An Introduction for Developers
Developers working on behalf of merchants or Independent Software Vendors (ISVs) have nearly limitless options when it comes to adding payments to software applications. With semi-integrated solutions, developers and merchants can reduce the scope of PCI compliance, save months integrating and certifying, and increase security for customers when compared to a fully integrated solution. In today’s fast-paced world, a semi-integrated solution may deliver the perfect payments architecture for your application.
Semi-Integrated Payments Architecture
There is one fundamental difference between traditional integrated payments architecture and semi-integrated architecture. In semi-integrated solutions, the terminal communicates sensitive card information directly to the payment gateway or processor, keeping that sensitive data separate from the point-of-sale (POS) system. This is critical for developers because it shifts the majority of the burden of PCI compliance away from POS application being developed to the payment gateway provider.
Semi-Integrated Transaction Flow Detail
In a semi-integrated solution, the POS application initiates the transaction and prompts the card holder to insert, tap, or swipe the card. The credit card information is encrypted and sent directly from the payments terminal to the payment gateway or processor, and on to the acquiring bank for payment authorization. The authorization approval or denial is then sent directly back through the processor to the terminal, which forwards a non-sensitive response to the POS, masking sensitive card data and personally identifiable information (PII). This response includes data such as the approval code, the truncated card number, and depending on the configuration, a tokenization of the transaction.
Understanding this transaction flow is important to developers because it keeps their applications, which become part of the POS software, out of the flow of sensitive card data. This further benefits developers and merchants because deploying this architectural pattern means they do not have to go through full EMV certification. Instead, stakeholders can leverage pre-certified products.
Developers looking for code samples and integration guides for pre-certified devices can use the Payments Hub Developer Portal and review the documentation on the Ingenico and PAX Semi-Integrated Solutions. A benefit of the Ingenico Semi-Integrated Solution is that it allows developers to code once and then work with the entire line of Ingenico Tetra devices, including the Desk 3500 and the Lane 5000, without having to make code changes for each device. The PAX Semi-Integrated Solution provides partners with the latest smart terminals from the PAX A-Series and E-Series.
Integrated Payments Architecture
An integrated payments system has the same components as a semi-integrated solution, but–as the name implies–the components are integrated together. Specifically, the payments application that manages the transaction is integrated into the POS system. This fully integrated payments software processes the payment, manages inventory, and is often combined with other business functions including the accounting and CRM systems. In this architectural model, card data travels through the POS, to the payment processor, and on to the bank for payment authorization. Because of this key difference, the POS is in-scope for PCI Compliance and must comply with PCI DSS (Data Security Standards).
From a developer’s perspective, integrated solutions can pose significant security risks. The POS software that development teams create is vulnerable to malware that hackers leverage to attempt to steal credit card information. Additionally, the entire system that developers work on is within PCI scope. This means the application needs to go through EMV certification, requiring more developer effort, time, and regulatory review in order to be fully PCI compliant. Finally, any changes to the POS application require EMV recertification, which introduces additional compliance and regulatory factors. Semi-integrated solutions remove that burden for developers.
Developers are increasingly becoming technology decision-makers on behalf of ISVs and merchants. For developers, leveraging semi-integrated solutions requires less programming, reduces PCI burden, and offers increased security compared to fully integrated solutions.
Visit the Payments Hub Developer Portal to learn more about semi-integrated solutions, view code samples, and read integration guides.
This article was originally published on developer.paymenthub.com.