Make PCI Compliance Out of Scope
Updated 12/16/13 – Looking for that “PCI out-of-scope” solution your assessor says you need? We can help. We help the IT department of multi-lane, multi-location retail merchants securely integrate new multimedia payment terminals with their preferred payment processor either direct from the terminal or via secure gateway proxy. We do payment terminal application development for Verifone, Hypercom, and Equinox. After what happened to Target, it is prudent to revisit your payment card security strategy and speak with an experienced payment consultant. Now is the time to upgrade those multimedia credit card terminals you have been considering for the last couple years.
PCI standards now v3.0 require hardware encryption. However, the best method for merchants to be safe from a payment card breach is to never even see the payment data in their POS system; especially in PC-based POS systems. With direct integration from the card reader to your processor using 2048-bit SSL encryption, we can make PCI compliance fully out of scope and just post back transaction authentication details to your POS via IP-based API for LAN-connected terminals. Further, with a nice color screen, you can feature multimedia advertising and electronic signature capture (which is great for fighting chargebacks).
Traditionally, only very large retail merchants have been able to implement point-of-sale (POS) systems with interactive payment terminals and cloud management. Now this technology is available and affordable to all high volume independent retail merchants. We have experience with Microsoft Point of Sale Software and Dynamics RMS (Retail Management System) and many other popular POS systems that allow for 3rd party development.
Easy-to-use, interactive Multimedia Consumer-Facing Payment Terminals like the Verifone MX series terminals with “PCI out of scope” is the only way to go in the PCI 3.0 world for Level 1 or 2 retail merchants.
Example Scope of Work
Scope requires the development of software to integrate the Verifone Mx line of multi-lane payment terminals (Mx900 series) to client POS software utilizing a modular design where the current POS software makes IP-based API calls to the Mx Series terminal to control multimedia display and pass transaction details such as amount confirmation prompt, card swipe prompting, AVS promts, PINpad promts, and other variables. Benefit is LAN and WAN cloud management control of multimedia animations and non-secured transaction details via a familiar IP interface API.
1) Detailed project definition, screen by screen flow, requirements document
2) MX UI Implementation
3) MX Payment Messaging Implementation & Processor Certification
4) MX Signature Capture Integration
5) End to End Integration and Test
6) Project Management
Experience with TSYS, Global, First Data Omaha, and Vantiv front ends.
Prineta has proven experience and expertise designing and implementing applications and solutions for a variety of transaction processing platforms; including being proficient in developing software for the Verifone Mx Services terminals.
PCI Certification Required for Custom Development?
From our experience, security and PCI compliance assessors like FishNet Security do not require PAD-DSS certification for custom developed payment software that will not be resold as long as the implementation information (diagram, APIs, software source code, etc) can be provided for review and approval prior to deployment.