Payments for Retail Innovation
Strategic Advantage to Recognize Your Customer Across Retail Channels
“Creativity is thinking up new things. Innovation is doing new things.” – Theodore Levitt
As retailers today look to minimize data breach risk and minimize PCI scope, they are also faced with trying to meet
ever increasing consumer demands. These demands typically involve seamless shopping experiences across
multiple channels, be that online, mobile, social, or in-store. Adding in layers of security helps to safeguard the
transactions while often hindering the shopping experience.
eCommerce and POS Payment Gateways today often hinder the retailers’ ability to minimize PCI scope while
restricting flexibility to choose payment card hardware devices and payment card processors. The differences
between an Integrated Payments Solution and a Semi-Integrated Payments Solution further exacerbates this
situation. This whitepaper examines how Semi-Integrated Payment solutions better enable the following retail multichannel requirements, leading to retailer strategic advantage:




Order ahead and fulfill across multiple channels (often Buy Online, Pick-up In-Store)
BYOD (customer Bring Your Own Device) mobile payments
Single Token strategies
Manageability and Security in today’s environment
“Integrated” versus “Semi-Integrated” on the surface sounds like the right solution, correct? Of course, we want our
systems “integrated”, but we need to first review the definitions of each.
Integrated Payments Definition
An integrated payments solution is essentially part of the core POS (point of sale) solution; it is one and the same
and the payments workflow is managed and controlled by the POS. The POS solution handles everything associated
with the consumer purchase and payment.
EMV adoption plays a role here as well. As every retailer knows, EMV certification is a challenge across the board.
Every combination of EMV application (think POS here) and payment device requires certification with each card
brand – a gigantic triangulation effort. In a fully integrated environment, where the POS system is also the
payments solution of record, any modification to the POS application triggers the potential for EMV recertification
(even if the payment application portion remains untouched!). It would appear advantageous to instead separate out
kernel upgrades from device manufacturers and core payments app changes from the POS system itself.
Semi-Integrated Payments Definition
A semi-integrated payments solution fundamentally isolates, both technically and functionally, the POS from the
payments infrastructure, utilizing a peripheral device that is connected to the POS application to capture and process
payment card data. While appearing to be only a subtle difference, the application used to actually process
payments is truly on a separate device, which in actuality becomes a large difference.
Semi-integrated payment applications can be more secure and often prove easier to implement, are less costly, and
are more flexible. In a semi-integrated environment, the POS sends transaction data to the payment application via
middleware. It is then the payment application, not the POS, that creates the transaction and sends to the processor,
as well as receives the processor’s response (the approval or denial from the processor). The next step is to
communicate back to the POS. This entire process, managed by this separate software and hardware solution, not
directly connected to the POS, is a semi-integrated solution that takes the core POS system and related infrastructure
©Aurus, Inc. and Parachute CIO, LLC
out of scope for EMV certification and minimizes the PCI scope as well. Think of the payment card data bypassing
the POS, limited to the payment application and the process, never touching the POS, and no card data remains
within the retailer infrastructure.
Seamless Multi-Channel Retail
In today’s “Omni-Channel” world, the consumer is king. If they want to shop online, great. If they want to shop instore, also great. What if they want to do both? Great! Both channels on the same transaction however? Not
always so great…
Assuming the retailer is encrypting the payment card data at the point of swipe or EMV dip, and assuming the
retailer is tokenizing the payment card (both HUGE steps in securing consumer payments data!), does the retailers’
online and in-store worlds share the same encryption algorithm? Same tokenization algorithm? If either the
encryption or tokenization algorithms are unique, then the transaction with the consumer cannot be seamless.
Payment card re-presentment, at a minimum, is required for a second transaction, when the consumer shifts between
the online and in-store worlds.
Utilizing the same semi-integrated payments solution for both the online and in-store payments allows for a
consistent and seamless consumer shopping experience as the same token used online can be leveraged in-store (and
vice-versa). While best practices recommend validating the customer’s card and ID for buy online, pick-up in-store
orders, the payment card is not required to be re-presented for in-store, add-on sales (nor does those additional
purchases require a second transaction).
Key Points to consider when looking for a semi-integrated payment solution:
1.
2.
3.
4.
5.
6.
Hosted off-premise platform to reduce risk and increase manageability
P2PE certified solution to remove POS from PCI scope
Wide coverage of Processor and device certifications - this directly impacts flexibility of acceptance and
switching device and processing partners
Broad payment engineering teams to build quick go-to-market custom solutions
No transaction fees: hosted platforms should enable flat pricing with no add on fees
Single token for this competitive advantage, cross-channel strategy
Whitepaper Recap
A semi-integrated payments approach often proves the most secure and efficient solution for flexibility in payment
options, reduction in EMV and PCI scope, and seamless ability for consumer transactions. As retailers today look
for creative and innovative options for taking payments, they need to consider a semi-integrated payments solution.
The goal of seamless multi-channel purchases and multi-channel payments is within reach.
Authors:
Michael Lehman: Sr. Operations and Technology Executive
Parachute CIO LLC | [email protected] | +1.262.442.6899 | http://www.ParachuteCIO.com
Michael’s background is as a strategic and forward-thinking executive with broad exposure across all areas of
business, providing cutting-edge technology solutions that expand organizational capacity to accelerate growth in
highly competitive markets. His holistic approach to business, bridging the gap between technology and operations,
drives transformational change. Michael is highly skilled in driving innovation and securing buy-in to guide each
organization through technology infrastructure expansion and resolution of complex business problems.
©Aurus, Inc. and Parachute CIO, LLC
Parachute CIO LLC:
Parachute CIO offers the opportunity to leverage the skills and experience of a nationally recognized retail CIO to
develop strategies and move projects forward, without the friction and high price tag of a full-service consulting
firm. Parachute CIO brings project leadership experience to Develop Teams, Design Solutions, Manage Projects,
and Facilitate Strategic Directions.
Mustafa Shehabi: Chief Business Development Officer
Aurus, Inc. | [email protected] | +1.925.285.6265 | http://www.aurusinc.com
Mustafa's background is in business development, building sales channels and partnerships with a focus on electronic
payments and outsourced product development. Prior to Aurus, Mustafa co-founded PayCube which built custom
software for the acquiring industry using the global delivery model. Mustafa also led sales and marketing for ISTS, a
payments technology company focused on building frameworks based solutions for its customers, which was later
acquired by Clear2Pay/FIS. In his early career, Mustafa was involved in building a revolutionary two-tier distribution
channel for IT products in India.
Aurus, Inc:
AurusPay is a 5th generation, P2PE certified, semi-integrated EMV ready payments platform built for retail.
AurusPay drives true multi-channel payments innovation with its advanced state management, multi payment type,
multi-processor, multi device capabilities, across all retail channels and the ability to handle complex payments
workflows and provide a single cross channel token.
Aurus is a technology company focused on providing payments innovation for Tier 1 and 2 multi-channel retailers.
The company was founded in 2000 and is headquartered in Boston, MA with a development center in Pune, India.
Aurus has one of the largest payments engineering teams, processing approx. 150,000 retail lanes in 20 countries
across specialty retail, supermarkets, department stores and restaurant customers taking their POS out of PCI scope
and drastically reducing implementation and project timelines.
©Aurus, Inc. and Parachute CIO, LLC