New RDP PCI Compliant Credit Card Interface Subscription

8/1/2016

RDP software utilizes several credit card gateways to process credit card authorizations, deposits, payments, refunds and other transactions.

Credit Card Interface

Credit card gateways are used with RDPWin, Internet Booking Engine (IRM.Net), Mobile IRM for SmartPhone and Tablets, and various Global Distribution Interfaces.

RDP software has been certified by Trustwave to be fully PCI (Payment Card Industry) Compliant when using one of our new credit card interfaces from Shift4 or Tenerum.    See Certification Letter.    Customers using RDP’s legacy credit card interfaces from Vacation Rent Payments (VRP) and Southern Data Comm (SDC/Protobase) must convert to the new RDP credit card interface ASAP or face large fines for non-PCI compliance.   Please read this article carefully for details.

Critical Customer Action Items to Avoid PCI Non-Compliance Fines

Credit Card Action Item

Information
VRP (Vacation Rent Payments) not Supported After 8/1/2016 RDP has a legacy credit card interface to Vacation Rent Payments (VRP).  This interface is no longer supported by RDP due to limitations in VRP’s implementation of the new PCI and EMV rules.  Any customer using VRP is potentially subject to large fines and penalties and should convert to the new RDP credit card interface described below ASAP.    If customers continue to use VRP, RDP cannot provide support on this interface.
Protobase (Southern DataComm/SDC) not Supported after 9/30/2016 RDP has a legacy credit card interface to Protobase from Southern DataComm (SDC), which is now owned by Elavon.  Elavon has announced they will not support this software after 9/30/2016.  Therefore the RDP-SDC interface is no longer supported by RDP after 9/30/2016.   All customers using SDC/Protobase must convert to the new RDP credit card interface by 9/30/2016 or you will not be able to process credit card transactions at all.

RDP Credit Card Interface Subscription Required

The very complex new PCI/EMV requirements forced RDP to replace our legacy credit card gateways to VRP and SDC with two new gateways for customers to choose from.  In addition, RDP now offers reduced credit card processing fees with our preferred processor, Chosen Payments.   The new RDP interface is licensed to customers on a yearly subscription basis which includes:

Credit Card Action Item

Information
No Software Purchase Price With a subscription model, the Credit Card interface module is no longer purchased from RDP.  Instead, the interface is licensed for a monthly fee, which significantly reduces the up front costs.
Support Included Support of the new credit card interface is included with the subscription.  This includes support from RDP, the gateway company, and our preferred credit card processor.
RDPWin Version 4 Customers must upgrade to RDPWin version 4 to use the new credit card interface.  In addition to full PCI compliance, RDPWin also includes many new features, such as the ability to have more than one credit card for each reservation.
All Features All features described in this document are included with the RDP Credit Card Interface subscription.
Updates Updates are included in the subscription.  There are many additional PCI requirements coming in the  future.  As part of the subscription RDP will incorporate these changes at no additional charge. You will never have to purchase another credit card interface module from RDP, even as we implement complex future PCI requirements.
Eliminate Protobase Fees For existing RDP customers, Elavon/Protobase fees for a yearly support, high speed acces no longer have to be paid.
Subscription Cost The monthly subscription fee for the new RDP Credit Card Interface varies based on the customer transaction volume and other factors.  The subscription fee is billed once a year.
SaaS Hosted & Tokens In the past using RDP’s interface to Protobase, the credit card data, such as the card number, were stored in an encrypted form in the RDP database and the Protobase software installed at the customer site.   With the new RDP interface, the credit card data is stored remotely on the gateway company’s servers, providing much greater security and breach protection for the customer.  The RDP system only stores a token, which contains no credit card information.

Reduced Fees with RDP Preferred Processor – Chosen Payments/First Data

RDP customers process over ten million credit card transactions a year.  RDP has negotiated with Chosen Payments, a representative of First Data, to leverage this volume and offer RDP customers lower credit card processing rates.  While any processor can be used that is supported by the gateway company, it is suggested to get a quote from RDP’s sales department to evaluate the savings available.  Customers savings are usually measured in thousands of dollars per year.  In addition to potentially saving RDP customers a significant amount of credit card fees, RDP has developed a close relationship with Chosen Payments which allows RDP to provide faster and better overall support than with a credit card vendors for which there is no relationship.

Liability Shift in October, 2015

One of the major PCI changes is a liability shift from the credit card company to the RDP customer for fraudulent transactions.  For each fraudulent incident, fault will be determined, and the liability will fall on whichever party has the lesser PCI compliance.  For example, currently if a guest uses a stolen credit card, it is usually the credit card company or processor that pays, not the RDP customer.  After October 2015, if the RDP customer has not implemented the new RDP Credit Card Interface, the liability will move to the RDP customer.  This liability can potentially include all purchases made with credit card information stolen from your company. The following industry articles provide more information on this topic.

Credit Card Interface Transactions

The RDP Credit Card Interface supports a wide range of transactions, including:

  • Advance deposits, using either RDPWin or the Internet Reservation Module
  • Additional deposits
  • Transfer of advance deposits to in-house guest ledger
  • Authorization at check-in
  • Set guest credit limit to authorization amount
  • Additional guest authorizations
  • Payments on in-house guests linked to prior authorized amounts to release credit to guest
  • Payment and credits to guests after checkout
  • Payments from owners
  • Supports new EMV devices (chip cards)

New Credit Card Devices Required for all Customers

In order to provide point-to-point encryption (PtoPE), all credit card information must be entered using a separate device, not the keyboard.  There are two phases of the rollout of these new credit card devices:

  1. To convert to RDPWin version 4, all locations that accept a credit card must have an IDTECH SREDKey device.  These devices can scan magnetic stripe credit cards or allow manual input of the credit card information.  At locations where the physical card is not present, such as accounting or reservations, the SREDKey device can be used today and into future.
  2. At card present locations, such as a front desk, an EMV ready device that is capable of reading the new chip embedded credit cards is required.  One such device is the ISC250 pictured below.  These devices must be installed with software from both the Gateway and your processor to function.  Many processors do not have EMV devices available yet, so the SREDKey device can be purchased now from RDP and then changed to EMV devices when available from the processor.

IDTECH SREDKey – Purchase from RDP

IDTECH SREDKey Specifications:

  • Cost $220 plus tax (UPS Ground Shipping Included).
  • Allow 4-6 weeks or more for availability.
  • Must order from RDP to guarantee the devices have the correct firmware injected.
  • Call Rita Gale at 970-845-1143  to order.
  • Connects via USB Cable to workstation.
  • Powered by USB Cable – no separate electric outlet needed.
  • Cannot be used with new chip cards so best to use at card not present locations.
  • Ensures Secure Reading and Exchange of Data (SRED) to protect the cardholder data at the point of acceptance. The SREDKey meets PCI certifications with its encrypted magnetic stripe reader and secure data entry process for protection of non-PIN cardholder data.
    SRedKey2

INGENICO ISC250

The Ingenico ISC250 device shown below is capable of reading the new chip credit cards and pin debit cards.  The use of the ISC250 will reduce the liability in case of credit card fraud.

ICS250

Use the Deposit Bank of Your Choice

With the new RDP Credit Card Interface, any bank can be used for payment deposits.

Multiple Credit Cards Allowed for One Guest

RDPWin version 4 and the new RDP Credit Card Interface allow for multiple credit cards for each guest.  This feature can also be used to process one-time credit cards from Expedia and other on-line travel agents (OTA’s).

Internet Reservation Module (IRM.Net) and Mobile IRM for SmartPhone and Tablets

The new RDP Credit Card Interface can be used with the RDPWin product and also with the Internet Booking Engine (IRM.Net) and the Mobile IRM for SmartPhone and Tablets.

Credit Cards and Owners or Members

For customers using RDP’s Vacation Rental System, Condo-Hotel System, or Timeshare/Fractional System, owners or members can pay annual fees and settle statements using the new RDP Credit Card interface over the Internet.  The tokenized credit card can be stored and reused.

For more information on credit card processing, contact Rita Gale at RitaG@Resortdata.com or 970-845-1143      .

About Us

Resort Data Processing (RDP) is a Property Manage Software company founded in 1981 and headquartered in Vail, CO. Our objective is to provide more powerful software for clients who have outgrown their current system.

Contact RDP