, sometimes it takes four seconds; other times, I have time to pull out my phone and stare at it, which means I forget about the card until the reader begins to beep at me, at which point I pull it out, mildly flustered, as if I’d caused too much ice to pour out of a soda fountain. Ah! Okay. Sorry.

The act of paying for stuff is undergoing a great transformation. The networks of machines and code that let you move your imaginary money from your bank account to a merchant are changing—the gadget that takes your card, the computer that tracks a restaurant or store’s inventory, the cards themselves (or their dematerialized abstractions inside your phone). But all this newness must remain compatible with systems that were designed 50 years ago, at the dawn of the credit-card age. This combination of old and new systems, janky and hacky and functional, is the standard state of affairs for technology, despite the many myths about how the world changes in vast leaps and revolutions.

If some areas of financial technology, or Fintech, promise a new elegance, the point of sale serves as a reminder of the viscosity of the everyday technologies on which most Americans rely. If you want to divine the future of transportation, you’d probably learn more thinking about the bus than the rocket. If you want to know how money is gonna change in the future, you need to look at the cash register as much as the blockchain.

But the most powerful and ambitious companies in the world have tremendous incentive to take interest in the cash register. It’s there where the two great data streams of the modern world flow together: what people do on their phones and what they buy in the physical world. In the first stream, the tech one, the rule is that data becomes money, after it is fed into machine-learning systems tuned to show you better ads. In the other, the data is money. If these two streams fully merged, a company could have a perfect ledger of what you saw and then everything you bought. The ads would get better, so you’d buy more stuff, and in buying more stuff, you’d make the ads better. Online, Facebook (and others) can already track all kinds of activity. But about 90 percent of purchases are still made IRL. Imagine the vast sums of money that could be made if every transaction became part of the ledger. Unsurprisingly, the big tech companies want a piece of this action—as do the banks, as do many start-ups and established, niche players.

So Americans are living through what Bill Maurer, the director of the Institute for Money, Technology, and Financial Inclusion at the University of California, Irvine calls the “Cambrian explosion in payments.” The “point of sale”—once a poky machine or just a person with a calculator or a pencil—is now a computer like everything else, tied deeply into the operations of the restaurant or store. The labor of making a payment could fall to the cashier, as in the old days, or to me, the customer, but we’re both accessing a complex, evolved system of reckoning between banks and their attached remoras, feeding on whatever money ends up in the water.

For your average fast-casual restaurant or mom-and-pop store, new point-of-sale systems promise easier bookkeeping, strategic business insights, and the kind of synoptic view of operations that is irresistible to managers. But to get all those analytics, those efficiencies, requires becoming part of the Silicon Valley world, with all the potential and pitfalls that entails. Players such as Square and Toast are fully technology companies, thinking about payments as a “stack” of different pieces of hardware and software, and they want to capture more of those layers than the banks and hardware makers of yore. Apple and Google and Amazon see locking people into their ecosystems and accumulating payment data to be as valuable as any transaction fees that can be wrung out of consumers.

Which is why the biggest trends in technology—platformization, data hunger, iteration, venture-capital-backed disruption, hype—have made their way to payments. Point-of-sale systems used to change slowly, with restaurants upgrading over years or even decades. Now they can be an app on an iPad with a new UX as often as engineers can push the updates.

A butcher customer using a point-of-sale machine (Marco Bello / Reuters)

Even the literal way that the machines plug into one another has changed. A credit-card reader almost always used to be a standalone brick of a machine, a Verifone or an Ingenico perched on a countertop. Maybe it was tied to a point-of-sale system. Maybe it sat there alone, next to an electronic cash register or someone with a big-buttoned calculator. The Squares of the world seek to internalize all the components of a transaction into a sleek screen mounted on some futuristic enclosure. The legacy companies such as Northstar and Cayan have tried to keep pace, and new systems are proliferating as quickly as salespeople can harangue merchants into upgrading.

In payments, everything is categorically more convenient than in previous decades and yet also sort of broken in new ways, which I guess makes them pretty much like everything else that has been touched by technology in recent years. The last time things changed this much, Richard Nixon was president.

Take out your credit card, the piece of plastic. Run your finger over its embossed characters: your name, the expiration date. The embossing is a holdover from the earliest days of charge cards, an early-20th-century invention that was generally issued by a retailer, say a department store, and looked basically like a dog tag with raised figures enumerating your account. Stick one in an imprinter, with some carbon-copy paper, and it could create a receipt for a customer as well as one for the store. When the merchant brought the receipts to the bank, they got funds deposited in their account. It was simple, but laborious.

In the mid-century, banks came to take over issuing credit cards. To know if a customer’s account could be drawn on to make a purchase, the merchant had to call the bank. I mean this literally: They had to pick up the phone and dial, according to David L. Stearns’s history of the development of payment systems. And the cards only worked within one bank’s system, which meant that every bank had to sign up the merchants who would accept their card. Banking was much more tightly regulated back then too, so in some states, there were only local banks. If you left the zip code, your card wouldn’t work. One 1950 charge card only worked “in a two-block radius” of its issuing bank.

California was a little looser with its banking regulations, which made it possible for Bank of America to scale up the highly successful BankAmericard throughout the populous state. It used its many retail locations to sign up merchants and sent cards to people’s homes unsolicited. What they lost in fraud and unpaid bills, they made up for by taking a hefty cut from merchants for the ability to accept cards.

By the mid-1960s, other banks began to launch widely used credit cards. But what would happen if the bank issuing the card was different from the merchant’s bank? There wasn’t a way to exchange those funds. And what about traveling to different cities, let alone states or countries? The banks knew they needed a way to authorize transactions and exchange money with each other. So they developed new systems of cooperation, which became known as Visa and Mastercard. The card networks allowed someone whose bank was in San Francisco to use their card in Los Angeles or Louisiana or La Paz. This is so basic to how money works now that it seems like it always existed. It is such an ordinary miracle, like photosynthesis, that it’s only when you slow down to explain it, as if to an alien or a child, that it becomes striking, even amazing.

The prophet of this new system was Dee Hock, then a local banker whose branch had become a licensee of the BankAmericard. Hock became a central figure in knitting together the banks, not just technically, but through the organization he helped create, Visa.

Hock believed that Visa was the embodiment of a new type of decentralized organization, one that would help usher in what he called the “chaordic age.” He realized, he wrote, that “everything was changing with accelerating speed” and the world needed a new kind of institution on the same level as the “nation-state, corporation, and university.” The answer, as he saw it, was in the “chaord,” “the behavior of which harmoniously blends characteristics of both chaos and order.”

To create the “chaordic organization,” core notions and oppositions would have to be discarded, Hock contended. “What if the very concept of separability (mind/body—cause/effect—mankind/nature—competition/cooperation—public/ private—man/woman—you/me) is a grand delusion of Western civilization, epitomized by the industrial age; useful in certain scientific ways of knowing but fundamentally flawed with respect to understanding and wisdom?” Hock wrote.

Hock was not a philosopher, a countercultural icon like Stewart Brand, or some theorist at the Santa Fe Institute (although he did speak there). He was the first CEO of Visa, which he called a “transcendental organization linking together in wholly new ways an unimaginable complex of diverse institutions and individuals.” It did this by emptying out the old idea of money as “hard” currency, bills and paper checks and gold, subbing in a new definition of money: “alphanumeric data in the form of arranged energy,” bits in a computer. And using this idea, Visa built a new standard for computers to talk about money—now known as ISO 8583. Like Internet Protocol or containerization, this low-level agreement on how to move things around the modern world came to organize vast swaths of economic activity. Put all three of these late 1960s innovations together and you have the infrastructure of globalization.

“Visa provides an infrastructure … in which multiple competing financial institutions can cooperate, just enough, to provide a service that none could have realistically provided alone,” Stearns wrote. “In short, Visa makes money move.”

Visa wasn’t the only such organization. A different consortium of financial institutions banded together into Master Charge, which became Mastercard. Then those systems learned to work together (perhaps too well, according to retailers who have long-running antitrust litigation against the companies).

But there was one other key step in creating the modern point-of-sale system. Flip your card over now. Take a look at the magnetic stripe toward the top. It’s what made your card machine-readable. The system was developed by IBM in the late 1960s, and according to one of its architects, “The original information standards—the way the data is physically laid out on the mag stripe—has survived every migration of transaction media, from mag-stripe cards to smart cards, from smart cards to smartphones.”

The stripe itself is not unlike the tape in the cassettes you put in a boom box. But instead of encoding music in a form that can be played back from your shoulder, that little strip of iron oxide contains your account number. Swiping it through a reader plays it back. That’s why Square’s original card reader was designed attached to the headphone jack: The whole device merely sent the signal from the audio read head to the mic input, and then the app could take it from there. (Some beautiful nerds took advantage of this capability and converted the Square reader into a kind of instrument.)

“The payment card is merely an access device, a means for identifying the cardholder to the vast electronic financial network that lies behind it,” Stearns wrote in an essay in Paid: Tales of Dongles, Checks, and Other Money Stuff. Your card is a fob for walking into the vast digital storehouse where the “alphanumeric data” formerly known as money is kept.

From the very beginning, American credit cards have been relatively insecure. If Square can build a dirt-cheap way to read your credit card, so can fraudsters who built devices called “skimmers” which can steal the data off cards, reencode it onto a new one, and, voila, someone is swiping their way around with your account. You might think your signature is a security measure, but it’s basically theater. The only real security in the system is on the network level, where banks process transaction data to look for “suspicious activity.”

Chip-card technology—known as EMV in the industry—is more secure. The data can’t be easily skimmed from the chip, as it stores important information in an encrypted format. For these reasons, it’s been standard in Europe for more than two decades. But not in the United States.

Paying with a chip card (Michalis Karagiannis / Reuters)

Some of that was timing. One, if you installed a brand-new system in the 1970s, you probably didn’t want to buy all new hardware in the 1980s. Two, swiping is super fast and super easy. “Swiping is a really good experience,” said Jesse Dorogusker, the head of hardware at Square. “It sets a really high bar for convenience and speed.” Even if Square can spend the development resources to get its chip-card processing down to three seconds, other systems might take much longer—try counting, you might get to 10 or even 12 sometimes. “It makes for an inconsistent ecosystem,” Dorogusker said. Three, IBM, the developer of the mag-stripe card, was in the database business, so promoting more back-end data processing seemed like a good idea to them.

And so, authorization and fraud detection took place in the bank’s mainframes, while the reader and the card were basically dumb access devices hooked up to a network. This was convenient for customers, but if you were a merchant, not only did you need a special account with a bank that allowed you to transact with cards, but you also had to deal with the whole front-end to that system. As Lana Swartz, a media-studies professor at the University of Virginia and the co-editor of Paid, said to me, in the era before anyone was on the internet, accepting cards required “putting a modem in your shop, maintaining this dial-up thing, maintaining swipe equipment, dealing with errors.”

This gave rise to the POS industry as we now know it. The banks were not going to develop and service the ecosystem of hardware and modems necessary to accept credit cards, and so a whole constellation of businesses rose up to offer these services to mom-and-pop players. Over decades, Ingenico (mostly in Europe) and Verifone (mostly in the U.S.) came to dominate the actual payment hardware, and different point-of-sale hardware and software systems took over different niches. Then middlemen called Independent Sales Organizations, or ISOs, popped up to simplify the complexity of this world for someone who just wanted to sell futons or run a hamburger shop. They created whole packages of card-processing machines, POS systems, and accounts, which they’d roll up into a “solution” for individual merchants, and they also become responsible for assuming the risk of bad transactions. In other words, the ISOs are the complex, sometimes essential, sometimes shady layer between your corner bodega and the world of global finance.

The point of sale, to this day, is shaped by what these companies offer. Philip Parker, who runs, has dedicated the last decade of his life to figuring out what a merchant should do, faced with these realities. When he was in college, he got hired by an ISO, and when he started going into stores, he’d get run out by merchants angry at the last ISO guy who screwed them. “These business owners would be yelling at me, ‘I’ve already been burned by you guys one time!’” Parker told me. Basically, if you got laid off from the used-car-sales lot, this industry might be your next gig.

Parker has now reviewed dozens of different card-payment systems from all kinds of different companies. There is huge variability in the fees that merchants have to pay, he told me, not just based on their systems but the cards that customers use. According to Cayan, a provider of point-of-sale equipment, there are “more than 700” different rates for different cards, transaction types, retail environments, and other factors. “My belief is that the confusion and complication are there on purpose because it allows these financial institutions and ISOs to make more money and charge more without anyone understanding what’s happening,” Parker said.

It’s dizzying. The contracts ISOs have merchants sign also slow down the speed at which restaurants upgrade their equipment. They can get locked into multiyear leases on the one hand, and on the other it can be such a hassle to get the point-of-sale equipment set up that once it’s working, they don’t want to mess with anything.

Josh Bays, a San Francisco resident, has worked in retail and restaurants for the past decade. One place he works uses Square. The other uses a legacy system that runs off Windows 95. “It runs about as slow as you’d expect,” Bays told me. “It’s a four-hour ordeal to add potato salad to the menu.”

But the owners don’t want to change that system out for something new and potentially better. “They know it will continue to work for as long as the hardware does,” Bays said. Whereas with a new system, they’ll be on the hook for a lease. “It’s kind of analogous to how Adobe doesn’t sell Photoshop anymore. They sell a license,” he said. “You never actually own anything.”

Even the chip readers, which would presumably reduce fraud, don’t always seem worth the investment to small-business owners. “There is nowhere I’ve ever worked where the management says, ‘I want to invest in infrastructure,’” Bays said. So they do it when they have to or when they finally get around to it.

The point of sale at Macy’s (Andrew Kelly / Reuters)

There are now dozens of point-of-sale systems offering different kinds of payment integrations and experiences. At their best, they integrate a whole restaurant’s or store’s business. They make it possible to take online orders and simplify accounting. They can keep track of important customers and offer them incentives. At worst, they present unwanted complexity, new problems, and the disruption of systems that worked.

“It’s all kind of a complete mess,” said Maurer, the anthropologist. “There are so many different systems. So many different POS manufacturers each promising different services. So many different payment systems and protocols.”

It’s not just outside scholars who have taken this position. The Aite Group, a financial-services research firm, found in a 2017 report that the POS is moving from “a highly concentrated industry” into one that’s wilder, a “new reality of an open ecosystem facilitating innovation and competition.”

Even the legacy industry-standard POS system for restaurants, NCR’s Aloha, would like to be known as something more. “The way we’ve been talking about Aloha in the last few years is as a platform of sale,” said Jon Lawrence, a senior director at NCR. “It’s more than a play on words: If you think about what Facebook has done, or Uber or Airbnb, these are software platforms that have helped transform industries.”

This is a crazy world that requires hundreds of thousands of small businesses to work through hundreds of vendors to reach thousands of banks. Every company is trying to extract some bits (of data, of money) from every single transaction, building fortunes out of pennies. That’s why Google Pay and Apple Pay didn’t take off like Facebook or Uber. There are just too many human hands reaching for pockets that need to get on board.

And it’s into this environment that Silicon Valley companies—and other VC-backed start-ups like Boston’s Toast—have plunged. Square could hack the technology of the credit-card reader, but the greater system’s complexity affords no elegant solution.

So, the next time you’re waiting for the chip-card reader to beep at you, consider that money has been data for a long time, arranged energy, but like every other part of the world that software is digesting, the gap between the mega-trend and the lived reality is where the money is made.