There’s no denying that we are all witnesses to the explosive growth of online sales as consumers increasingly embrace the convenience of digital payments and platforms. But here’s a fun fact that doesn’t get much attention: a whopping 80% of retail purchases are conducted in person! People still frequent stores, restaurants, medical offices, automotive dealers, hair salons and more to buy goods and services.
Many payment gateways’ APIs only support digital and ecommerce payment acceptance, requiring third-party connectivity for more complex in-person payments. Why offer your customers the bare minimum? Enabling in-person payment acceptance requires an understanding of terminal features, integration and connectivity methods, and data security impacts.
A semi-integrated payment solution speeds time to market and reduces complexity. Consider these important factors when evaluating semi-integrated solutions for in-person payment acceptance.
Does the Terminal Reduce PCI Scope?
Any organization that stores, transmits or credit card data is subject to the Payment Card Industry Data Security Standard (PCI DSS). Software providers that directly integrate payment functions within their applications are subject to costly annual PCI audits to ensure the proper handling and protection of credit card data.
Semi-integrated solutions communicate with point-of-sale (POS) systems or software applications and reduce the amount of sensitive information – including payment card data – that an organization processes and stores. The terminal is responsible for capturing card data and transmitting transactions to the processor. Upon authorization, tokenized data is returned to the POS. Bypassing the POS this way means actual payment card details never touch the software application. This allows developers to extend all the benefits of integrated payment acceptance in a way that protects sensitive data and keeps their software out of the PCI scope.
If you partner with a PCI Level 1 provider like PayJunction, the onus of PCI standards falls to the systems hosted in their data centers.
Is Middleware Eliminated?
There are two connectivity methods for semi-integrated solutions: middleware and cloud-controlled. The middleware option requires the installation and updates of software drivers on the POS system or computer with which the terminal is connected (e.g. via USB). With middleware, the business’s computer that runs the drivers becomes implicated in PCI.
A cloud-connected EMV payment terminal routes transactions directly to the provider, ensuring that no sensitive card information is stored on the terminal or travels through networks, increasing security. Businesses simply plug the terminal into a network via Ethernet or Wi-Fi and communicate to it via a REST API. Software providers and their customers remain out of PCI scope since cardholder data bypasses the software application, the POS system or computer and the business’s network.
Does it Require Time-Consuming EMV Certification?
Payment terminals and applications are required to go through extensive end-to-end EMV certification involving the processor and the card brands. If a payment application is fully integrated with a software application, it must be submitted for testing and certification. Processor certification queues can back up, causing months-long delays for software providers anxious to get their solutions to market. Further, any updates to the hardware, the payment application and the software that facilitates the transmission of transactions require recertification
Software providers can avoid this entire process and get to market faster by partnering with a provider like PayJunction that has turnkey payment terminals that have already achieved EMV certification.
Can One Application Run on Different Devices?
The way businesses accept payments continues to expand. Omnichannel processing solutions streamline in-store, online and invoice payments. In-person interactions have evolved to include check-out stations, curbside servicing, festivals, pop-up events and more. Software developers shouldn’t have to interface to multiple payment terminals and applications to meet customer expectations.
A developer-friendly partner has advanced API tools and a single payment application that runs on both fixed and portable payment terminals.
Choose a provider that removes extra middleware and third-party gateways so you can get to market quickly.
Do you have additional questions about payment APIs? Leave them in the comments section below and we'll get back to you!
Editor's Note: This post was originally published in May 2017 and has been updated for comprehensiveness and accuracy.