Building business-to-business software and point of sale systems isn’t easy. You build, then refine, then re-build, then refine again ... and again. Finally, you have a worthy product that’s ready for use, except for one small detail: your customers are businesses and they need to accept payments.
Integrating payments might sound easy at first, but there are quite a few challenges, especially for in-person payments. To understand the problem, let’s go over the basics.
EMV API and PCI Compliance
All credit and debit cards contain sensitive cardholder data. To maintain a secure environment Visa, MasterCard, American Express, JCB and Discover created a set of requirements called the Payment Card Industry Security Standard, commonly referred to as PCI DSS. Any software that stores, processes or transmits cardholder data is subject to PCI. But what does it mean to be PCI compliant?
First, your company and software have to undergo annual PCI audits to examine your systems and identify vulnerabilities. You also have to run quarterly scans to check that your data environment is secure. Such audits eat up your time, and will cost your business tens of thousands of dollars per year. But that’s not all.
Unlike traditional magnetic stripe cards that can be easily cloned by fraudsters, EMV chip cards generate a unique one-time code for the transaction to be approved, making them impossible to counterfeit when processed with an EMV-ready card reader.
On October 1, 2015 there was a liability shift related to in-person fraudulent transactions. Merchants who swipe chip cards on traditional magnetic-stripe-only terminals became liable for any fraudulent transactions. The only way around this is to adopt an EMV-ready terminal that can detect a fraudulent EMV credit card. But what does it take to get your software EMV certified?
EMV API Saves Developers Money
First, testing tools cost $10,000 per developer, and you have to certify with every brand individually — running unique tests for Visa, MasterCard, American Express, Discover and JCB. Because of a high volume of requests, EMV certification queues are backed up — you could wait several months just to get in line. Luckily, there’s a solution.
You can connect your software to our Smart Terminal. Within a matter of minutes your software will be able to process EMV chip cards, traditional magnetic-stripe cards and contactless payments such as ApplePay. But the best part is that you never store, process or transmit cardholder data, so you’re not in the scope of PCI.
As a third-party developer, you can leverage PayJunction's existing PCI and EMV certification to limit or possibly eliminate the need for annual audits. Our cloud-based Smart Terminal and REST API allow you to connect your software without installing any middleware or drivers. Simply tell the terminal how much you want to collect and it will take care of the rest.
It takes just a few minutes to get your software connected to our Smart Terminal. The good news is that you don’t have to spend $10,000 for a testing tool!
As a developer, what elements of our EMV API appeal to you? What do you have questions about? We'd love to hear from you!