(PRWeb UK) October 13, 2010
YESpay International Ltd, located in Toronto, Canada, the first fully managed outsourced E-commerce (Internet) and EMV chip and PIN card payment service in Canada and USA, is presenting the top 6 main reasons for merchants to choose its card payment solution.
Pre-accredited EMV card payment solution eliminating merchants involvement in EMV certification
YESpay’s EMBOSS card payment service is pre-accredited with multi-acquirers (Chase Paymentech and First Data Merchant Services with certifications in progress with Moneris, Global Payments and TD Bank in Canada and USA). By using EMBOSS, merchants can completely avoid Acquirer time-consuming and high EMV implementation and certification costs required by the card schemes which have mandated 31st March 2011 as the deadline to convert to EMV.
YESpay charges a single ‘Setup fee' per POS (typically $50-70). Besides, merchants benefit from low on-going ‘fixed monthly fee’ per POS system or e-commerce website (between $20-30) and NOT per click or individual transaction charge. Included in the fixed monthly fees are our payment service, support and Help desk (24 hours) and online web-based reporting from the EMBOSS data centers.
Unlike other solutions from our competitors, YESpay does NOT charge software licenses and maintenance fees and our price comparison analysis illustrate that merchants can save more than 50% in payment service provision by choosing YESpay!
PCI-DSS (Payment Card Industry – Data Security Standard) Level 1 certified
PCI-DSS is a security standard that includes requirements for security management, policies, procedures and software design. Every business (acquiring bank, merchant or third party service provider) accepting card payments and storing, processing or transmitting payment card details must be PCI-DSS certified. For merchants, the compliance process can be costly and very long as several security standards and requirements need to be followed. With YESpay, companies can save up to 65% on their compliance costs and benefit from a high quality service and 24/7 support services. Indeed, outsourcing the card payment side of your business to YESpay helps to:
1) Reduce the scope of PCI-DSS requirements undertaken by the merchant. In most cases, a PCI-DSS self-certification is sufficient with the help of YESpay’s outsourced payment service as the merchant is entirely insulated from any sensitive cardholder details.
2) Reduce costs related to PCI-DSS compliance. PCI-DSS is a set of ongoing requirements that are subject to frequent updates, and YESpay will constantly update its service to comply with PCI-DSS. Using YESpay, the merchant is no longer concerned by the risk that the work he undertook to comply with PCI-DSS might be out-of-date because YESpay is taking care of it.
PA-DSS (Payment Application – Data Security Standard) certified
PA-DSS is a program aiming at helping payment software vendors develop secure payment applications that do not store prohibited data (full magnetic stripe, CVV2 or PIN data) and ensure their POS (point-of-sale) applications support compliance with PA-DSS. PA-DSS certification is required for POS application vendors that handle payments that are sold, distributed or licensed to third parties.
Though YESpay does not need to undergo PA-DSS certification as we are PCI-DSS level-1 certified, we undertake certification of our client payment applications to PA-DSS in order to bring even more confidence to merchants and POS software vendors. Together, YESpay’s PCI-DSS Level 1 and PA-DSS certifications ensure that in all cases, the point-of-sale software is freed from PA-DSS certification.
Tokenization is a process whereby a ‘Token’ or card reference numbers are created by the EMBOSS Data Centre. These tokens are linked to credit/debit card details within EMBOSS compliant environment, and then provided to merchants.
The YESpay PCI-DSS certification authorizes YESpay to store credit/debit card details securely. Hence YESpay simplifies PCI-DSS as it stores card details in its data centers, on behalf of the merchant. YESpay allows the merchant indirect card information access with the creation of a ‘token’ linked to the card and passed on to the merchant.
YESpay offers two methods which are PCI-DSS certified and no storage of full card details is needed as YESpay handle card information.
1) One way function token (SHA-1 Hash): EasyVTerminal (YESpay EFT payment client) returns a SHA1 hash of card number with every transaction response by default. This hash value can be used to identify a card uniquely. As the hash values are unique and cannot be re-engineered to create the original card numbers. This method is useful to analyze Customer’s/Cardholder’s trends and spend patterns throughout stores. Besides, it can help detect card fraudulent behaviors as one token refers to one credit/debit card number and excessive spending/refunding with cards can be followed. By using SHA-Hash, merchants can also identify cardholders picking up tickets or goods at kiosk.
2) YESpay Proprietary token: Card tokens generated by YESpay enable recurring payments (such as subscription billing) and split/deferred payments. Later refund payments without storing card details are also possible.
Point-to-Point (End-to-End) encryption
YESpay’s also provides point-to-point (sometimes also referred to as "end-to-end") encryption from the card acceptance PIN pad devices all the way to its EMBOSS data centers.
Our EasyVTerminal Payment application (PA-DSS compliant) communicates with the PIN pad over an SSL (Secure Socket Layer 128–bit 3DES encryption) encrypted LAN. All cardholder data on LAN is encrypted using SSL at the merchant (retailer) location eliminating card data exposure. The EasyVTerminal also uses SSL to send all card data encrypted to its remote EMBOSS data centers. As a matter of security and certification, applications in the retailer network (EPOS or others) are not exposed to the transmission or storage of any card data.
Encryption is achieved from the PIN pad level all the way to the remote EMBOSS data centers via the EasyVTerminal. Our solutions also support EMV Online PIN encryption for countries using online PIN encryption such as Canada, USA and a number of European countries.
North American Operation:
YESpay International Limited,
Suite 406, 133 Richmond Street West, Toronto, Ontario, M5H 2L3, Canada
Tel: +1 416 214 6012 (ext. 505)
Cell: +1 647 984 3780
Contact: Ms Sophia DAHRI, Business Development and Marketing Manager (Canada)
sophia(dot)dahri(at)yes-pay(dot)com and sales(dot)ca(at)yes-pay(dot)com