In an increasingly complex payment environment, many merchants are seeking a more flexible approach to help streamline their payment process, enhance payment security and manage PCI scope. This is where a semi-integrated payment environment comes into the picture.
To understand how a semi-integrated approach to payments can help merchants, we must understand the differences between that and a fully-integrated payment environment.
The Fully Integrated vs. Semi-Integrated Environment
In the traditional fully integrated payment environment, the amount due is generated by the electronic cash register (ECR) and sent to the POS terminal where the card holder is prompted to use their credit card. Once it is swiped or inserted, card data travels through all of the elements: the POS terminal, the ECR, the merchant’s back office infrastructure and then to the transaction processor for authorization. The processor then sends the authorization response to the ECR to complete the transaction.
A semi-integrated payment environment is composed of the same elements as a fully integrated payment environment, however, the communication between these elements is limited to the payment terminal and the ECR system with only non-sensitive commands. With semi-integrated, once the card holder swipes or inserts their card, the credit card data travels directly from the smart POS terminal to the transaction processor for payment authorization. The response from the processor is sent directly to the smart terminal, which then forwards the confirmation to the ECR for the completed sale.
In this payment environment, sensitive card data never comes in contact with the ECR or the merchant’s back office infrastructure, strengthening payment security and reducing the PCI scope on these systems. As a result, if cybercriminals do manage to breach these elements, they won’t find any sensitive credit card information in them.
Benefits of a Semi-Integrated Environment
A semi-integrated payment environment can bring many benefits to merchants. Here are a few reasons to adopt this new architecture:
1. Strengthens Payment Security: Restricts cardholder data to the POS terminal
With a semi-integrated payment solution, merchants can reduce their vulnerability to data breaches by keeping sensitive card data out of their ECR and Merchant Back Office. A typical semi-integrated solution is also compatible with payment security technologies such as point-to-point encryption (P2PE), thus providing additional security measures for merchants.
2. Reduced PCI Audit Scope: Saves valuable time and money
By keeping the ECR and the back office systems out of the transaction flow, semi-integrated payment solutions reduce PCI scope. For many merchants, this can result in huge cost savings and help increase the chances of a successful PCI audit. They also save time because the PCI audit will take less time with a semi-integrated solution as compared to a fully integrated environment.
3. Complete Control: Separates the ECR from payment
As payment technology moves forward, today’s merchants need to be more agile and capable of responding to changing customer demands. A semi-integrated solution separates the merchant’s systems from the payment process, which allows them to be better prepared to adapt to changes to their electronic cash register without affecting their PCI compliance or security.
Benefits for Other Stakeholders
While a move to a semi-integrated architecture has a number of benefits for merchants, there is a series of similar benefits for the other stakeholders in the payments ecosystem:
- Processors can speed up the certification process by certifying a semi-integrated solution and offering it to ISVs and VARs
- ISVs & VARs can leverage the processor’s pre-certified solutions to save time and take their applications out of PCI PA-DSS scope by removing sensitive PCI data from their domain
- Gateway providers can develop their own semi-integrated solutions that operate through their service and provide merchants with flexibility by handling the difficult part of certifying to a variety of processors
- Integrators can simplify their terminal integration by concentrating on the payment acceptance device and not worrying about other elements of the infrastructure
Given these benefits, it’s not surprising that many merchants have chosen the semi-integrated approach when upgrading their payment solutions for stronger security. It provides an easy path for merchants to streamline the payment process while reducing PCI scope. They also save time and money as well as future-proof their payment infrastructure for what may come next.
To learn more about the latest semi-integrated payment solutions, please visit our solutions page.
Steven Bowles is the Regional Security Officer & Director of Security Solutions at Ingenico Group, North America