ECRi (Electronic Cash Register interface) allows POS developers to create cost-effective, PCI compliant payment solutions. ECRi-enabled, standalone POS terminals allow merchants to process payments without transferring sensitive credit card account information to the merchant’s POS system.

POS software developers no longer need to ensure that their application is PA-DSS compliant, because ECRi offloads this responsibility to the merchant’s provider, reducing the headaches and costs associated with credit card fraud. Switching to ECRi offers many benefits for POS developers.

A simple payment solution

Integrating ECRi into your POS software involves working with a simple serial interface. This interface makes software development easier and more cost-effective than other payment solutions. This simple integration helps POS developers avoid the hassle of PCI compliance, eliminates the need for middleware, and saves money and time in the development process.

Save money

ECRi’s simple serial interface makes integration quick and affordable. POS developers now spend less money developing and maintaining their software.

Reduce reliance on middleware

ECRi allows transaction authorization to occur between a standalone POS terminal and the customer’s issuing bank, eliminating the need for costly middleware products to support the payment process.

Avoid the headaches of becoming compliant

Most PIN pad payment solutions transfer customer credit card data through the merchant’s POS system, requiring the software to be PCI compliant. Obtaining certification can be a costly and time-consuming process. POS developers who use ECRi avoid this hassle entirely.

ECRi is a simple and cost-effective payment solution that boasts a reliable and

… Read more

ECRi (Electronic Cash Register interface) offers a cost-effective, PCI compliant payment solution for merchants. ECRi-enabled, standalone POS terminals allow merchants to process payments without transferring sensitive credit card account information to the merchant’s POS system. This technology offloads PCI compliance issues to the merchant’s provider, reducing the headaches and costs associated with credit card fraud. Switching to an ECRi capable payment solution is easy and offers merchants significant benefits.

How do merchants benefit from using ECRi?

A simple payment solution

Merchants who operate with an ECRi payment solution can offload PCI compliance requirements to their provider while implementing a future-proofed payment system. The payment system is remotely updated by their provider when upgrades are made available. All these features make for a simple payment solution that takes the headaches and discomfort out of payment processing, allowing merchants to focus on their own business.

Save more money

Implementing ECRi into your payment system can save merchants a lot of money. The cost of securing an average network to PCI standards is more than $250,000 per year. With ECRi, sensitive credit card account data is not transferred to the merchant’s POS system. This allows merchants to offload PCI responsibilities to their provider while significantly reducing expenses. ECRi merchants are no longer liable for stolen credit card account data in the event of a breach of their network, and thus avoid massive expenses inherent to the litigation of fraud cases.

Enhanced functionality

ECRi payment systems make payment processing easy and … Read more

PCI DSS is a regulatory requirement that aims to increase credit card data security with payment processing. Becoming PCI DSS compliant can be difficult and complicated, and applies all companies that transmit, process, or store credit card account data. Even companies who do not intentionally store credit card data or who use professional POS systems are often unaware of the risks associated with a non-PCI compliant system. You can reduce the present risks by working with a payment processor who understands PCI compliance and who can help you upgrade your payment system to meet today’s standards.

A real-life example

PCI DSS compliance is complicated enough that even one of B.C.’s largest companies struggled with it; a recent Globe and Mail article reported that B.C. Ferries recently discovered that they have “glaring deficiencies in the way in which the company is protecting sensitive customer credit card information.” Most notably, B.C. Ferries learned that after all payment transactions, their … Read more

First implemented in Europe, chip and PIN credit cards are widely used in Canada. With the looming deadline of October 2010, Canadian merchants must ensure that they are prepared to adopt chip and PIN technology. After October 2010, merchants who are not chip and PIN compliant risk being liable for any fraudulent charges made against them.

Here are some things to consider when upgrading to chip and PIN technology.

Software and hardware upgrades

In order to accept payments using chip and PIN technology, merchants must upgrade to chip and PIN certified hardware. Terminals must have chip and PIN readers and follow PCI standards.

Typically, merchants face few software issues when migrating to chip and PIN. Ask your POS vendor if the current version of their software that you use is certified for chip and PIN transactions. If your POS provider is not PCI compliant, VersaPay offers an inexpensive solution called ECRi.

What is ECRi?

ECRi (Electronic Cash Register interface) technology allows merchants to offload PCI compliance responsibilities to their provider. By setting up a PCI compliant payment terminal with ECRi, VersaPay allows merchants to process payments without sending sensitive customer account data through the POS system. This cost-effective integration reduces merchants’ transaction fees and eliminates the headaches associated with becoming PCI compliant.

How much does it cost to switch to chip and PIN?

The … Read more

What is EMV?

EMV is the standard that allows chip and PIN cards to operate with chip-enabled terminals and ATMs.

EMVCo is a public company that manages, maintains and enhances EMV Integrated Circuit Card Specifications Standards.

• In 1999, EMVCo was founded by Europay International SA, Mastercard and VISA.
• In 2002, Europay International SA was absorbed into Mastercard.
• In 2004, JCB (formerly Japan credit Bureau) joined the organization.
• In 2009, American Express joined the organization.

EMVCo’s main activities are to:

• Ensure the compatibility and acceptance of chip cards globally.
• Develop an internationally recognized standard for chip-based payment processing.
• Test and approve processes that evaluate compliance with EMV standards.

How do EMV standards affect my business?

The introduction of EMV standards brings many changes that affect merchants around the world.

• EMV standards improve the customer experience. Customer information is protected by cryptographic algorithms, providing improved security between chip cards and chip-reading terminals during transactions.
• EMV standards can save you money. Since these standards improve the security of transactions, transactions that follow EMV standards can be subject to lower payment processing fees.
• EMV standards reduce your liability for fraudulent activity from lost or stolen payment cards. Notably, as of 2010, merchants without EMV compliant devices are fully liable for the cost of credit
… Read more

In our previous post, we discussed the 12 requirements of PCI DSS. Today, we’ll talk about how these requirements will affect your business.

How does PCI DSS affect your business?

PCI DSS is dramatically changing credit card payment processing. Here are some costs and benefits you should be aware of.

• Costly Upgrades. The state of your current systems will determine how PCI DSS affects your business. If your systems meet the current requirements, then PCI DSS will not affect your business. However, if your systems do not meet PCI DSS requirements, you may have to upgrade your systems. Speak to your payment processor about the most cost-effective way to become PCI DSS compliant.
• Safe Harbour Status. One of the main benefits of becoming PCI DSS compliant is that you will attain safe harbour status. Safe harbour status protects you from fines in the event of a security breach. In the unfortunate event that a customer sues you, the court will be more lenient with you if you have safe harbour status. In order to benefit from safe harbour status, all security requirements must be in place.
• Fines. If your business is not PCI DSS compliant, it may be audited, fined, or sued. In the worst-case scenario, your business may lose the right to process credit cards entirely.

What are the documentation requirements for PCI DSS?

Documentation requirements depend on your business’s volume of credit card payment processing.

• Businesses that handle up
… Read more

The Payment Card Industry Data Security Standard (PCI DSS) is the major regulatory change that you are likely to face this year. We recently provided an overview of PCI DSS. In this article, we’ll discuss it in more detail.

What is PCI DSS?

The PCI Security Standards Council developed PCI DSS to increase data security in credit card payment processing. The PCI DSS applies to all organizations that transmit, process, or store credit card data. Note that while the PCI Security Standards Council developed PCI DSS, the regulations are actually enforced by credit card associations like Visa, MasterCard and American Express.

The PCI DSS has six “control objectives” that include a total of 12 compliance requirements. According to the PCI Security Standards Council, the control objectives are:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical … Read more

• Regulatory driven, by PCI DSS, and chip and PIN technology
• Consumer driven, by mobile technology and the entry of Visa Debit.

These changes present new challenges and opportunities for all card-accepting merchants and include:

• Regulatory driven changes
• Consumer driven changes
• PCI compliance
• Chip and PIN technology
• Mobile technology
• Visa debit

Over the next few articles, we’ll take a more detailed look at these industry changes. Today, we’ll talk about regulatory driven changes in the payment processing industry.

Regulatory driven changes

Payment Card Industry Data Security Standard (PCI DSS)

The biggest regulatory change to impact your business in 2010 is the introduction of the Payment Card Industry Data Security Standard (PCI DSS).

What is PCI DSS?

The PCI DSS is a set of 12 requirements that covers everything from developing a secure network to maintaining an information security policy.

How does PCI DSS affect your business?

First, you may have to change your current systems in order to meet PCI DSS standards. If your current payment processing system is up-to-date, you may only need a slight upgrade. If your system is old, it may be worth getting a new system. Contact your payment processor to determine which option is best for your business.

Second, you must document your security compliance. There are two categories of PCI DSS merchants. The amount of documentation required depends on which category you are in.

• Lower level merchants have up to
… Read more