Great questions.
What does out of scope mean for you as a Retailer?
The credit card processing is still integrated and so you are not talking about a separate machine like the old days. Different out of scope integrations will require different pieces of equipment. However all integrations essentially work as follows:
1. You process the sale as you normally would in RetailEdge.
2. Tell RetailEdge which payment method you are using and post the sale.
This is where things change a little. Prior to going out of scope of PA-DSS, RetailEdge would then ask you to swipe the card and would securely transmit the data to the processor, get the approval, and store the approval codes and credit card information (if this option is turned on) and then print the receipt, pop the drawer etc.
Now RetailEdge does not handle any credit card data. The burden of doing this and having a PA-DSS application to transmit the credit card information has been shifted to the processor. So when you post the sale, RetailEdge takes the amount of the sale and tells the processor's application or device to process the sale. The processors application then asks for the credit card information (swipe or hand keyed) and then gets the approval and then passes back to RetailEdge whether or not the transaction was approved and a token so that RetailEdge can void the sale at a later date. No credit card data is handled by RetailEdge. RetailEdge then prints the receipt and pops the drawer normally.
The way the processor handles the transaction is different depending on the integration.
In the case of the Mercury integration, we pass the sale total to a device called the MagTek IPAD (no relation to the Apple iPad). This device has a magnetic strip reader and a signature capture screen and stylus and keypad. The device sends the amount to the screen of the device, the customer says Ok and swipes their card and it is a Debit card enters their PIN, and an approval is received and the sale in RetailEdge is processed.
The beauty of this is this new method is that the device handles the transmitting of the credit card data and so it removes this function from the computer, encryption takes place within the read head as the card is swiped eliminating the chance of intercepting clear text data. You can see what the device looks like at the following link
http://www.magtek.com/V2/products/pin-e ... pad-sc.asp
It USB device and easy to install. You should contact Mercury about obtaining this device.
If you have more questions let us know.
wildman wrote:What exactly does this Out of Scope mean to us as a retailer? Does this mean we have to purchase some new terminal and now will have to swipe and enter the sales amount the card like we had to do years ago? This will increase cost due to having to buy paper for the credit card receipts as well. Or is there new technology that we swipe the card as we always have and it is processed in the background all through our payment screen? Is there any changes that we will have to make in our systems, or our Mercury settings?