We’ve been speaking with our customers daily to help them navigate through this uncharted territory. There are a few questions that are at the top of the list of many of our merchants so we thought we would compile them in a single resource for everyone to use – regardless of whether you are a Wind River Financial customer or not.
The plan is to update this list regularly. So please check back periodically for new information. If there is a question you have that is not on this list, please feel free to contact us directly.
Encrypted keypads are a hardware-based approach to achieve point-to-point encryption for your transactions. Once the keypad is plugged into your computer and credit cards are either swiped or key entered into it, the encrypted keypad encrypts the data immediately before it hits the computer to which it’s connected (and where malicious software could be waiting to steal it). The decryption key that is required to unlock the data is only located at the credit card gateway outside of the merchant’s computer network. So even if a breach were to occur at the merchant level, only encrypted credit card data would be found, and it would take decades to unencrypt it.
Simply put, using an encrypted keypad is the most secure way to process a credit card transaction.
Simply entering credit card numbers directly into your point of sale systems and/or countertop terminals may result in higher fees. Below are some best practices to help you process card-not-present transactions as cost efficiently as possible.
For more information, you can read our recent blog, which provides tips for processing card not present transactions more cost-effectively.
The answer depends on how you’re processing remotely.
If you are using a Wind River Financial encrypted keypad to process remotely, the level of security it provides could actually reduce PCI scope versus how you were processing onsite.
If you are not using an encrypted keypad and instead keying credit cards numbers into a personal computer, you’re likely pulling the computer into PCI scope. And, the computer you are using may not have been assessed against the hundreds of PCI requirements.
Although it is a temporary situation, processing in this manner is likely pulling your business out of PCI compliance and could be exposing you to risk.
Here are some questions to consider before continuing to key credit card numbers into a personal computer:
These are some key best practices that can help reduce risk and mitigate malware on a personal computer.
There are two primary options available for setting up online payments.
This option enables a host of capabilities for online purchasing through your website. This option enables you to connect with your menu or your inventory system – in real time, if you’d like.
Here are the steps for getting set up with advanced online payments:
Step 1: Contact your web developer to discuss what you’re looking to accomplish. Your developer will recommend a shopping cart for your use.
Note: If you do not have a web developer, contact us, and we can make a recommendation for you.
Step 2: Contact your payment processor who will recommend the optimal gateway to connect with the shopping cart identified by your web developer. Please note, it is best to work with your payment processor on this step as often there are pre-integrated gateways that will make connecting with your shopping cart friction-less. Your payment processor will identify those opportunities for you.
If you are enabling B2B payments only, you may be able to bypass this step and proceed directly to your payment processor.
Step 3: Your payment processor will set-up your gateway and account hierarchy and make sure everything is prepared for your web developer to implement.
Step 4: The process returns to your web developer, who will get your online payment capabilities into production.
This option is ideal for a rapid implementation of basic online payment acceptance. While it is not linked into your inventory system, you would have the ability to display some products for purchase. You also would have the ability to accept invoice payments through your website. Working with a web developer may not be necessary for this option, but you will want to check that with your payment processor
Contact us, we’ll ask you a few questions, and help you decide which option is best for your business.
The answer is “yes, you can” but we strongly advise against it. iProcess is specifically designed for card present transactions. Using it for card not present means you have card data stored in your phone/app memory, which is a security risk that you don’t want for your customers or your business. Also card not present transactions via iProcess may downgrade, which results in a higher fee.