For those vendors looking to have their payment application listed on the Council’s “List of Validated Payment Applications”, you will see there are several different categories of a payment application.  Some might be defined as a “Payment Middleware” or “POS Admin” or “POS Suite”.  So how do you even begin to understand the difference amongst these different categories?

Great news! The Council has defined each category as follows:

POS Suite/General

Point of sale software which can be used by merchants for numerous payment channels, including face-to-face, mail-order/telephone order (MOTO, including call centers), Interactive Voice Response (IVR), Web (for manually entered e-commerce, MOTO, etc, transactions), and EFT/check authentication.

Payment Middleware

Payment software that facilitates transmission and/or processing of payment authorization and settlement from merchant POS to other merchant systems or to processors.

Payment Gateway/ Switch

Payment software sold or distributed to third parties to facilitate transmission and/or processing of payment authorization and settlement between merchant systems and processors.

Payment Back Office

Software that allows payment data to be used in “back office” locations, for example, for fraud reporting, marketing, hotel property management, or managing and reporting revenue. While these applications may not be part of authorization and settlement, often they are bundled with payment applications as software suites, and can be, but are not required to be, validated as part of a PA-DSS assessment.

POS Admin

Software that administers or manages POS applications.

POS Specialized

Point of sale software which can be used by merchants for specialized transmission methods, such as Bluetooth, Category 1 or 2 mobile, VOIP, etc.

POS Kiosk

Point of sale software for payment card transactions that occur in attended or unattended kiosks, for example, in parking lots.

POS Face-to-Face/POI

Point of sale software used by merchants solely for face-to-face or Point of Interaction (POI) payment card transactions. These applications may include middleware, front office or back office software, store management software, etc.

Shopping Cart & Store Front

Payment software for e-commerce merchants, where the consumer selects purchases from the Store Front and enters cardholder data in the Shopping Cart, and the Shopping Cart transmits and processes that cardholder data for authorization and settlement. This is different from the “Web” mentioned under POS Suite, where the merchant manually enters the data in a “virtual” POS for authorization and settlement.

Card-Not-Present

Payment software that is used by merchants to facilitate transmission and/or processing of payment authorization and/or settlement in card not present channels

Automated Fuel Dispenser

Payment software that provides operation and management of point of sale transactions, including processing and/or accounting functions in fuel dispensing environments

Payment Module

Payment software that operates as a component of a broader application environment upon which it is dependent to operate.  Such software must have distinguishable configuration identifiers that are easily discernible from the broader application environment.

Shelina Samji, PCI QSA, PA-QSA
Senior Consultant, PCI Compliance Services

 

Payment Reasonable Security