Last month, I discussed a simple truth for your cashiering PCs: “If you type or swipe payment cards, you’re in PCI scope.” PCI standards have evolved to include all of the touch points for cardholder data, including computers that touch this information for only nanoseconds as they transmit data. Basically, there are 3 ways to implement cashiering functionality:
- Card swipe devices are connected directly to payment card processors through dial-up telephone lines. This is the simplest cashiering architecture. However, each swipe device is like a stand-alone cashiering system without the benefits of central management, reconciliation, and integration to campus ERP systems.
- Payment data is typed into a PC browser (acting as a virtual terminal) connected to a hosted web application. This way offers better integration, but it requires manual cardholder data entry. What’s more, these computers are in your PCI scope, and their use should be restricted. (See Is Your PC In PCI Scope?)
- Card swipe devices, cashiering PCs, cashiering software, payment card networks, and campus ERP systems communicate in an integrated cashiering environment. Payment card transactions are centrally authorized, settled, and stored. There is no manual data entry, and cashiering operations are streamlined. However, your cashiering computers are still in PCI scope.
Most campuses want integrated cashiering, the 3rd way. But most campuses also want the flexibility to use their cashiering PCs for other business, too. The solution is to remove cashiering PCs from your PCI scope with a new technology that includes tokenization. By adding intelligence to the remote payment server and redirecting the flow of cardholder data from swipe devices, you can remove these PCs from PCI consideration altogether. If you are interested in learning more about this new cashiering technology, join us during our next TouchNet LIVE! video-cast on Tuesday, June 21st.