Integrated vs Semi-Integrated POS Payment Solutions Explained

Reading Time: 5 minutes

Related Articles

Manual Phone Payments: The Risk Few Executives Are Talking About

IVR Payments: A Financial and CX Blueprint for Scaling Call Capacity Without Added Payroll

Call Deflection with Purpose: How IVR Payments Reduce Volume Without Reducing Service

A Smarter Way to Accept Payments by Phone | Why IVR Beats Taking Cards with Live Staff

Rethinking How You Handle Payments by Phone

Background

One of the things that makes shopping for payment solutions confusing is the use of industry specific jargon. For IT people the term “integrated” has come to simply mean connecting one application or system to another application or system, typically by using either an API, web-hook, SDK, or an automated flat-file method for conducting the data exchange between these two systems.

When talking about integrated “MOTO and Ecom payment solutions” (IVR applications and online payment page software) the term “integrated” is used to describe this familiar context. However, when talking about POI (Point of Interaction) terminal hardware for point-of-sale (POS) “card-present payment solutions”, you will instead hear the terms “semi-integrated” and “integrated” being used. These unique payment industry terms refer specifically to both how payment terminals communicate with POS systems and how the cardholder data is then handled.

Semi-Integrated POS Solutions

In semi-integrated POS systems, the payment terminal is connected (“integrated”) to the POS system, and it operates independently of the POS software when it processes each payment transaction. The POS software initiates the transaction and prompts the cardholder to insert, tap, or swipe their card. All sensitive card data is then encrypted and transmitted directly by the payment terminal to the payment gateway for authorization. An authorization result is then returned directly to the terminal. Only non-sensitive transaction response data (approval codes, truncated card number, or low value tokens) are sent by the terminal to the POS software.

How it works:

  • The POS software only sends a payment amount to the payment terminal.
  • The terminal independently sends transactions directly with the payment processor’s gateway.
  • Once complete, the terminal returns a transaction confirmation back to the POS software.

Benefits:

  • Sensitive cardholder data is never handled by the POS system, reducing PCI DSS scope and risk.
  • The POS software is easier to maintain.
  • This POS system is easier to deploy.

Integrated POS Solutions

In integrated POS systems, the payment terminal is fully integrated within the POS system, with the POS software controlling the entire payment transaction flow. The POS software manages the entire transaction process and directly communicates the sensitive payment data to the payment gateway.

How it works:

  • The POS software manages the entire transaction process from start to finish, including the capture and transmission of card data.
  • The terminal acts more like a dumb peripheral device (like a printer or scanner).

Benefits:

  • A more seamless payment experience with full control by the POS.
  • More merchant flexibility for customizing the payment flow.

Disadvantages:

  • Cardholder data passes through the POS system, increasing PCI DSS scope and security risks.
  • The POS system is more complex to develop and maintain.

Which POS solution is best?

From a security architecture perspective, the important difference between integrated and semi-integrated POS systems is that with semi-integrated systems the payment terminal communicates all sensitive card information directly to the payment gateway. This keeps all card data segmented outside of the merchant’s POS system which reduces both security risks and compliance effort for the merchant.

Integrated solutions on the other hand have significant security risks from malware attacks. For PCI compliance these POS integrations must be certified to comply with PCI requirements and go through EMV certification. Changes to the POS application after initial deployment requires re-certification. Semi-integrated solutions reduce this PCI burden and offer increased security compared to fully integrated solutions.

Alternatives: Secure Card Reader POS Configurations

Most POS systems today use either PTS terminals or P2PE SCR terminals, depending on the merchant’s size and risk tolerance.

PTS terminals are common in small to medium businesses, legacy retail and hospitality. They are cost effective, easy to setup and integrate with custom POS software and supported by most gateways. However, they also have a higher risk and PCI scope than P2PE secure card reader (SCR) solutions.

P2PE SCR terminals are more common in large retailers (like grocery chains and department stores), healthcare and financial services, and merchants with high compliance burdens. They offer higher security because the card data is immediately encrypted at the terminal and stays encrypted until it’s received by the payment processor’s gateway. This significantly reduces the risk of breach and PCI compliance scope that an integrated POS otherwise introduces. However, they come with a higher initial cost for both the set up and terminal hardware, as well as locking the merchant in to using specific devices from validated P2PE solution providers.

In many cases, using P2PE SCR terminals for a POS system is a best practice for prioritizing security and PCI DSS compliance scope reduction.

We’re Here to Help.

Call 1 800 831 6660 or

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance