Hardware devices involved in card transactions, such as POS devices and PIN pads, continue to be a target for criminal attack. To address this, the PCI Council created the PIN Transaction Security (PTS) program, through which device manufacturers can validate their products against various security criteria. Now that security requirements for these peripherals are standardized, tampering is progressively more difficult.
We recently integrated a PCI-PTS compliant key pad with ExpertRPS, in order to help a non-profit meet their PCI requirements. This PCI compliant device can be used to encrypt, validate and process credit card payments, all in real-time.
As mailed-in payments are scanned, ExpertRPS detects credit card payments and routes them to an operator. The operator manually keys the card number and expiration date into the key pad, which automatically encrypts the data. It then transmits the encrypted data to a credit card processor. The processing network responds back to ExpertRPS with an approval or denial, using encrypted tokens.
This method of providing in-line credit card authorization has several advantages over the traditional process of uploading daily credit card batch files to a processor. Perhaps the most significant is that actual card data is never entered or stored on the local PC, thus reducing the scope of your PCI compliance requirements. Additionally, credit card file/data encryption is no longer the burden of the biller, keying mistakes can be detected and corrected immediately, and denied transactions can be dispositioned in real-time.