bankingciooutlook

Semi-Integration Goes to the Cloud and Grows Up

By Jeff Zimmerman, COO, Clearent

Jeff Zimmerman, COO, Clearent

By now, every retailer should be aware of how influential a quick and efficient point-of-sale (POS) transaction is on its customers’ shopping experience. But retailers may not be aware of just how critical it is to move their semi-integrations (ones that are compliant with the payment card industry’s EMV standards) to the cloud. This is critical because it continues delivering top-notch satisfaction in the most cost-efficient way.

“It’s not just about accepting payments; it’s also about tracking inventory, scheduling appointments, and logging staff hours”

And for context, EMV—short for Europay, Mastercard, and Visa—is the acronym that represents the technology behind those little square chips on your credit cards.

The View from the Retail Floor

Given the variety of online shopping options available, a customer’s motivation to visit a physical store has less to do with price and more to do with the positive emotional and physical effects the store delivers. This includes tangible elements like layout, lighting, selection, and attentive sales associates. Then it moves right to the transaction. The checkout process must never be perceived as a tedious retail formality— it is as much a valuable part of the shopping event as anything else.

A smooth, secure payment forms part of a chain of activities a retail enterprise must perform repeatedly. It’s not just about accepting payments; it’s also about tracking inventory, scheduling appointments, and logging staff hours. This is the essence of the retail business. It becomes much easier when this is done within one software solution, which is why merchants turn to independent software vendors (ISVs) to develop and deploy POS and business management software.

But deployment of software is not a one-off. Commerce is an evolving business, and all the elements that support it—including speed, reliability, and security— continue to push new boundaries.

EMV and the Liability Shift

One highly significant boundary change happened soon after EMV (or chip cards) became the global standard for secure POS transactions, replacing magnetic stripe cards. In October 2015, to push the adoption of this new and more secure technology, liability for fraudulent in-person card transactions moved from banks to retailers. This was particularly urgent in the United States, one of the few countries that still allowed magnetic “swipe” cards. The statistics spoke for themselves. According to CardHub, “Nearly half of all credit card fraud occurs in the United States, even though only 25 percent of transactions take place here.”

The so-called “liability shift” forced business owners and software vendors to scramble. ISVs had to quickly become EMV-certified to make the technology available to their customers. The challenge was (and still is) that full integration is costly. With full integration, POS providers own and maintain their entire payment system. Encrypted card holders and transactional data remain on their systems and must be sent for processing through their internet connection. Building, maintaining, upgrading, and certifying a fully integrated, compliant system becomes cost- and time-prohibitive for small and large ISVs alike.

According to a 2017 report by the National Retail Federation and Forrester Research, almost 60 percent of merchants that installed EMV equipment were unable to use it: They were waiting for system certification. The majority of merchants had been waiting six months or more.

Semi-Integration: A Semi- Solution

A solution to the EMV compliance problem appeared in the form of semi-integration, in which sensitive cardholder data is encrypted and sent directly to the payment gateway, while nonsensitive information goes to the POS and the back office. Ultimately, this made it easier for developers and retailers by moving EMV and PCI compliance out of scope for software applications, eliminating the need for the EMV and PCI certification processes. Semi-integrated solutions also offer ISVs additional security features such as point-to-point encryption (P2PE) and tokenization, which encrypt card data in flight and at rest, making the information worthless in the event of a data breach.

Semi-integration was a great quick fix, but it still had its problems. When you semi-integrate, you must integrate to every payment device brand for card-present payments, plus the gateway for card-not-present transactions. There is not just one connection point. With more things to integrate, the infrastructure becomes more complex. Then, when a merchant has a problem with a payment, for example, it will turn to its POS provider, and that provider may not be able to figure out where the problem is due to the complexity of the setup.

There is an added layer of difficulty because the device must send information to and from the gateway as well as to and from the POS. Most significantly, as PCI compliance requirements continue to change, upgrades prove to be expensive and time-consuming, meaning the merchant’s payment solution is not future-proof.

The Future Is Here: Semi- Integrations Have Grown Up and Gone to the Cloud

Leveraging the benefits of semi-integration happens when things move to the cloud. Cloud integrations require only one connection to a payment gateway. That single connection seamlessly manages the integration with multiple payment devices and card-not-present transactions. The integration becomes a service with fewer dependencies; it simply requires merchants to have a working internet connection because the software application codes to a gateway application programming interface. This makes it a better experience for merchants and ISVs alike for the following reasons:

If there’s a problem with a payment, the merchant simply has to connect with the payment provider.

The POS provider enjoys easier integration to a gateway, with no worries about having to update or change (especially if there are PCI modifications) thus making the solution future-proof.

POS providers get to spend more time focusing on their software solution rather than on payments.

Support is improved due to a simplified infrastructure. This demands less time and labor in locating the problem and providing a better experience for the support team.

Updates are easier to manage, resulting in less manual work for the end-user.

Most significantly, multiple device brands can be managed through a single integration.

By moving semi-integration to the cloud, the entire ecosystem of in-person retail payments matures to a point in which security and speed meet proactive, intelligent maintenance as well as simplicity and scalability. That’s where the future is: the cloud. It’s the place where semi-integration can fully mature.

New Editions