For those vendors looking to have their payment application listed on the Council’s “List of Validated Payment Applications”, you will see there are several different categories of a payment application. Some might be defined as a “Payment Middleware” or “POS Admin” or “POS Suite”. So how do you even begin to understand the difference amongst these different categories?
Great news! The Council has defined each category as follows:
Point of sale software which can be used by merchants for numerous payment channels, including face-to-face, mail-order/telephone order (MOTO, including call centers), Interactive Voice Response (IVR), Web (for manually entered e-commerce, MOTO, etc, transactions), and EFT/check authentication.
Payment software that facilitates transmission and/or processing of payment authorization and settlement from merchant POS to other merchant systems or to processors.
Payment Gateway/ Switch
Payment software sold or distributed to third parties to facilitate transmission and/or processing of payment authorization and settlement between merchant systems and processors.
Payment Back Office
Software that allows payment data to be used in “back office” locations, for example, for fraud reporting, marketing, hotel property management, or managing and reporting revenue. While these applications may not be part of authorization and settlement, often they are bundled with payment applications as software suites, and can be, but are not required to be, validated as part of a PA-DSS assessment.
Software that administers or manages POS applications.
Point of sale software which can be used by merchants for specialized transmission methods, such as Bluetooth, Category 1 or 2 mobile, VOIP, etc.
Point of sale software for payment card transactions that occur in attended or unattended kiosks, for example, in parking lots.
Point of sale software used by merchants solely for face-to-face or Point of Interaction (POI) payment card transactions. These applications may include middleware, front office or back office software, store management software, etc.
Shopping Cart & Store Front
Payment software for e-commerce merchants, where the consumer selects purchases from the Store Front and enters cardholder data in the Shopping Cart, and the Shopping Cart transmits and processes that cardholder data for authorization and settlement. This is different from the “Web” mentioned under POS Suite, where the merchant manually enters the data in a “virtual” POS for authorization and settlement.
Payment software that is used by merchants to facilitate transmission and/or processing of payment authorization and/or settlement in card not present channels
Automated Fuel Dispenser
Payment software that provides operation and management of point of sale transactions, including processing and/or accounting functions in fuel dispensing environments
Payment software that operates as a component of a broader application environment upon which it is dependent to operate. Such software must have distinguishable configuration identifiers that are easily discernible from the broader application environment.
Shelina Samji, PCI QSA, PA-QSA
Senior Consultant, PCI Compliance Services