Digital and plastic are making inroads in payments, but so are fraudsters. When it comes to payments processing, increasingly, for POS resellers and merchants and software application developers, the question looms large about the integration of payments.
The question boils down to “full or semi” – integration, that is.
In an interview with PYMNTS, Steve Callis, SVP of integrated payments at Sterling Payment Technologies (acquired early in 2017 by EVO Payments International) talked about the trends that make integrated payments top of mind. Among them is the fact that “there’s a lot of activity taking place in our space that continues to be a natural secular shift – the adoption from cash-based to card-based payments, and what’s augmenting the continued technology innovation and adoption of new point of sale software, and the associated integrated payments that come with it.”
Callis said that “first and foremost is the continued importance of security … obviously, we have seen major retail breaches, we’ve seen other related card fraud activities. These are trends that only continue to grow as fraudsters enhance their capabilities for pilfering and stealing card data from software at the point of sale.
“It’s going to require us in the acquiring community to continue to be smarter to stay ahead of these trends,” said Callis, who added that “compliance and PCI-compliant secure platforms are table stakes and paramount in what we do.”
Drilling down a bit into specific security considerations, Callis said the payments industry, at the point of sale, must see “more secure methods and secure ways to transact payments at that the point of sale.”
By way of example, he said that biometrics – among the buzziest of topics in the past several years – with the iPhone will spur stakeholders to consider how to tie transactions and card purchases to a person’s physicality, whether it’s via a thumbprint or an eye scan.
When talking about the difference between fully integrated payments and semi-integrated payments, the conversation focuses on “where does the payments application live and where is the driver of the payments transaction taking place – is it within the terminal, or is it within the actual point of sale system? And does that point of sale system ever touch the card data?” These questions, Callis said, define whether the processing solution being deployed is fully or semi-integrated.
“In either case, it should be run across a PCI-compliant secure transmission protocol,” said Callis. “It’s just a matter of where that transaction is being initiated and whether or not it’s being transmitted to the acquiring network, via the point of sale system or the actual terminal device.”
If a transaction comes through the terminal device, he said, “typically you’ll see a semi-integrated terminal solution in support of more of the cloud-based software applications. That software application is ‘pinging’ that semi-integrated terminal to say ‘wake up, there’s a purchase or a refund taking place and here’s the amount.’ That wakes the terminal up, then the terminal initiates the transaction requirements for the cardholder to get their card – enter a PIN or swipe, whatever the case may be – and then, that terminal has the connectivity and can initiate the transaction to the merchant acquirer.”
The fully integrated terminal, he told PYMNTS, is one where the POS software owns and controls the entire transaction experience, including EMV card brand certification.
If the transaction passes through the point of sale system, that brings the software development company into full PCI compliance efforts and conducting the full Level 3 EMV card brand certification.
“It’s a heavier lift, but it also gives them greater control over the payment experience while keeping them in full scope of PCI, whereas if it’s a semi-integrated basis,” he continued, “then it “typically reduces the PCI liability scope.”
He said the industry is seeing much greater adoption in the semi-integrated environment because more POS applications are coming out on a trial basis. And, in addition, the prospect of lighter integration efforts proves attractive.
Callis told PYMNTS that some software development companies have said they want to focus simply on improving features and functionalities for point of sale software. Reliance on third parties, of course, boosts the costs of the transaction. Conversely, certification with fully integrated systems requires time and money, as well, when new certification cycles arise.