RDP software has been certified by Trustwave to be fully PCI (Payment Card Industry) Compliant when using one of our new credit card interfaces from Shift4 or Tenerum. See Certification Letter. Customers using RDP’s legacy credit card interfaces from Vacation Rent Payments (VRP) and Southern Data Comm (SDC/Protobase) must convert to the new RDP credit card interface ASAP or face large fines for non-PCI compliance. Please read this article carefully for details.
Critical Customer Action Items to Avoid PCI Non-Compliance Fines
Credit Card Action Item
VRP (Vacation Rent Payments) not Supported After 8/1/2016
RDP has a legacy credit card interface to Vacation Rent Payments (VRP). This interface is no longer supported by RDP due to limitations in VRP’s implementation of the new PCI and EMV rules. Any customer using VRP is potentially subject to large fines and penalties and should convert to the new RDP credit card interface described below ASAP. If customers continue to use VRP, RDP cannot provide support on this interface.
Protobase (Southern DataComm/SDC) not Supported after 9/30/2016
RDP has a legacy credit card interface to Protobase from Southern DataComm (SDC), which is now owned by Elavon. Elavon has announced they will not support this software after 9/30/2016. Therefore the RDP-SDC interface is no longer supported by RDP after 9/30/2016. All customers using SDC/Protobase must convert to the new RDP credit card interface by 9/30/2016 or you will not be able to process credit card transactions at all.
RDP Credit Card Interface Subscription Required
The very complex new PCI/EMV requirements forced RDP to replace our legacy credit card gateways to VRP and SDC with two new gateways for customers to choose from. In addition, RDP now offers reduced credit card processing fees with our preferred processor, Chosen Payments. The new RDP interface is licensed to customers on a yearly subscription basis which includes:
Credit Card Action Item
No Software Purchase Price
With a subscription model, the Credit Card interface module is no longer purchased from RDP. Instead, the interface is licensed for a monthly fee, which significantly reduces the up front costs.
Support of the new credit card interface is included with the subscription. This includes support from RDP, the gateway company, and our preferred credit card processor.
RDPWin Version 4
Customers must upgrade to RDPWin version 4 to use the new credit card interface. In addition to full PCI compliance, RDPWin also includes many new features, such as the ability to have more than one credit card for each reservation.
All features described in this document are included with the RDP Credit Card Interface subscription.
Updates are included in the subscription. There are many additional PCI requirements coming in the future. As part of the subscription RDP will incorporate these changes at no additional charge. You will never have to purchase another credit card interface module from RDP, even as we implement complex future PCI requirements.
Eliminate Protobase Fees
For existing RDP customers, Elavon/Protobase fees for a yearly support, high speed acces no longer have to be paid.
The monthly subscription fee for the new RDP Credit Card Interface starts at $1,200 per year. The subscription fee is billed once a year.
SaaS Hosted & Tokens
In the past using RDP’s interface to Protobase, the credit card data, such as the card number, were stored in an encrypted form in the RDP database and the Protobase software installed at the customer site. With the new RDP interface, the credit card data is stored remotely on the gateway company’s servers, providing much greater security and breach protection for the customer. The RDP system only stores a token, which contains no credit card information.
Reduced Fees with RDP Preferred Processor – Chosen Payments
RDP customers process over ten million credit card transactions a year. RDP has negotiated with Chosen Payments to leverage this volume and offer RDP customers lower credit card processing rates. While any processor can be used that is supported by the gateway company, it is suggested to get a quote from RDP’s sales department to evaluate the savings available. Customers savings are usually measured in thousands of dollars per year. In addition to potentially saving RDP customers a significant amount of credit card fees, RDP has developed a close relationship with Chosen Payments which allows RDP to provide faster and better overall support than with a credit card vendors for which there is no relationship.
Alleviate Gateway and Transaction fees – Shift4 Payments
RDP has a second credit card processing option available to our customers, Called Shift4 Payments. With a merchant processing contract, Shift4 Payments will match or improve your current processing fees and alleviate monthly gateway transaction and setup fees. In addition, they will provide EMV devices for your card-present locations. See www.shift4.com for more details.
One of the major PCI changes is a liability shift from the credit card company to the RDP customer for fraudulent transactions. For each fraudulent incident, fault will be determined, and the liability will fall on whichever party has the lesser PCI compliance. For example, currently if a guest uses a stolen credit card, it is usually the credit card company or processor that pays, not the RDP customer. After October 2015, if the RDP customer has not implemented the new RDP Credit Card Interface, the liability will move to the RDP customer. This liability can potentially include all purchases made with credit card information stolen from your company. The following industry articles provide more information on this topic.
The RDP Credit Card Interface supports a wide range of transactions, including:
Advance deposits, using either RDPWin or the Internet Reservation Module
Transfer of advance deposits to in-house guest ledger
Authorization at check-in
Set guest credit limit to authorization amount
Additional guest authorizations
Payments on in-house guests linked to prior authorized amounts to release credit to guest
Payment and credits to guests after checkout
Payments from owners
Supports new EMV devices (chip cards)
New Credit Card Devices Required for all Customers
In order to provide point-to-point encryption (P2PE), all credit card information must be entered using a separate device, not the keyboard. There are two phases of the rollout of these new credit card devices:
To convert to RDPWin version 4, all locations that accept a credit card must have an IDTECH SREDKey device. These devices can scan magnetic stripe credit cards or allow manual input of the credit card information. At locations where the physical card is not present, such as accounting or reservations, the SREDKey device can be used today and into future.
At card present locations, such as a front desk, an EMV ready device that is capable of reading the new chip embedded credit cards is required. One such device is the iSC250 pictured below. These devices must be installed with software from both the Gateway and your processor to function.
Must order from RDP to guarantee the devices have the correct firmware injected.
Call Camille Fowler at 970-845-1144 to order.
Connects via USB Cable to workstation.
Powered by USB Cable – no separate electric outlet needed.
Cannot be used with new chip cards so best to use at card not present locations.
Ensures Secure Reading and Exchange of Data (SRED) to protect the cardholder data at the point of acceptance. The SREDKey meets PCI certifications with its encrypted magnetic stripe reader and secure data entry process for protection of non-PIN cardholder data.
The Ingenico iSC250 device shown below is capable of reading the new chip credit cards and pin debit cards. The use of the iSC250 will reduce the liability in case of credit card fraud.
Use the Deposit Bank of Your Choice
With the new RDP Credit Card Interface, any bank can be used for payment deposits.
Multiple Credit Cards Allowed for One Guest
RDPWin version 4 and the new RDP Credit Card Interface allow for multiple credit cards for each guest. This feature can also be used to process one-time credit cards from Expedia and other on-line travel agents (OTA’s).
Internet Reservation Module (IRM.Net) and Mobile IRM for SmartPhone and Tablets