Integrated Credit/Debit Card with Fusion
There have been a lot of questions regarding PCI and EMV compliance with the new standards coming down on October 1, 2015. In preparation for that we have provided an overview of what you can expect.
What is happening with PC Charge and/or PayWare PC?
Both VeriFone products are in the process of being phased out. As of October 2015 you will no longer be able to purchase those products and support for those products will end on October 1, 2016. It is time for all customers running these applications to start looking elsewhere.
In this document you will hear reference to several terms, including merchant, processor and gateway.
Processor: A payment processor is a company (often a third party) appointed by a merchant to handle transactions from various channels such as credit cards and debit cards for merchant acquiring banks.
Front-end processors have connections to various card associations and supply authorization and settlement services to the merchant banks’ merchants. Back-end processors accept settlements from front-end processors and, via The Federal Reserve Bank for example, move the money from the issuing bank to the merchant bank.
Merchant: A merchant account is a type of bank account that allows businesses to accept payments by payment cards, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement.
Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations.
Payment Gateway: Payment Gateways are softwares and servers that transmit Transaction information to Acquiring Banks and responses from Issuing Banks (such as whether a transaction is approved or declined). Essentially, Payment Gateways facilitate communication within banks.
Security is an integral component of all payment gateways, as sensitive data such as Credit Card Numbers need to be protected from any fraudulent parties. The card associations have created a set of rules and security standards which must be followed by anyone with access to card information, including gateways. This set of rules and security standards is called the Payment Card Industry Data Security Standard (PCI-DSS or PCI).
What are my options moving forward?
FusionPOS uses two different gateways to communicate to the processor, Authorize.net and PayGuardian.
Option 1: Authorize.net
The Authorize.net integration allows integrated credit card processing only. If you are using PC Charge you probably have a small credit card reader attached to a monitor or a Cherry Keyboard. Authorize.net is for customers who do not need debit card and/or pin pad support.
How do I get an Authorize.net Account?
There are three ways you can obtain an Authorize.net account. You can reach out to Authorize.net directly at 877-447-3938, you can contact a local Authorize.net account vendor or you can call our partner Advanced Bancard:
In order to give you your pricing please be prepared to have 2-3 months of statements available. Link to Authorized Resellers of Authorize.net: https://www.authorize.net/solutions/merchantsolutions/resellerdirectory/
How much does Authorize.net cost?
Rates will vary depending on the number of registers you have and how many transactions you process per month. There are two key components in pricing for ANET, the first is a terminal access fee which is a monthly charge and should be around $10/month per register. The second are the gateway fees. ANET is your gateway to your processor and there will be a per transaction charge.
Link to Authorize.net Pricing: https://www.authorize.net/solutions/merchantsolutions/pricing/
Or you can call them at 877-447-3938.
What processors does ANET support?
Below is a list of supported processors. If you do not see your processor on this list you will need to contact ANET at 877-447-3938.
- TSYS / Vital / VisaNet
- Elavon / Nova
- First Data (Nashville / FDCN / FDMS / Envoy)
- First Data Omaha (FDCO / FDR-First Data Resources)
- Global Payments (GPS / GPN / NDC)
- RBS Lynk / Lynk Systems
- Concord EFS
How long does it take to get an Authorize.net Account?
That will vary, but you can typically move to ANET within 5-7 business days.
What hardware is required?
Since ANET does not support anything other than credit card swipes, any usb credit card reader or cherry keyboard should work.
How do I get a new CC swiper or Cherry Keyboard?
You can visit www.fusionrms.com/hardware for more information on supported retail hardware.
Option 2: PayGuardian from BridgePay
The option of Pay Guardian gives you the full solution suite of EMV. PayGuardian offers integrators and merchants an out of scope PA-DSS solution while adding the important EMV component. PayGuardian was built to provide all-in-one light weight, highly secure client application that integrates into the transaction process of the point of sale. PayGuardian handles the collection and transmission of sensitive payment information, thus offloading the certification responsibility from merchants and integrators.
The chips in credit cards provide different levels of security. Of the 3 listed below, the higher the number the lower the rate to process. Users of PayGuardian will be able to process the following types of transactions:
- No CVM: Certain cards (typically outside of the United States) do not require a pin or signature. With a “No CVM” transaction you will typically insert the card for the entire process.
- Signature: Most cards in the US follow this format where a card is inserted and a signature is completed while the card is inserted.
- Offline Pin: This is the highest level of security supported by PayGuardian and it allows for the entering of a pin number while the card is inserted into the machine.
What types of transactions does PayGuardian Support?
While the most common types of transactions are credit and debit cards, your hardware may support additional options including:
- Credit card processing
- Debit card processing
- Chip/Pin processing
- Chip/Signature processing
- Google and Apply Pay
Please note that there are limitations to these transaction types based on the hardware you purchase.
With the new EMV devices , many will work in conjunction with your PayGuardian software. Initially, Fusion has chosen to support the three models from Ingenico listed below:
- ISC 250: Average price with options will range from $500-700 and include signature capture.
- IPP 350: Average price with options will range from $350-500 and includes pin pad only.
- IPP 320: Average price with options will range from $300-450 and includes pin pad only.
Please contact Fusion to confirm model numbers before final purchase. Please note, Fusion does not sell hardware.
All hardware must be injected with the processor you are going to be using. You will need to know the name of the processor prior to placing an order. There may be additional fees for injections.
How do I get a PayGuardian Account?
You can reach out to PayGuardian directly or you can call our partner Advanced Bancard:
In order to give you your pricing please be prepared to have 2-3 months of statements available.
How much does PayGuardian cost?
Like Authorize.net, PayGuardian is based on a per machine, per transaction fee. The terminal access fee, which is a monthly charge per machine, should be around 10/month per register. The terminal access fee which is a monthly charge per machine should be around $10/month per register. The second are the gateway fees. Pay Guardian is your gateway to your processor and there will be a per transaction charge.
Visit http://bridgepaynetwork.com/payguardian.html for more information or you can call them at 877-447-3938.
What processors does Bridgepay/PayGuardian support?
- First Data Omaha
What is the deadline for moving?
Below is a detailed chart for Dates and Compliance.
Will I still have to sign or enter a PIN for my card transaction?
Yes and no. You will have to do one of those verification methods, but it depends on the verification method tied to your EMV card, not if your card is debit or credit. Chip-and-PIN cards operate just like the checking-account debit card you have been using for years.
Entering a PIN connects the payment terminal to the payment processor for real-time transaction verification and approval. However, many payment processors are not equipped with the technology needed to handle EMV chip-and-PIN credit transactions. So it is not likely you will have to memorize new PINs anytime soon.
If fraud occurs after EMV cards are issued, who will be liable for the costs?
Today, if an in-store transaction is conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor or issuing bank, depending on the card’s terms and conditions.
After an Oct. 1, 2015, deadline created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction.
Consider the example of a financial institution that issues a chip card used at a merchant that has not changed its system to accept chip technology. This allows a counterfeit card to be successfully used and the cost of the fraud will fall back on the merchant.
On Oct. 1, 2015, will the transition to EMV technology will be complete?
No. It is estimated that by the end of 2015, only 70 percent of credit cards and 41 percent of debit cards in the U.S. –1.1 billion cards total — will support EMV.
If I want to use my chip-card at a retailer that doesn’t support EMV technology yet, will it work?
Yes. The first round of EMV cards — many of which are already in consumers’ hands — will be equipped with both chip and magnetic-stripe functions so consumer spending is not disrupted and merchants can adjust. If chip-card readers are not in place at a merchant at all, your EMV card can be read with a swipe, just like a traditional magnetic-stripe card.
Will I be PCI Compliant?
While the Authorize.net and Pay Guardian applications are PCI compliant, you will still want to confirm with your IT department as to the level of compliance of the company. PCI compliance covers much more than secure credit card processing software. For more information on PCI compliance please visit: https://www.pcisecuritystandards.org/ for more information.
Why are EMV credit and debit cards and EMV payment transactions secure?
EMV cards store payment information in a secure chip rather than on a magnetic stripe and the personalization of EMV cards is done using issuer-specific keys. Unlike a magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that can be used to conduct an EMV payment transaction successfully.
How does card authentication work with EMV?
Card authentication protects the payment system against counterfeit cards. Card authentication methods are defined in the EMV specifications and the associated payment brand chip specifications. Card authentication can take place online with the issuer authenticating the transaction using a dynamic cryptogram, offline with the card and terminal performing static or dynamic data authentication, or both.
How do EMV chip and PCI DSS work together?
EMV chip has strong security features that have been proven to reduce counterfeit card fraud at card-present retail environments. The PCI Data Security Standard (PCI DSS) provides other complementary levels of security necessary when the cardholder information reaches the merchant’s system. The PCI DSS contains 12 key technical and operational requirements. Rather than focusing on a specific category of fraud, the PCI DSS seeks to protect cardholder and sensitive authentication data anywhere this data is present within the payment eco-system, thus limiting the availability of this data to fraudsters. When used together, EMV chip and PCI DSS can reduce fraud and enhance the security of the payments ecosystem.
Where I can learn more about EMV?
The EMV Connection website (http://www.emv-connection.com) provides Alliance resources, industry resources, and recent articles and news on the topic. EMVCo also provides many resources on its website (https://www.emvco.com).