Standalone vs Fully-Integrated vs Semi-Integrated Payment Solutions
I have regularly been asked about the differences between payment processing terminals and payment integration methods, and the best, fastest and most affordable options to integrate a Point of Sale software to a payment processing system.
In this article, I try to highlight the differences and explain the advantages and disadvantages of each approach.
Standalone terminals:
Sometimes referred to as “Black Box”, Standalone terminals do what you guessed. They stand alone and disconnected from the point of sale software. Out-Of-The-box solution for when you need to be up and running and accept credit card payments fast.
To a developer, a standalone terminal is just a disconnected part of the payment system and does not communicate with your software. Sales initiated on the point of sale and a ticket gets created. Clerk will process the customer’s card on the “Standalone Terminal” and then key in the amount to the point of sale software! There is nothing to talk about here.
To a merchant there are several drawbacks, which will become more significant as the business grows. Besides the fact that the Standalone terminal does not talk to the till system, there’s always potential for keying errors, double-entry (to the terminal and then the till) increases the check-out time and because each terminal generates its own end-of-day report, which needs to reconcile against your merchant service provider statement, standalone terminals create more work behind the scene as you install more of them.
Fully Integrated payment solutions:
In a fully-integrated payment environment the entire system is within the merchants maintained infrastructure and you will find the following elements:
• POS system: POS terminal and Electronic cash register (ECR). ECR could be a software or just a good old cash register.
• Backoffice server: Card and payment information is stored here.
• Processor: Backoffice server forwards the Card data to the processor and receives the results (Approved or Declined).
In a typical transaction this is what takes place:
1. The amount due is generated by the ECR (POS Software) and sent to the POS terminal.
2. The cardholder is prompted to use their credit card (dip/swipe).
3. The card data goes through the terminal, to the POS software and finally into the Backoffice server where the encrypted card information is stored.
4. The Backoffice server then forwards the card info to the payment processor to request a payment authorization.
5. The authorization response is then directed back to the ECR to complete the transaction.
In this method the entire system is within the scope of PCI. Any change in any part of the system affects the other parts. They are all connected and communicating with each other.
Building a fully integrated system takes several months of work and tens of thousands of dollars.
Regardless of efforts you put to the initial design and implementation, you must maintain the system and keep it up to date with ever-growing PCI mandates.
We all have heard of breaches at major retail stores.
Semi-Integrated Solutions:
The semi-integrated solutions are proven to:
• require less development,
• a reduced PCI scopes,
• Faster time to market,
A semi-integrated payment solution includes the same parts as a fully integrated payment solution. However, the communication between these pieces is limited to the payment terminal and the POS software with only non-sensitive information.
1. The total amount due is produced by the POS software and sent to the POS terminal.
2. Cardholder dips/swipes their card.
3. The credit card data goes directly to the processor for payment authorization.
4. The authorization response from the processor is sent directly to the POS terminal.
5. The POS terminal then forwards the results to the POS software.
As you can see no sensitive data is stored on merchant’s servers. The semi-integrated POS terminal handles the communications of sensitive data and POS software does not touch them!
If cybercriminals hack into the POS software (ECR), they won’t find any card data because the software never met it.
Improved security, streamlined EMV migration and reduced PCI liabilities are among many other benefits of a semi-integrated solution.
As a developer, you should consider semi-integrated solutions as your best friends! You can easily provide a secure and integrated solutions to your customers while giving them all the other benefits of semi-integrated environment, such as streamlined EMV processing.
Many manufacturers offer semi-integrated terminals. What you should consider as a developer is:
• Certifications: Make sure the device has been certified by several processors, among them First Data, Global, TSYS.
• Support and documentation: Without this one I will not touch a device. You must be able to get help when you need it and have access to good documentation.
• Price and variety: Make sure your device maker offers terminals for mobile scenarios, pay-at-the-table, NFC transactions and prices are reasonable.
In my experience of working with many devices over the past five years, I always recommend PAX as the first option. Device variety, responsive support team, good pricing and several certifications which helps you to offer your POS software to a larger group of merchants regardless of their processor, are what I have always experienced in working with PAX.
Kourosh
