Estate Management

Payment

PaymentsEnactor’s payment handling solution is designed for stores, mobile devices and websites. It can be hosted by a retailer or a third party, offers full offline capability, and clients retain choice over the acquirers they use.

Protected payment module

One of the main advantages of Enactor’s card handling and PCI solution is that it separates the application from payment handling. This means that applications using it, such as Enactor POS, become out of scope for PA-DSS approvals and so new releases of the POS can be made without requiring PCI or bank re-approval.

Mobile payment options

Our PCI-DSS approved payment system allows Enactor to quickly take advantage of new hardware because we are not dependent on third party providers. Enactor supports chip and PIN readers and wireless PED pads attached directly to the back of tablets, or small form factor devices such as sledges. iPod Touch based mobile POS and payment devices can also be utilised.

Operation

Enactor payment software supports different deployments. In token-based operation a local token store operates offline so that payments at the POS can still be taken even if there is WAN or LAN failure. Tokens and encrypted PANs are automatically sent up to at least two central token servers when the networks recover.

PCI-DSS

The token store, card submission and card authorisation servers are within scope of PCI-DSS but only the protected payment module (code that handles sensitive data) is in scope of PA-DSS. This has the added benefit of removing all store devices and software from requiring PCI-DSS approval and makes application upgrades much easier. The servers can be hosted in a protected area under PCI-DSS standards, or the hosting of these systems can be outsourced to a third party. We would still advise though that the discipline associated with maintaining PCI-DSS is good practice.

Point-to-point encryption (P2PE)

As well as token operation Enactor supports point-to-point encryption direct from chip and PIN (PED) devices to servers according to P2PE standards. In this mode of operation all sensitive card data is encrypted on the PED device and remains encrypted through the communications chain up to a PCI and P2PE approved host. The management and transmission of encryption keys becomes one of the main concerns of the payment handling software and in Enactor this is done to P2PE standards using master, transport and transaction keys.