The following is a guest post from Deb McAteer, VP U.S. Acquirer Sales, North America / Ingenico Group. The post originally appeared on the Ingenico Group Blog and has been reposted with permission.
With the EMV migration underway in the U.S., merchants are beginning to rethink their traditional approach to payments. They are seeking a more flexible approach to help streamline their payment process, enhance payment security and manage PCI scope. This is where a semi-integrated payment environment comes into the picture.
To understand how semi-integrated approach to payments can help merchants, we must understand the differences between that and a fully-integrated payment environment.
Traditional Integrated Environment: The way it’s done today
A fully-integrated payment environment is composed of following elements:
- POS system
- POS terminal
- Electronic cash register (ECR)
- Merchant back office
- Transaction processor
In a typical transaction, the amount due is generated by the ECR and sent to the POS terminal where the card holder is prompted to use their credit card. Once the card is dipped/swiped, the card data travels the smart terminal, through the ECR and into the merchant’s back office infrastructure where the information is stored. The back office infrastructure then forwards the card data to the transaction processor for payment authorization. The authorization response is then sent back to the ECR to complete the transaction.
The Semi-Integrated Environment: The payment architecture of the future
A semi-integrated payment environment is composed of the same elements as a fully integrated payment environment. However, the communication between these elements is limited to the payment terminal and the ECR system with only non-sensitive commands.
With semi-integrated, the amount due is generated by the ECR and sent to the POS terminal. Once the card holder dips/swipes their card, the credit card data travels directly to the transaction processor for payment authorization. The authorization response from the processor is sent directly to the smart terminal, which then forwards the confirmation to the ECR. In this payment environment, sensitive card data never comes in contact with the ECR or the merchant’s back office infrastructure, strengthening payment security and reducing the PCI scope on these systems. In an event the cyber criminals hack into the ECR, they won’t find any credit card information because the ECR never came in contact with it.
Benefits of Semi-Integrated Payments: Improved security, streamlined EMV migration and more
A semi-integrated payment environment can bring many benefits to merchants. Here are a few reasons to adopt this new architecture:
Improved Security: Eliminates cardholder data from the POS
With a semi-integrated payment solution, merchants can reduce their vulnerability to data breaches by keeping sensitive card data out of their POS environment. A typical semi-integrated solution is also compatible with payment security technologies such as point-to-point encryption (P2PE), thus providing additional security measures for merchants.
Reduced PCI Audit Scope: Saves valuable time and money
By keeping the ECR and the back office systems out of the transaction flow, semi-integrated payment solutions reduce PCI scope. For many merchants, this can result in huge cost savings and help increase the chances of a successful PCI audit. They also save time because the PCI audit will take less time with a semi-integrated solution as compared to a fully integrated environment.
Complete Control: Separates the POS from payment
As payment technology moves forward, today’s merchants need to be more agile and capable of responding to changing customer demands. A semi-integrated solution separates the merchant’s systems from the payment process, which allows them to be better prepared to adapt to changes to their point of sale without affecting their PCI compliance or security.
Benefiting Other Stakeholders: Processors, ISVs, VARs, gateway providers and integrators
While a move to a semi-integrated architecture has a number of benefits for merchants, there is a series of similar benefits for the other stakeholders in the payments ecosystem:
- Processors can reduce their EMV certification backlog by certifying a semi-integrated solution and offering it to ISVs and VARs.
- ISVs & VARs can leverage the processor’s pre-certified solutions to save time and take their applications out of PCI PA-DSS scope by removing sensitive PCI data from their domain.
- Gateway providers can develop their own semi-integrated solutions that operate through their service and provide merchants with flexibility by handling the difficult part of certifying to a variety of processors.
- Integrators can simplify their terminal integration.
Given these benefits, it’s not surprising that many merchants have chosen the semi-integrated approach when upgrading their payment solutions for stronger security. It provides an easy path for merchants to streamline the payment process while reducing PCI scope. They also save time and money as well as future-proof their payment infrastructure for what may come next.