Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Why Businesses Should Transition their Payment Architecture

There is more than one way to accept a payment - and that’s not just talking about cash vs. card. Thanks to mobile payment technology, EMV chips, electronic cash registers, and other amazing payment innovations, businesses are swiftly learning that they no longer need to rely on traditional methods for accepting and processing transactions. 

In fact, traditional integrated payment environments are becoming obsolete thanks to semi-integrated options that save time and money while better protecting business and customer data. Yet, some businesses have yet to fully comprehend the benefits of semi-integrated payment architectures - or worse, they don’t recognize the inherent hazards of their current systems.  

How many businesses currently structure their payment environments 
After a customer swipes her card, money doesn’t automatically appear in merchants’ bank accounts. Rather, there is a long and complicated series of communications between several different entities. This process occurs to ascertain whether customers have enough money available to make their purchase, to transfer that money from one account to another and to ensure merchants are allocated the proper amount, which are both primary concerns for businesses looking to make a profit.

The most widely utilized payment architecture - which is appropriately dubbed traditional integration - requires four elements: a point-of-sale terminal, an electronic cash register (ECR), a merchant’s bank office, and a transaction processor. 

The amount due is generated by the ECR and sent to the POS terminal, which the customer uses to swipe (or, more often nowadays, dip) a card and confirm payment. Then, the card data travels back through the ECR and into the bank office infrastructure, where that payment information is stored. To authorize the payment, the bank office sends the data on to a transaction processor - which sometimes prompts the cardholder’s bank for approval. Eventually, the merchant’s ECR will receive a response from the processor, at which point they can produce a receipt and begin assisting the next customer.

Why businesses should make a change
As many businesses can already discern, the traditional integrated environment requires data to travel around the world, it seems, stopping several times before customers and merchants know for certain that payment is approved. A system in which there is less communication would not only be speedier, but it would also be more secure. Fortunately, such a novel process already exists in the semi-integrated payment environment.

Using the same tools as the traditional environment - i.e., the POS terminal, the ECR, the merchant’s bank, and the transaction processor - the semi-integrated environment is limited mostly to non-sensitive commands between the POS terminal and the payment processor. 

The process begins as normal with the ECR generating the amount due, the transmission of that amount to the POS terminal, and the customer swiping or dipping a card. However, instead of traveling every which way, that data moves directly to the transaction processor for authorization. Then, the response is sent back directly to the terminal, which allows the ECR to complete the transaction. It’s that simple.

There are three primary benefits to semi-integration: security, speed, and scalability. 

  • Security. Because card data goes directly from terminals to transaction processors, cybercriminals have fewer opportunities for theft. Most often, breaches occur in the ECR, but in semi-integrated environments, the ECR never receives card information. Plus, merchants don’t need to worry about the security of their banks’ networks, since payments bypass the bank office, as well.
  • Speed. With fewer messages being sent and received, payments can be approved or denied faster, allowing merchants to address more customers in less time. Additionally, the semi-integrated architecture reduces the scope of PCI, which makes it much easier to comply with PCI rules- and decreases the likelihood of failing a PCI audit.
  • Scalability. Because the merchant’s payment system is separated from the transaction process, businesses no longer must update their ECRs and other tech as soon as new payment trends emerge. As businesses grow, they can adopt different internal payment systems without worrying about interrupting card sales.

Transitioning from a traditional integrated environment to a semi-integrated environment is also beneficial to processors, gateway providers, integrators, and several other entities involved in paying and selling. In this case, there is no reason to stick with the old way of processing payments - the new architecture is just too good.

What’s Hot on Infosecurity Magazine?