Skip navigation
All Places > News > Blog > Author: Worldpay Developer Community Support Team

NETePay 5.07 is now standard

Worldpay Integrated Payments will begin to deploy Datacap Systems, Inc.,  In-Store NETePay version 5.07.30 as the default standard for all new deployments starting August 29, 2018. This 5.07.30 version is versatile, feature-rich and, most importantly designed to be backwards compatible to previously enabled merchant deployment parameters.

 

With this latest In-Store NETePay, Datacap has evolved their best-in-class technology for future generations of POS developers, resellers and merchants.  Worldpay is pleased to partner with Datacap in bringing their trusted solution into a new era. The 5.07 NETePay is primed with new features and functionality.

 

Features 

  • 5.07.30 includes an automatic update component called the Director 5, which eliminates the need for any further DeploymentIDs.
  • Backward compatible to previous enabled merchant deployment parameters
  • PA-DSS Validated
  • EMV Debit supported on Ingenico and Equinox pads (more pending)
  • Store & Forward*
  • EWIC*
  • QuickChip for supported Ingenico and Equinox pads (more pending)

*requires integration changes

 

Important Support notice

 

Starting August 29, 2018 Worldpay Integrated Payments will default to generating PSCS staging files registered under NETePay 5.07.30. DeploymentIDs generated with the 5.07.30 will NOT be compatible with older NETePay version, so it is important not to mix the older DeploymentIDs with this newer application component.  Application version and DeploymentID version must be in sync!

 

POS Developers: Although this NETePay is backwards compatible, we want you to let us know when you are ready!  Many of you have already contacted us about your systems compatibility with a NETePay upgrade.  The previous 5.06.11 will still be made available if required. Our integration and support teams can assist with making sure you have the right NETePay version that meets your business needs. 

 

Installers:  You will need to update the In-Store NETePay running on the local POS and in any distributed installers or zip-drives. If this newest version of NETePay cannot be supported at the time of the merchant installation, contact Worldpay customer support and request an older version of NETePay be used when generating DeploymentIDs in the PSCS stage file creation.

      

 

For new or existing Worldpay IP developers, our integration team specializes in the Datacap interfaces and additional details about how to integrate the dsiEMVUS solution are located in the quick start guide.

 

For more information

For additional information or technical assistance on Datacap’s payment interfaces, contact us today

How to Migrate to TLS 1.2

Who doesn't love a good, rich security protocol, you may ask?  You love them because they keep your networks safe; cybersecurity hackers love them because they can be back doors into exploiting your network!  So, yes, there is this constant tension or rivalry between the levels of secure communication your system is capable of managing and the potential threats to that network—and it takes a constant diligence to stay ahead of the crooks!  Sometimes this is as easy as replacing your old card readers with more advanced point-to-point encryption readers; sometimes the changes required to update security settings may need to go a little deeper.  At Worldpay, card data security and maintaining the network communication security of our merchants is a top priority that goes beyond being good business partners!

 

Cybersecurity affects and impacts all of us in the payments industry—so we feel it is important for us to share what we know so you can also protect your customers and your business.  We realize that understanding and implementing such things as encryption protocols and secure cipher suites can be complex, so we are here to help. This blog series will explore the potential impacts and solutions available to our partners and merchants and is intended to underscore that we all go through this together, with each new security mandate and each new cyber threat!  So who doesn't love a good, rich, security protocol?

 

Payment Card Industry Security Standards Council TLS 1.2 Changeover: out with the old in with the new!

 

The next big update being required in security is moving internet communication traffic to secure implementations of Transport Socket Layer (TLS) 1.1 and if possible to TLS 1.2—the new gold standard of internet protocols.  Currently, Vantiv supports TLS 1.2 on every processing interface. At this point, TLS 1.2 lives side by side with other currently allowable ciphers, so it is possible to communicate with a "weaker" cipher and still process.

 

In the near future, these other ciphers will no longer be supported and we will be required to disable them.  It is our goal to enable you with the tools and education necessary for an easy, hassle free TLS 1.2 migration. The sooner you get started, the easier things will be for you to make the change, because if delayed, the potential for lost revenue increases.

 

how-to-migrate-to-tls-1.2

 

Below are 5 tips to help guide you through the TLS 1.0 migration on MercuryPay and Express Interfaces.

 

1. What change will the Payment Card Industry Security Standards Council (PCI SSC) require?

July 1, 2018, an encryption method called TLS 1.0 will no longer be approved by the Payment Card Industry (PCI). Anyone transmitting electronic transactions over the Internet must update to a newer version of TLS before that day, or the the potential for processing interruptions is increased.

 

2. How will Vantiv Integrated Payment’s changes impact my business and my merchants?

Worldpay will continue to provide messaging to partners for MercuryPay and Express interfaces to confirm dates of impact. 

 

Developers integrating or testing their existing solutions in our certification (CERT) environments on MercuryPay and Express should consider modifying their applications to support TLS 1.2 as soon as possible. We have updated our MercuryPay and Express certification (CERT) interfaces to only support TLS 1.2. 

 

For more information about how to test support for TLS 1.2 in our certification environment see question 4.

 

3. What happens if a merchant does not update to a newer version?

Merchants and partners who do not update their systems to TLS 1.2, before July 1, 2018, may be at greater risk to processing interruptions.

 

If this changeover is not implemented well before the deadline the impact to lost revenue could be detrimental, because it will be difficult for them to quickly determine why and where exactly their processing capabilities failed. Assume a merchant will have to call everyone involved in their payments chain, starting with their Reseller, POS provider and processor (multiple if gatewayed).

 

4. How do POS companies confirm their software is compatible with newer versions of TLS?

Two ways:

  • To determine what ciphers and protocol you have implemented, go to https://www.ssllabs.com/ and test your browser.  There is no need to wait, confirm that with only TLS 1.2 in place you can still communicate to our CERT environment.
  • On March 5th 2018 the MercuryPay certification platform was updated to support only TLS 1.2 protocol. 
  • On April 2, 2018 the Express certification was updated to support only TLS 1.2 protocol.

 

5. How do I contact Vantiv Integrated Payments for support?

Leave a comment or ask a question.

Questions about product roll out dates

  • Partners should contact their Channel Manager regarding details about production server changes

Technical support questions

  • Partners requiring technical help to confirm or clarify changes that need to be made to their applications or merchant environments can contact Developer Integrations 
  • To determine what ciphers and protocol you have implemented, go to https://www.ssllabs.com/ and test your browser.

 

Additional Resources

Summary

Per PCI 2018 requirements, processing servers are being required to remove encryption protocol ciphers no longer considered safe which include TLS v1.0 and v1.1. These two protocols must be retired by June 30, 2018. It is important for ISVs, Resellers and merchants to begin preparations for this critical security deadline.

 

If the POS system's encryption protocol is not updated to TLS v1.2 before the production dates listed below, merchants will be unable to process transactions.

 

 

Important MercuryPay TLS 1.2 Migration Dates

Please note:  To our partners and merchants on Datacap Systems' solutions, you are not impacted by this TLS upgrade! Datacap uses a proprietary encryption protocol to protect MercuryPay merchants. 

 

On Monday March 5, 2018 MercuryPay CERT environments (designated in the DNS/URL as "mercurycert.net") were updated to enable TLS v1.2 only. 

 

MercuryPay PRODUCTION environments removal of TLS 1.0 and 1.1 release dates:

Phase

Platform

Date to upgrade

1.

Virtual Terminal

 Wed, June 6

Blackline

2.

Hosted Checkout

Wed, June 13

Vital

Microsoft RMS

3.

Web Services

Wed June 20

4.

Micros

June 27

  • x1.mercurypay.com - no action necessaryFor more information about Datacap System's technology please refer to their site.

 

It is important that partner and integrators continue to test in our MercuryPay CERT environment in preparation for the TLS 1.2 mandate

 

Important Express TLS 1.2 Migration Dates

In support of the removal of TLS 1.0 and 1.1 from the Express Cert and Production environments, and depending on the triPOS version installed, triPOS Direct integrators and merchants may need to make adjustments to the PC where triPOS is installed.

 

Express CERT removal of TLS 1.0 and 1.1- April 2, 2018

Express CERT Platform URL's:

 

Express PRODUCTION removal of TLS 1.0 and 1.1 June 27, 2018

It is important that partner and integrators continue to test in our Express CERT environment in preparation for the TLS 1.2 mandate.

 

Express PRODUCTION Platform URL's:

 

After TLS 1.0 and 1.1 support is disabled in Express Production on June 27, 2018, merchants will no longer be able to process transactions on the Express platform using payment applications that continue to use the older TLS 1.0 and 1.1 protocols.

 

Important triPOS Direct TLS 1.2 Application Updates

After TLS 1.0 and 1.1 support is disabled in Express Production, merchants will no longer be able to process live transactions using triPOS implementations that don't support TLS 1.2. 

 

The following options are available to force triPOS Direct to utilize TLS 1.2 when communicating with the Express payment platform.

 

OptiontriPOS Direct VersionDescription/Instructions
#15.14.2 or higher

Install triPOS Direct 5.14.2* or higher to automatically force the use of TLS 1.2 without any additional modifications.

 

*It was previous mentioned that 5.14.1 would automatically force TLS 1.2, a bug has been corrected and all integrators should upgrade to 5.14.2 or follow steps 2 or 3.

#25.14.1 or earlierUpdate Windows Registry manually to use SchUseStrongCrypto value for TLS 1.2.  See https://github.com/ElementPS/tls-upgrade for instructions.
#35.14.1 or earlier

Update Windows Registry using .reg file to use SchUseStrongCrypto value for TLS 1.2.  See https://github.com/ElementPS/tls-upgrade for instructions.

 

Product NameVersionTLS Protocol
triPOS CloudAllTLS 1.2 - no action nessary
triPOS Mobile

iOS SDK 1.1.8+

 

 

Android SDK 1.0.17

iOS 8 or lower - TLS 1.2 not supported upgrade to iOS 9+

iOS 9+ - TLS 1.2 no action necessary

 

Android OS Nougat (7.0) or later: TLS v1.2 no action necessary

Previous Versions: Not supported. Any older OS will require update

 

Questions?

Leave a comment or ask a question.

 

Questions about product roll out dates

  • Partners should contact their Channel Manager regarding details about production server changes

Technical support questions

  • Partners requiring technical help to confirm or clarify changes that need to be made to their applications or merchant environments can contact Developer Integrations
  • To determine what ciphers and protocol you have implemented, go to https://www.ssllabs.com/and test your browser.

 

 

Not long after ABBA was making musical hit history in the U.S., Terry Ziegler’s company, Datacap Systems, Inc., entered the payments scene destined to make a difference. The company initially made a splash in the Electronic Cash Registers (ECR) market and then helped power the integrated payments revolution.

 

Datacap’s business model is built on simplifying payments and enabling generations of developer and reseller communities to grow their businesses with the Datacap “formula.” This formula consists of creating an easily accessible way of translating POS language to any number of premiere processing/card brand languages and back to the POS.

 

And Datacap did all this without needing to play ABBA.  They took the chance out of payments.

 

Throughout its history, Datacap has been ahead of the curve and a true leader in the integrated payments industry. Marc and Jeff Katz, the founding brothers of Mercury Payment Systems (now Worldpay), knew this and built their company using Datacap’s technology.  Mercury innovated on the Datacap technology by bringing the localized NETePay client-server distributed software architecture into a hosted environment. The result: greatly reduced the cost and effort of installation and maintenance.

 

I suspect in the early 2000s, the Katz brothers were probably not singing ABBA's hit from an earlier era.  They removed the "Take a Chance on Me" by innovating on the solid and reliable technology of Datacap Systems.

 

A foundation for payment processing

Datacap technology was a centerpiece of Mercury's early rise in the integrated payments space and has been revolutionizing the market during the various business re-alignments in our short history of mergers and acquisitions. First, with the change in the partnership-model moving to an equity company. And later with the acquisition by Cincinnati-based Vantiv.

 

With the recent Worldpay merger, the company is entering into a new era of global reach, and the integrated payments organization is again strategically re-aligning to meet new business needs.

 

In a previous article Rapid-fire Recurring Revenue Recommendations, Jim Roddy talks about recurring revenue options ISVs and VARs should consider. The release of NETePay 5.07, is a step in the right direction to implementing new revenue streams.

 

 

As an engineering partner to the payment ecosystem, Datacap is notably instrumental and impressively responsive in turning around and delivering requested software.

 

As I hear that ABBA song in my head one more time, I suspect each processing generation begins by taking a chance on the new. Whether heritage or new TechVitality, technology is always evolving.

 

Ingenico, a major manufacturer of U.S. EMV peripheral hardware, has made improvements to their previously released Retail Base Application (RBA) in their Telium 2 line of devices. This new RBA version is 21.02. Vantiv Integrated Payments, now Worldpay and Datacap System's dsiEMVUS and dsiPDCX solutions have adopted Ingenico's latest device application, RBA v21.02. This updated RBA is for the Telium 2 line of Ingenico devices (iSC 250/480, iPP320/350, iUC 285, iWL 258, and iCMP).

 

The RBA is the internal programing of the PIN pad and enables advanced functionality and communication to Worldpay. If your POS is programmatically confirming the RBA version, this could impact your customers very soon.

 

Summary

    • Programmatic RBA Checks within the POS application can create unable to process scenarios for merchants ordering new equipment or updating to a newer RBA version in the field.

 

    • The current RBA version 18.04 will be phased out and will no longer be available for new equipment orders or replacements for Datacap solutions on MercuryPay.

 

    • RBA 21.02 provides advanced functionality to the device and is currently the latest version adopted by Vantiv Integrated Payments,  now Worldpay with Datacap dsiEMVUS and dsiPDCX.

 

    • Worldpay recommends new equipment orders and in-field replacements migrate to this new RBA version.

What’s the impact of a programmatic RBA check?

Although this practice is not common, the result can directly impact the point-of-sale application to not support a new Ingenico device or a recently updated in-field device. Thus, rendering a merchant POS application unable-to-process payment transactions. Solutions that support an RBA check will need to make modifications to their existing code in order to support any new device deployment. Acceptable changes may include, but are not limited to:

 

      • Programmatically confirm an RBA version but do not require support for specific versions
      • Remove all code that programmatically confirms / checks RBA versions, and implement a manual process to verify the RBA version during a device startup.

 

Why is it important to adopt new RBA versions?

As way to simplify PIN pad deployments for both partners and merchants, Worldpay will adopt RBA 21.02, helping to minimize mistakes during device deployments. Within Datacap’s NETePay and client architecture, this updated RBA is considered backwards compatible. EMV Card Verification Methods (CVMs) and supported transactions can be configured to meet merchant business needs.

 

Additionally, this RBA version supports the acceptance of EMV PIN Debit using the Ingenico Telium 2 series. POS applications that have not implemented a RBA check, adopting RBA 21.02 is considered a drop in replacement for previous RBA versions. There are however some check points to consider:

 

      • If your system is upgrading to EMV Debit using the Ingenico series, this RBA is required as are the latest NETePay and dsiEMVUS client controls.
      • A Datacap engineered Field Loader is available for in field updates of iSC 250 devices.
      • If your system is not upgrading to support EMV Debit, using RBA 21.02 will have no impact to your current card acceptance experience as long as your system does not run a RBA version check.

Resellers:

If you have questions about the compatibility of your application with this updated RBA 21.02 version, your POS developer should be able to confirm if they have implemented a RBA check and if you can support this RBA in Ingenico devices.

 

Developers:

If you have concerns or questions about adopting Ingenico's RBA 21.02 and for additional features this may offer your reseller and merchants, please contact your Worldpay Implementations Consultant.

Small and mid-size merchants have some big decisions to make with EMV that will have an immediate impact on their business. It is imperative that we help them get it right the first time. Simply put, EMV is not just another payment method, it is a driving demand for better security features within the POS, opening up more avenues for technology and forcing habits to be broken.

 

Security is knocking at the door

Security seems to be leading the conversations around EMV, but EMV alone does not solve the infestation of criminal activity. Sixty percent of small businesses go out of business within 6 months after a data breach, and 71% of data breaches target small business (National Cyber Security Alliance, August 2014). As a trusted partner to our merchants, we need to help close the gap in all areas around data theft. It is well known that EMV technology has been around for more than a decade, but criminals have not stopped, instead they target other vulnerabilities.

 

How we can we help you become more secure?

I will outline a proactive approach to help our customers. The first objective is to remove sensitive data from the payment application entirely. Vantiv offers both point-to-point encryption and tokenization. Enabling these features within your payment application renders data unusable from the point it is accepted to the time it rests. Next is training and not just at the merchant level, but security training awareness for merchants, Value added resellers and Point of sale developers. A simple program that reviews the basics and teaches employees what to look out for goes a long way in protecting everyone’s best interest (protecting card data). Finally, ensure checks and balances are in place. We all make mistakes, but sometimes they can be costly. Placing two or more people in charge of security helps reduce mistakes and keeps unintended or intended consequences from arising.

 

EMV...paving a path for the future

As I mentioned earlier, EMV is having a spiral effect on the industry. Most merchants are planning on updating to EMV capable solutions. But it shouldn’t stop with EMV. Payment applications need to be built for the future. The mobile frenzy has already launched, but the adoption is just starting to make its presence and enabling your payment application to support features like Apple Pay and Android Pay help drive long term success. With more adoption in the mobile market, merchants will be looking to capitalize on every opportunity. One challenge Vantiv has solved for is linking eCommerce with other channels to provide the ultimate OmniCommerce experience. According to recent Vantiv/Mercator Insight Series research, mobile devices are not only opening new channels for consumer interactions, but they are also changing the way that consumers behave in all channels.

 

Change is unavoidable

There is no doubt about it, EMV will force new habits and retire the old. Americans have become accustomed to doing things quickly, fast food restaurants, 10 minute abs, self-checkout and more. Restaurants will most likely see the greatest changes to their environment. EMV is designed to keep the card in the consumer’s hand. Integrating with Vantiv will enable payment applications to utilize tokenization to add gratuities, eliminating that awkward moment when the consumer has to add the tip in front of the server. What about bar tabs? EMV requires the consumer to confirm the amount during the authorization, eliminating a convenience we are all use to. For EMV to be gracefully accepted, we need it to be successful both at the consumer and merchant level. Providing a merchant with just an EMV solution will not work in today’s fast environment. Enabling NFC technology, Omnicommerce and tokenization are three tools that Vantiv provides creating a balance for both the consumer and merchant.

 

 

  1. https://aerissecure.com/blog/smb-data-breach-fallout/

Change isn’t always easy, and upgrading or investing in a new point-of-sale (POS) system is a big endeavor for most merchants. But doing so can open up doors to increased business as well as offer critical payment security features.

When a point-of-sale solution is paired with value added services such as integrated pay processing, it enhances a merchant’s ability to streamline daily operations. Payment integrations tend to be the most complex and time consuming piece of the process, but they don’t have to create strain on your business.

 

For any new integrated payments partnership, choosing the right processing company to meet your needs begins with asking potential partners a few simple questions: Can they work with your business model today? Do they support your platform, existing technology, etc.? Can they support the growth of your business?

 

Taking the time to research, compare and evaluate payment processing partners can make all the difference in the long run. Look for an integrated payment processing partner that offers powerful, secure solutions that are simple to integrate and backed by customer service built around integrated payments.

 

What to look for in a payment partner

The right payment partner possesses a balanced mix of passion, talent and technology to help you win. You can’t expect your credit card processor to know the intricacies of running your business, but you can expect them to know what types of payment solutions are best for your business. Some processors are large enough to have expertise in many different areas, from servicing large retail shops to healthcare providers, service industries, eCommerce merchants and more. Look for a partner that pioneered the channel focused approach to integrated payments because your best interests should be top of mind and their solutions should be tailored to your specific business type.

 

Are they a match for your technology?

Merchants increasingly do not see their business as composed of separate online and in-store channels, but rather as a continuous consumer experience bridging the web, mobile devices, and brick-and-mortar location. Many processors offer semi-integrated solutions to simplify one of your payment needs but do not offer in-store, online or offsite payments in a single integrated platform.

 

One of the most important things to keep in mind is that the “easiest” integrated payment processing companies often are “no frills.” This can be good in some instances, but in the world of payments today, it’s safe to say that frills can be very important. For example, if you are seeking an omni-commerce platform, consider whether it includes security solutions such as PCI validated point-to-point encryption.  Find out if the chip-enabled PIN pad options support multiple interfaces such as WiFi, Bluetooth or Ethernet. Does the integrated solution offering support many form factors including distributed code, mobile apps or in the cloud? If you are considering recurring payment services, find out if this is an option.

 

In many instances, these semi-integrated features are not managed by the payment solution but through separate integrations or third party service providers that require individual integration work for each. A robust technology workbench is a major consideration for any integrated payments partnership to work, and you should know if these services are available to you and at what cost.

 

What does the future hold?

Additionally, it’s important to find out if your potential payment partner offers the solutions your business needs today as well as those you will need in the future. There are many integrated payments options available, and different solutions solve for different needs. Look for a credit card processing company in which integrated payments are innate to their business model.

 

Also, the partnership shouldn’t stop at the integration. On-demand resources should be available to you throughout the partnership, such as a dedicated integration consultant with technical payments expertise, a business developer to get you started with a solid business strategy, and a relationship manager for continued market growth.

 

Customer service may be the last thing on your mind when choosing to integrate payments to your business application, but it’s important to find a reputable company with an experienced, knowledgeable and accessible support team for you and your merchants.

 

Vantiv Integrated Payments offers its own processing platform that delivers unmatched, market-ready, semi-integrated solutions in the cloud, on a PC, or via a mobile device with features such as P2P encryption, account updater, tokenization, gift processing, and a true gateway for merchant processor of choice.

While integrated payments solutions offer many obvious benefits, payment processing remains a confusing topic, for several reasons. Payment processors offer solutions that address different pieces of the payments pie, and integrate with different software solutions and services. Over the past couple of years, the point-of-sale (POS) environment used at a merchant location has seen a significant transformation. Key elements accelerating this change can be attributed to PCI security, EMV chip cards, software deployment and the consumer experience. Creating a product to incorporate all of these elements can be difficult and choosing a partner that meets your target market needs for today and into the future requires a unique integration suite designed with your goals in mind.

 

Your delivery matters

With growing advancements in cloud-based technology, Software-as-a-Service (SaaS) deployment is emerging as a best practice for companies looking for the most functionality at the lowest total cost of ownership. Even businesses currently using distributed solutions are realizing that the SaaS delivery model holds promise for lowering operating costs and reducing service maintenance stress.

 

Understanding that each POS is unique, Vantiv delivers two cloud processing, semi-integrated solutions to fit the various needs of our partners. triPOS Cloud encompasses a quick pairing process to an EMV capable PIN pad and the cloud service. TranCloud uses a pre-configured device to communicate with multiple PIN pads via the merchant’s IP Address and COM port. Like most cloud solutions, merchants can be processing in minutes, but an additional advantage of our semi-integrated solutions is that they do not require complex networking.

 

In the past, software developers rarely had to concern themselves with updating PIN pad software. However, with the introduction of EMV, updates are now necessary to ensure functionality and security. Each of our cloud solutions offer remote services to update PIN pads, simplifying the ongoing maintenance of hardware that brings little value to your solution.

 

Semi-integrated is the primer for options

Compliance is most often considered an operational burden that siphons valuable time, expertise and capital. Additionally, newer security and risk services like point-to-point encryption (P2PE) and EMV require the use of a PCI-PTS certified Secure Cryptographic Device (SCD) that must also be integrated. One of the better ways to reduce the onus of PCI and EMV compliance is by utilizing a semi-integrated (SI) POS.

 

There are many perks for both merchants and developers choosing the path of an SI solution. With an SI solution, the responsibility of integrating to device hardware shifts to the service provider. Our EMV integration suites support 15 PIN pads with multiple connection options (IP, Wireless, Bluetooth, USB, and Serial). Moreover, when choosing a solution, developers can implement hardware to meet the various merchant preferences or markets served. Vantiv Integrated Payments supports almost every merchant vertical, and our hardware enriches a variety of use cases. For instance, wireless PIN pads for pay@table or in-aisle. Or high-end PIN pads for jewelry stores or the medical field for custom screen displays for documents. As new devices become certified, the SI solution makes it easy to upgrade your arsenal.

 

Your merchants are processing in a new era– one filled with new possibilities and enabled by a generation of new devices. The new device era (digital wallets, mobile payments, tablet POS, and more) has created a complex ecosystem for merchants and their partners to navigate. That is why it is necessary to have SI offerings that support multiple form factors including Windows, Linux, iOS and browser-based solutions. Vantiv works hard to find the right combination of solutions and services to enable our partners and customers to stay relevant and win together.

 

Improve customer experience and profit

Many merchants are using an out-of-date POS system, or not using one at all. Some retail segments lag behind in POS adoption more than others. As customers expect consistency across all channels, from brick-and-mortar locations to websites, mail order catalogs, mobile apps, emails and text messages, many merchants struggle with how to do it all effectively. Only a third of retailers have streamlined even the basics of cross-channel commerce such as online ordering for store pickup.

 

Customer experience is a core value of Vantiv’s products and solutions. Because we offer support for so many different industries and payment technologies, we are a good platform for developers who need to build OmniCommerce applications. Some examples illustrating OmniCommerce use cases are provided below.

 

  • Securing your application with P2PE and tokenization
  • Multiple transactions, one receipt
  • Buy online, pick up in the store
  • Implementing recurring billing to maximize sales and efficiency
  • Mobility – in-app purchases with Apple Pay
  • Adding EMV to your payment application

 

While industry leaders and solution providers are only now doing work to improve the costumer experience, Vantiv architected an integration suite with optimizations in place. Our experiences in payments around the globe enhances our awareness to anticipate what’s next.

 

Learn more about our two cloud solutions Datacap Systems TranCloud Overview and triPOS Cloud - Overview

Security and risk professionals are continuously hit with the tsunami of new vulnerabilities, and there aren’t any signs of breach activity slowing down. According to the Verizon 2015 Data Breach Investigations Report, nearly 43 million security incidents occurred in 2014.[1] And it’s no surprise that the vast majority of these breaches occurred against small to mid-sized companies.

 

A variety of tools are available to boost your point of sale credit card security. Consider the following steps:

  • Upgrade credit card POS swipers to accept EMV chip cards.
  • Upgrade all point of entry hardware to use point-to-point (P2P) encryption.
  • Consider tokenization technology to encrypt credit card information.
  • Consider partnering with a processer that offers bundled PCI compliance assistance programs, such as Vantiv's OmniShield Assure, to safely accept payments and dramatically reduce your fraud liability.

 

A smart card is a smart choice

The dramatic increase in counterfeit card fraud was what originally motivated the global payments industry to move to chip technology (smart cards). Contrary to magnetic stripe cards, EMV chip cards are designed to store sensitive data (such as PINs or keys) securely, and have the ability to manage risk and perform cryptographic computations dynamically. One of the key elements of EMV is the ability to authenticate a card to be sure that it is not a clone or counterfeit of the original card. As a result, any data that is stolen is significantly devalued and cannot be used to create counterfeit magnetic stripe cards.

 

Vantiv offers a set of integration methods and services that help developers extend their payment application to support EMV chip card acceptance. Developers can choose the integration approach that best fits their requirements based on the type of business, target markets, security requirements, and preferred form factor (Cloud, PC or mobile).

 

Stop theft at the door

In a P2P encryption solution, the cardholder data is encrypted at the point of entry and decrypted only at the intended recipient end. Vantiv’s P2P encryption solution helps protect data in transit by encrypting and transmitting cardholder data securely over any network. By leveraging Vantiv’s PCI-validated P2PE solution and our PCI PTS SRED certified hardware, payment applications are removed from PA-DSS compliance and merchants can qualify for reduced PCI-DSS scope

 

Although P2PE isn't the only tool that helps protect sensitive payment data from theft, many experts rank it highly. When polled about security strategies, financial executives believe P2PE will have the highest impact on data security and reducing fraud.

 

Rest easy knowing card data is safe

The use of tokenization in payments is to remove account data from the merchant’s card data environment and replace it with something that is useless outside of the environment in which the token was created. Tokenization can reduce the scope of your systems that fall under PCI DSS compliance requirements, thereby reducing the costs and man hours associated with the validation process. With Vantiv’s tokenization solution, customers can confidently focus on growing their business, while knowing that sensitive cardholder data is protected.

 

Shield your merchants from the elements

When developers bundle their POS application with Vantiv’s EMV acceptance, P2P encryption and tokenization solutions, merchants also gain access to PCI Assist and Breach Assist to help protect against the constant vulnerability threats data breaches present. OmniShield Assure delivers the tools merchants need to comply with new card network regulations, as well as protection from the four major threat factors facing their business: card data security; fraud protection; PCI compliance; and risk, including data breaches.

 

Major breaches do happen and have been costly for several organizations. Merchants are responsible for their own security in the PCI DSS ecosystem. It can be complex, and many merchants do not fully understand the inner workings of the standard, how it applies to them, and how to ensure their technology partners are properly securing their data.

 

As a POS developer for applications that accept payment cards, you must be prepared for a breach to occur and partnering with Vantiv can help reduce the responsibility for handling card data securely. There is no silver bullet to stopping data breaches, but by taking a comprehensive approach to credit card security you can significantly reduce your and your merchants’ vulnerability to internal and external threats.

 

 

 

 


[1] Verizon 2014 PCI Compliance Report,” Verizon, http://www.verizonenterprise.com/resources/reports/rp_pci-report-2014-executive-summary_en_xg.pdf

Merchants are becoming more aware every day about the security threats they face when accepting sensitive card data. To that extent, they have more resources at their fingertips to determine the best and most secure payment solution on the market. Having access to the PCI Council’s website listing validated solutions or cost effective mobile solutions merchants are expecting more than low processing rates and a standalone terminal. As a developer, what are you doing to stand out?

 

The SI Advantage

A semi-integrated solution is certified to secure hardware and the target host so that the ISV doesn’t have to; the ISV only integrates to the business logic, not the host, shifting the responsibility to the SI provider. SI solutions can help minimize the upfront effort and costs associated with certification, and ease the total cost of ownership with a simple, singular interface to access all services. One example of a software-based, SI solution is triPOS from Vantiv.

 

Payment Simplicity that Matters

Accelerating changes in the payments industry has made Vantiv acutely aware that our POS developers face a difficult dilemma: creating a solution that protects card data without compromising customization or cost. The cost of a data breach can range from $5,000 to $100,000 in fines,[1] and the cost to develop PA-DSS validated solutions can be upwards of $30,000. In addition, the impact from EMV and removing sensitive card data from the POS can hinder the convenience customers and merchants expect.

 

To help solve this dilemma, we set off to strategically invest in building simple, commerce-enabled solutions that are secure, open and offer value to the POS. triPOS is one of our solutions that developers can count on. It has a lightweight design, removes developers from PA-DSS scope and greatly reduces the merchant’s PCI-DSS with P2PE and tokenization technology. Plus, the POS functionality remains within your control. triPOS manages device drivers on your behalf and with a simple configuration file, developers can quickly begin coding and testing their application for production processing.

 

Learning the nuances involved with payments and complex APIs like ISO 8583 can be time consuming and require large scale teams to complete. Payment simplicity is restored with triPOS because 80% of the code managing payments is done for you. Developers can now focus more on the user experience, creating robust reporting or business management tools.

 

Customization vs. Complexity

Vantiv provides developers with a choice. They can integrate to complex device APIs, continuously re-certify their payment application and struggle to be first to market.  Or, they can use triPOS, which is already certified, and delivers new features automatically without needing to re-integrate—whether it is a new supported device or an additional payment processor for EMV. One EMV certified device used by triPOS is the Verifone MX915, a small, sleek device designed to engage consumers in new ways with its full-motion video display. Developers can take advantage of custom device forms to enhance the consumer experience, or help merchants advertise more business.

triPOS is built for simplicity, but is packed with features that helps your payment solution stand out from the competition:

 

Element Gateway – offers access to multiple processors, so merchants aren’t locked in to a single processor.

Account Updater – provides merchants with seamless updates to their customers’ recurring billing account information using our Transform tokenization.

Store N Forward – allows merchants store encrypted pre-authorized card data until the POS system is back online.

Data Security – TransForm P2PE validated and Tokenization are built in to the solution.

Pass-Through – triPOS devices can read non-financial cards without encrypting the data for internal use.

 

A Smart Approach to Mobile Payments

With the need to support chip cards and desire to accept NFC, merchants are re-examining their POS technologies with an eye toward increased security. This is a great time for developers to enhance their solutions, and partnering with Vantiv and integrating triPOS opens the door for cutting edge technology that better prepares you for the future.

Younger generations are taking mobile payments seriously. Young adults continue to lead the smartphone revolution, with 89% of respondents’ aged 18 to 34 indicating they own smartphones.[2] The transition from traditional cash or credit card payments to new methods hasn’t happened overnight, but the ease of use and convenience associated with mobile payments is appealing—42% of smartphone owners surveyed by Mercator Group, say they have tried mobile payments either in-store or at online retailers.[3]

 

That’s good news for developers because mobile payments come with a number of benefits that will help increase their merchant base and revenue, while providing faster checkout times and better security. Using NFC helps put security at the top of your priority list. Unlike a magnetic stripe card, consumers’ personal information is never in direct contact with the point-of-sale. Technologies such as fingerprint scanning or passwords to pay add another layer of security that chip cards can’t address.

 

Let triPOS help your solution stand out by taking advantage of a single simple integration without sacrificing customization or security. To learn more about triPOS or partnering with Vantiv, contact us today.

 

 

 

[1] http://www.cybersource.com/content/dam/cybersource/Reduce_PCI_Scope_Tokenization.pdf

[2] Mobile Payments is Really Here, Mercator Advisory Group

[3] Mobile Payments is Really Here, Mercator Advisory Group

As integrated point-of-sale systems continue to become mainstream for merchants who want more from their business management tools, cloud processing offers an attractive solution. Cloud POS software developers can more easily enable enterprise technology to SMBs. However, POS developers making the jump to cloud or web-based solutions are finding it difficult to interact with on-site hardware such as chip card terminals.

 

 

How Cloud Processing is Changing the Landscape

According to Gartner, “By 2018 Software-as-a-service (SaaS) cannibalization is expected to create a 40% reduction in maintenance and support…ISVs without a clear sales strategy for delivering and managing the transition to cloud services will see support revenue and margin erosion.¹” Cloud-based POS platforms differentiate themselves from standalone terminals, software installed solutions and native mobile platforms because merchants can:

 

  • run their business from anywhere
  • generate real-time reports and alerts
  • receive real-time software updates
  • create a smaller footprint with less hardware on premise

 

With the need to support chip and PIN, merchants are re-examining their POS technologies. Help retail merchants think beyond the checkout line and deliver solutions that can cost efficiently incorporate enterprise level tools. Chip cards and mPOS are intersecting with cloud POS solutions and SMB merchants in the restaurant business are rethinking how they interact with customers. They need a single solution that utilizes pay at table device hardware or traditional PIN pads behind the bar.

 

Take advantage of an API that supports multiple device APIs, powered by a processing platform, Express, which solves for a variety of merchant verticals. Vantiv Integrated Payments enables cloud processing and device hardware management through triPOS Cloud. ISVs can focus on the merchant benefits above and worry less about costly certifications for chip and PIN or time-consuming PA-DSS validations.

 

What our Solution does for Developers

Using a lightweight API, developers only need to initiate the payment request (with minimal transaction details) through triPOS and the solution takes care of the rest. Our tokenization technology is built into the solution, enabling faster follow up transaction management like voids or tip adjusts.

 

With “56% of consumers willing to use their mobile device to pay for products they are shopping for” (Mobile Commerce Press, December 2014)² , you should know that your solution will be automatically enabled to support technology like Apple Pay or Android Pay with no additional device integration work.

 

In addition, triPOS Cloud creates a simple pairing process with the device and workstation, which helps to reduce your installation costs. There are no networking requirements and with a simple POS configuration, merchants can be up and processing in no time.

 

Start Integrating Today

Learn more about  triPOS Cloud - Overview can help you reduce cost and deliver smarter, faster, easier payments.

 

¹ https://www.gartner.com/doc/2819221/independent-software-vendors-prepare-different

² http://www.mobilecommercepress.com/survey-highlights-consumer-attitude-toward-mobile-payments/8514805/”

Amie Jackson, Leader Merchant and Partner Compliance for Vantiv, repeatedly fields questions from developers on anything PCI DSS or PA DSS. It would be reckless to assume that everyone in our space understands all the standards and guidelines and also keeps up with the ever-changing landscape. It’s worth noting, however, that it takes more than just knowledge of what these standards entail to implement them in your application.

 

Seeking a PA DSS validation is not only complex but also expensive and can range anywhere from $15,000 up to $45,000. These validations are provided by an independent auditor called a ‘Payment Application Qualified Security Assessor’ (PA-QSA), and cost is determined by the complexity of the application and payment implementation. Then, there’s a $1,250 fee required to list your validated application on the PCI Council website.

 

After that, there are several re-validations that must be done over time. First, a re-validation is required each time a significant change is made to your application that deals with cardholder data and payment functionality. Then, there is an annual re-validation even if there were no changes to the payment application. Cost for re-validation depends on the number of software versions and supported operating systems.

 

Beyond all of these fees, the biggest cost you’ll incur is simply building and/or modifying your application to meet all of the PCI and PA DSS compliance requirements in the first place. Building and maintaining all of this can take anywhere from a couple man-months to several man-years.

 

All of this explains why we’ve developed solutions that help reduce developers from the scope of PA-DSS compliance. Vantiv Integrated Payments, not you, handles sensitive cardholder information, which can reduce the number of PA DSS requirements you have to consider. And keep in mind, our implementation consultants are always on standby willing to work with you to understand your requirements and help alleviate some of the stress.

Payments security is a common topic in the news these days.  From the migration to EMV chip card technology to reports of high profile data breaches, security concerns dominate much of the conversation about payments. What is most concerning is the misinformation that can confuse and overwhelm small business owners.  I want to take the opportunity to clarify some of the terms so payments solution developers can evaluate their options and take action.  Let’s start by reviewing the following:

 

  • EMV chip card – The first important thing to understand is that EMV does not protect businesses from data compromises.  Instead, chip cards are designed to help stop card-present-counterfeit  fraud.  When a merchant adopts EMV technology, they are helping to protect their business against the potential fraud liability of accepting a counterfeit card to complete a transaction– not preventing card data from being compromised.

 

  • Network security –  To prevent a breach that compromises sensitive card data, merchants and solution providers need to enable strong network security.  This includes firewalls as well as segmenting communication networks that transmit sensitive information that hackers want to access. It is also critical to run continuous scans of these networks to detect and patch vulnerabilities.

 

  • Data security – Unfortunately, even the best network security measures may still get hacked. If it can happen to the U.S. government, it could happen to anyone.  Implementing data security will help make the data stolen worthless.  We typically address this issue with two technologies: encryption to help protect data in flight, and tokenization to help protect data at rest. We have seen more and more POS solutions coming to market that enable EMV with encryption and tokenization. This is a great strategy for a small merchant looking to invest in a POS technology upgrade.

 

  • Physical security – This item often goes overlooked, but it is a critical component. Businesses need to make sure that physical access to the POS is limited and secure.  Merchants can do simple things to help improve their physical store security, like not writing down card numbers and other customer information.

 

If any of this seems very complex, it’s because it can be.  It is very important that merchants make the decision to either create an internal discipline around security, or find a trusted technology partner to handle security on their behalf.  This is the first step in protecting their business from the financial and reputational damage that security vulnerabilities can cause.

 

As a solution provider that enables payments it is paramount to offer some type of security solution to your customers.  Security can be positioned as a differentiator for your business by how easy the solutions can be implemented and used, and by making sure that the solution does not impact other critical business functions like reporting, reconciliation, and analytics.

 

To learn about the payment security solutions Vantiv offers that you can leverage for your solution, contact us.

Merchants today are relying more and more on point of sale (POS) solutions and applications to run the store and make their day-to-day operations easier. Today’s POS has to be able to keep track of every product a merchant sells, from the moment it’s added into inventory, until it’s sold to a customer. And, it should have the ability to produce thousands of data points about the salespeople, customers, and how every sale occurred. It has become an incredibly powerful tool for merchants to grow their business. But between merchant expectations, and industry certifications and changing regulations, software developers have a lot to manage.

 

 

Semi-integrated POS solutions can help minimize the upfront effort and costs associated with certifications, and ease the total cost of ownership for merchants with a simple, singular interface to access all services. Rather than requiring the ISV to perform multiple certifications, the responsibility for device and platforms certification is transferred to the service provider. One example of a semi-integrated solution is triPOS from Vantiv.

 

triPOS was originally designed for Windows applications and quickly evolved to Linux machines. Over the last couple years, triPOS for PC has seen enormous success. Acutely aware of the acellerating demand for EMV support, Vantiv strategically designed triPOS to easily  expand for greater use cases, such as cloud and mobile applications.

 

 

The architecture behind triPOS Cloud and Mobile is particularly exciting because it enables EMV without the headache that cloud and mobile bring to the integration.  Before EMV came along, semi-integrated solutions were fairly easy to implement and maintain. Solutioning consisted of simple card readers, which could be used since mag-stripe is a unidirectional communication. By using keyboard emulation from the reader, such as Hosted Payments fields within a browser could be populated by the mag-stripe reader.  This only required the merchant to connect the mag-stripe reader, open their browser and they were off and running. Examples of these include browsers on PC based (Windows or Linux) solutions or applications on tablet based (iOS or Android). 

 

EMV readers on the other hand complicate things, as they require bidirectional communication to handle the negotiation with the actual EMV card.  This creates a significant hurdle for cloud developers to overcome and still maintain a very seamless merchant installation, as something has to handle the bidirectional nature of EMV.

 

Cloud and mobile developers are now looking for solutions that solve this problem but limit the amount of installation support, time, and technical knowledge required by the merchant to a minimum. A semi-integrated solution is a great way to solve these challenges, and is the path that many developers are choosing to implement. 

 

When selecting the right semi-integrated EMV payment solution, it’s important to consider the actual end merchant device/method desired. Cloud and mobile applications make software not just trendy, but incredibly useful.

 

For a true browser solution, a cloud-based application is needed; one that requires little to no installation on the merchant’s part. triPOS Cloud is a great fit, since all payment functionality actually resides in the cloud and is hosted by Vantiv Integrated Payments. The merchant only has to go through a simple two-step process to install the actual device and pair it to your cloud solution.

 

For a tablet-based (iOS or Android) POS some sort of native thin application is needed on the device to interface with the merchant.  In this case, triPOS Mobile is required so it can be linked and installed as part of the native application, keeping the merchant experience the same as it was previous to EMV. 

 

Finally, regardless of the form factor, developers need an easy integration that won’t overburden a majority of their time and resources.  triPOS PC (Windows and Linux distributed software), derived from our existing product line, allows developers to avoid having to integrate to EMV PIN pads, code each individual payment type, build customized reporting tools and more. Instead, it is all managed by triPOS and our Express Interface. Plus, triPOS Cloud and Mobile enable instant upgrades, so your POS stays on top of the new technologies and security requirements you'll need to implement over the next few years.

Vantiv had the opportunity to participate as a sponsor for HackPSU at Penn State University, in which 500+ student hackers of all ages competed against each other. Before the event officially kicked off on Saturday April 9, 2016, we had the opportunity to speak with several Electrical Engineering and Computer Sciences students about who Vantiv is and the exciting challenges technology helps solve in the payment ecosystem.

 

 

After the excitement from the previous night about the potential talent participating at HackPSU, we could hardly wait to get set up and polish our challenge pitch for those students willing to brave payments. Soon, students began to filter in and their curiosity to learn more about payments became evident as our team intertwined their everyday activities and interests with payments.

 

 


Once the teams were strategically formed and their challenge staked, their work began. From the beginning, BarTab set their sights on integrating to Vantiv’s API to solve the common inconveniences of non-sobriety and bar tabs. Their inspiration came from the dreaded morning after when you realize your tab was left open and your card is at a bar you can’t remember. With several Vantiv stress balls and energy drinks, the team developed a mobile app that syncs with a POS to let customers order drinks and pay using a token from the card on file; the catch is through geo-location, the customer’s tab automatically closes if they leave the bar.

 

Another team that drew inspiration from our API was MediatR. Their personal frustrations also inspired them to try and make payments smarter, faster and easier. Their ploy was to reduce fraud through geo-location matching of the cardholder and the purchase.

 

After a long grueling 24 hours, the winning team prevailed with a tightly sealed presentation that wowed the crowd.PulsePay took payment security and technology innovation to another level! Taking their inspiration from Shawn McCarthy’s keynote, the team set out to make eCommerce shopping convenient and secure by enabling biometric heart monitoring through a simple wristband made by Nymi. Their design allows the cardholder to biometrically authenticate once with the Nymi Band, and interact securely via online transactions. Merchants supporting PulsePay can process payments with little concern for fraud because the website syncs during checkout with the Nymi Band, and authenticates their heart rate to the user profile created on their mobile application.

 


As you might imagine, it was incredibly hard to judge the many ideas that emerged during HackPSU. Given the high number of great applications and the amazing list of participants, I was only able to list a few here.

We would like to congratulate PulsePay and all the PSU student teams for helping define the future of payments with the Vantiv platform.

 

It’s been a great weekend, and we look forward to many more in the future.