Thank you for Subscribing to Apac CIO Outlook Weekly Brief
Editor's Pick (1 - 4 of 8)
Semi-Integration Goes to the Cloud and Grows Up
By Jeff Zimmerman, COO, Clearent
With full integration, POS providers own and maintain their entire payment system. Encrypted card holders and transactional data remain on their systems and must be sent for processing through their internet connection. Building, maintaining, upgrading, and certifying a fully integrated, compliant system becomes cost- and time-prohibitive for small and large ISVs alike.According to a 2017 report by the National Retail Federation and Forrester Research, almost 60 percent of merchants that installed EMV equipment were unable to use it: They were waiting for system certification. The majority of merchants had been waiting six months or more. Semi-Integration: A Semi-Solution A solution to the EMV compliance problem appeared in the form of semi-integration, in which sensitive cardholder data is encrypted and sent directly to the payment gateway, while nonsensitive information goes to the POS and the back office. Ultimately, this made it easier for developers and retailers by moving EMV and PCI compliance out of scope for software applications, eliminating the need for the EMV and PCI certification processes. Semi-integrated solutions also offer ISVs additional security features, such as point-to-point encryption (P2PE) and tokenization, which encrypt card data in flight and at rest, making the information worthless in the event of a data breach. Semi-integration was a great quick fix, but it still had its problems. When you semi-integrate, you must integrate to every payment device brand for card-present payments, plus the gateway for card-not-present transactions. There is not just one connection point. With more things to integrate, the infrastructure becomes more complex. Then, when a merchant has a problem with a payment, for example, it will turn to its POS provider, and that provider may not be able to figure out where the problem is due to the complexity of the setup. There is an added layer of difficulty because the device must send information to and from the gateway as well as to and from the POS. Most significantly, as PCI compliance requirements continue to change, upgrades prove to be expensive and time-consuming, meaning the merchant’s payment solution is not future-proof. The Future Is Here: Semi-Integrations Have Grown Up and Gone to the Cloud Leveraging the benefits of semi-integration happens when things move to the cloud. Cloud integrations require only one connection to a payment gateway. That single connection seamlessly manages the integration with multiple payment devices and card-not-present transactions. The integration becomes a service with fewer dependencies; it simply requires merchants to have a working internet connection because the software application codes to a gateway application programming interface. This makes it a better experience for merchants and ISVs alike for the following reasons: • If there’s a problem with a payment, the merchant simply has to connect with the payment provider. • The POS provider enjoys easier integration to a gateway, with no worries about having to update or change (especially if there are PCI modifications), thus making the solution future-proof. • POS providers get to spend more time focusing on their software solution rather than on payments. • Support is improved due to a simplified infrastructure. This demands less time and labor in locating the problem and providing a better experience for the support team. • Updates are easier to manage, resulting in less manual work for the end-user. • Most significantly, multiple device brands can be managed through a single integration. By moving semi-integration to the cloud, the entire ecosystem of in-person retail payments matures to a point in which security and speed meet proactive, intelligent maintenance as well as simplicity and scalability. That’s where the future is: the cloud. It’s the place where semi-integration can fully mature.
It’s not just about accepting payments; it’s also about tracking inventory, scheduling appointments, and logging staff hours