VeriFone PAYware Connect™

VeriFone PAYware Connect describes a gateway or portal used as an intermediary between your company and a card processor your company has selected. In the United States, this is the current option for card processing for use with the application and is PCI DSS compliant. Verifone Point, VeriFone Systems, and PAYware Connect are not your processor. VeriFone PAYware Connect acts as the intermediary between you and your selected processor. Examples of some commonly used processors are TSYS®, Chase Paymentech, and WorldPay® (RBS). In most cases, the VeriFone PAYware Connect interface and devices (pads) are purchased and licensed through the NMA™ (National Merchant Alliance). For information regarding Signature Pad use and setup, please see the topic Hardware & Peripherals and sub-topic VeriFone. Topics in this section pertain to card processing and advanced features.

Merchant Console

This topic covers administration for bank card processing managed using the PAYware Connect Merchant Console.

Parameters

This topic discusses some of the parameters support uses for enabling VeriFone PAYware Connect. It is provided to explain some of the options available; however, only support personnel can view and make changes to these settings.

Device Key Authentication

Device Key Authentication provides an added level of security for card processing when used with VeriFone pads. This is either required or strongly recommended when using some of the advanced features such as tokenization and purchase level II data. This is already used if you are using Verifone Point.

Card Contracts (Tokenization)

This feature allows your company to link a customer's card information with their account. No card information is maintained with your data, but a "token" is associated with the account which is linked to a contract you would set up via the PAYware Connect merchant console.

Purchase Level II Data

Purchase Level II Data sends additional data when processing card transactions. Processors may charge less per transaction when this information is included. It’s important to make sure we have certified with your processor before enabling this feature. Currently, only TSYS and Chase Paymentech are certified for Purchase Level II Data transmission. WorldPay can be used with any features except Purchase Level II Data at this time.

Purchase Level II Data is automatically included when using Verifone Point and there is no limitation on processors.

Manual Card Entry

This topic discusses a feature which provides the ability to prompt the customer to enter their card information on the pad device. This is preferred and more secure than having a sales clerk or other store personnel handle the customer's card.

Crediting a Card During a Return

With Verifone Point as well as later versions of the VeriFone SIM (see below), you are able to process a return to a customer's card without the card being present. This is done by using a transaction identifier associated with the original sale. An original sale invoice must be selected during Point of Sale processing for this to be available.

VeriShield Total Protect

This refers to a product of VeriFone, Inc. that adds an additional level of protection to your card data as processed via pad devices. This feature encrypts the card data at the pad and it remains encrypted throughout its journey through your system greatly reducing the possibility that the card data can be compromised. This feature is something that each pad device must be configured for individually.

This feature is

PAYware Connect provides a web-based portal used for card processing along with VeriFone devices. When devices connect to the gateway, they must authenticate using either of two (2) methods: user name/password (Merchant Authentication) or device key (Device Level/Key Authentication). Either type of authentication is possible using the latest version of the VeriFone SIM (2_0_4_7 or later). We re-validated with VeriFone with Device Key Authentication enabled. Device Key Authentication is the authentication model recommended by VeriFone and may be required for some features in the future. We suggest this as the first step in using the latest version.

“SIM” refers to the software (DLL) that VeriFone devices and the software use for communication with the on-line gateway/portal. Your application installs various versions of the SIM application automatically, and your company can select which version it chooses to use at either the system or device level. Versions are a series, or sets, of integers separated by either the underscore or period depending upon how/where the version is viewed. Higher values from left-to-right indicate a more recent version. The minimum SIM version we now support is 2_0_4_3. Unless your processor is TSYS®, Chase Paymentech™, or WorldPay® (RBS), you should use the minimum version since advanced features in some of the later versions may or may not work.

VeriFone_Device_Settings

Newer versions often have fixes for issues in previous versions, so we typically suggest using the most recent (latest) version available. Versions can be set at device level, or if the device is set to use “system default,” system-wide instead. Only support personnel can modify the system-wide “default” setting. If the devices are set to use the default and no default has been set, the lowest version is used. We don’t remove lower versions so that any existing devices assigned to that level remain operational. Companies (users) should periodically check for newer version especially if any issues are present.

A Note Regarding Security

This release of VeriFone SIM includes the ability to use VeriFone VeriShield Total Protect™ which offers card data encryption from the pad throughout your system all the way to the VeriFone servers. With this in mind we have included the ability to manually enter credit card numbers on the pad when processing a phone order or a card with a bad magnetic stripe. Having all card transactions to go through VeriFone pads with VeriShield turned on is the strongest protection we offer for your card data. Card Numbers manually entered on the process form are not encrypted for the duration of the transaction. We have not disabled the manual entry of card numbers through the process forms at Point of Sale although we may offer that as an option in a future release to couple it with VeriShield Total Protect.

VeriFone SIM Version Changes

Whenever a new version of the VeriFone SIM is released, it’s smart to transition with some degree of caution. Make changes on a single pad first and use it for a while (at least one business day) before changing all of your pads’ settings. If a new version introduces an issue, having other pads available on a known working version will be a benefit. It’s better to have an issue on one pad rather than all pads at the same time.

We do testing with each new VeriFone SIM version before we include that version with a software release; however, testing is limited in scope and not comparable to a live environment. In addition, your environment (server, clients, installed software, network settings, etc.) can sometimes affect the function of software in unexpected and unforeseeable ways. No degree of testing can reasonably consider the entire multitude of potential factors. The VeriFone SIM software is not our product, so when issues are identified, we generally must rely on VeriFone to correct the issue in later versions.

Purchase Level II Data changes the data structure sent when processing card transactions, so it’s especially important to make sure we have certified with your processor before enabling this feature. Currently, only TSYS and Chase Paymentech are certified for Purchase Level II Data transmission. WorldPay can be used with any features except Purchase Level II Data at this time.