Accepting face-to-face card payments from your customers requires special equipment. Depending on where in the world you are located, equipment used to take payments is called by different names. Here are the types we reference in this document and what they are commonly called.
A PAYMENT TERMINAL is the device used to take customer card payments via swipe, dip, insert, tap, or manual entry of the card number. Point-of-sale (or POS) terminal, credit card machine, PDQ terminal, or EMV/chip-enabled terminal are also names used to describe these devices.
An ELECTRONIC CASH REGISTER (or till; may also be known as POS System) registers and calculates transactions, and may print out receipts, but it does not accept customer card payments.
An INTEGRATED PAYMENT TERMINAL is a payment terminal and electronic cash register in one, meaning it takes payments, registers and calculates transactions, and prints receipts.
A MERCHANT BANK is a bank or financial institution that processes credit and/or debit card payments on behalf of merchants. Acquirer, acquiring bank, and card or payment processor are also terms for this entity.
ENCRYPTION (or cryptography) makes card data unreadable to people without special information (called a key). Cryptography can be used on stored data and data transmitted over a network. Payment terminals that are part of a PCI-listed P2PE solution provide merchants the best assurance about the quality of the encryption. With a PCI- listed P2PE solution, card data is always entered directly into a PCI-approved payment terminal with something called “secure reading and exchange of data (SRED)” enabled. This approach minimizes risk to clear-text card data and protects merchants against payment-terminal exploits such as “memory scraping” malware. Any encryption that is not done within a PCI-listed P2PE should be discussed with your vendor.
A PAYMENT SYSTEM includes the entire process for accepting card payments. Also called the cardholder data environment (CDE), your payment system may include a payment terminal, an electronic cash register, other devices or systems connected to a payment terminal (for example, Wi-Fi for connectivity or a PC used for inventory), and the connections out to a merchant bank. It is important to use only secure payment terminals and solutions to support your payment system.
When you sell products or services online, you are classified as a e-commerce merchant. Here are some common terms you may see or hear and what they mean.
An E-COMMERCE WEBSITE houses and presents your business website and shopping pages to your customers. The website may be hosted and managed by you or by a third party hosting provider.
Your SHOPPING PAGES are the web pages that show your product or services to your customers, allowing them to browse and select their purchase, and provide you with their personal and delivery details. No payment card data is requested or captured on these pages.
Your PAYMENT PAGE is the web page or form used to collect your customer’s payment card data after they have decided to purchase your product or services. Handling of card data may be 1) managed exclusively by the merchant using a shopping cart or payment application, 2) partially managed by the merchant with the support of a third party using a variety of methods, or 3) wholly outsourced to a third party. Most times, using a wholly outsourced third party is your the safest option – and it is important to make sure they are a PCI DSS validated third party.
An E-COMMERCE PAYMENT SYSTEM encompasses the entire process for a customer to select products or services and for the e-commerce merchant to accept card payments, including a website with shopping pages and a payment page or form, other connected devices or systems (for example Wi-Fi or a PC used for inventory), and connections to the merchant bank (also called a payment service provider or payment gateway). Depending on the merchant’s e-commerce payment scenario, an e-commerce payment system is either wholly outsourced to a third party, partially managed by the merchant with support from a third party, or managed exclusively by the merchant.
When you sell petroleum & fuel, you are classified as a petroleum merchant. Here are some common terms you may see or hear and what they mean.Accepting face-to-face card payments from your customers requires special equipment. Depending on where in the world you are located, equipment used to take payments is called by different names. Here are the types we reference in this document and what they are commonly called.
A PETROLEUM SYSTEM encompasses the entire process for a consumer to purchase petroleum either outside at an unattended Fuel Island or inside at a POS Terminal.
An ELECTRONIC PAYMENT SERVER (EPS) (may also be part of the Site Controller) is a software payment application, usually present in a semi-integrated system, that gives point-of-sale (POS) systems a way to perform payment transactions in a standard way, independent of the payment networks providing authorization. The EPS separates payment from the POS system or outdoor sales processor (OSP). The EPS manages payment requests from the POS systems and OSP, card data acquisition from the EMV terminals, and payment authorizations for all POS systems and the OSP. Generally, all payment business logic is implemented within the EPS with the POS, OSP, and EMV terminals being relatively “dumb” devices programmed to implement only the interface to/from the EPS.
A FUEL SITE CONTROLLER is a software application designed to interface with the various forecourt devices of a fuel station, but primarily the fuel dispensers. The fuel site controller handles both physical and logical device control. Typically, it controls the device states, makes sure unauthorized state changes are prevented, and ensures processes follow regulations and specifications.
A FUEL ISLAND is the area of a convenience and retail fuel site where fuel dispensers are physically located. Generally, the fuel island is part of the site’s forecourt. The fuel island can be either manned or unmanned. Unmanned fuel islands are often described as self-service.
A MANAGED NETWORK SERVICE PROVIDER (MNSP) is a service provider who administers site level network connectivity, failover, on premise network device configurations, remote connectivity such as VPN, and/or network security features. The MNSP is responsible for maintaining the controls that protect network devices from misconfiguration, including insecure configuration. These providers generally have remote access to a site’s network, and thus a compromise of a MNSP system could lead to a compromise of the cardholder data environment.
A BACK OFFICE PC is a dedicated personal computer used to manage nonconsumer business operations for a convenience and retail fuel site. The back office system supports daily operational activities such as inventory management, price book, product supply, fuel management, site-level accounting, and daily reporting and journaling.
The FORECOURT is the area where fuel dispensers are present and accessible to consumers wishing to refuel their vehicle. It is the area outside the salesroom or the convenience store of a fuel station where consumers park their vehicles while dispensing fuel.