Digital Transactions Authoritative, insightful and timely information for payments professionals
Managing the integration of EMV payment acceptance into point-of-system software can be replete with nuances unfamiliar to many developers.
That’s where a product announced Tuesday by two payments companies working jointly could assist.
Seattle-based independent sales organization Gravity Payments Inc. has teamed with Creditcall Ltd., a United Kingdom-based transaction gateway and mobile-payments solutions vendor, to provide software development toolkits (SDKs) to independent software vendors, value-added resellers, and developers that simplify the integration of EMV acceptance.
The service uses Creditcall’s ChipDNA, which operates as a layer under the POS software, paired with Gravity Payments’ platform GravityPay. Transactional commands are sent from the POS software to the Creditcall SDK that then communicates directly with the EMV card-reading device to capture cardholder data, says Dave Dreyer, Gravity Payments’ senior product development specialist. “After that, a transaction request is sent to Gravity Payments for processing. Thus the ISV’s software never comes in contact with sensitive cardholder data,” Dreyer tells Digital Transactions News via email.
Such walling off is viewed as vital for securing POS systems while making it possible for them to accept EMV transactions. Without such a service, a POS system developer trying to add EMV transactions would have to submit each variation of their software with any device for EMV certification. Services like the joint Creditcall-Gravity Payments effort put the EMV-certification onus on the provider.
As Dreyer explains, using the Creditcall SDK means the software provider doesn’t have to complete EMV certification because Creditcall already is EMV-compliant.
And it has the bonus of potentially removing the merchant’s payments system from some Payment Card Industry data-security standard (PCI) requirements, says Jeremy Gumbley, Creditcall chief technology officer. That’s because all of the sensitive cardholder data is protected using Creditcall’s point-to-point encryption, he says. “While EMV migration solves the issue of card skimming, it cannot prevent a data breach,” Gumbley tells Digital Transactions News via email.
POS systems are a critical area for EMV implementation, says Thad Peterson, senior analyst at Boston-based Aite Group LLC.
“The VARs and ISVs generally drive the mid-large retail market, and many of them aren’t as familiar with payments and EMV as organizations that are fully involved in payments,” Peterson says via email. “There has been an issue with certification of solutions driven through this channel and some implementations have been delayed because of the certification process, which requires a separate certification for each network.”
Any product or service that can accelerate or simplify the process of integrating EMV into POS systems is “a very good thing,” he says.
