About Electronic Funds Transfer (EFT)

Introduction

Electronic Funds Transfer (EFT) refers to all payments that can be processed electronically using a computerized POS system like Veloce through an Internet connection. EFT is mostly meant for card payments, such as credit cards, debit cards and payments by banking cards, such as Interac Debit. Some types of gift cards are also processed by EFT, but those will be discussed in a dedicated article.

EFT Providers

In order to process card payments, the merchant needs to select a payment processing company and open an account. Such companies are also referred to as "processors" or "acquirers". Examples of such providers include PayFacto, Moneris, Global Payments, TSYS, etc.

The role of the payment processor is, of course, mainly to process card payment requests coming from merchants. Processors do all the "heavy lifting" in this department, like capturing sensitive payment card data and moving funds between the customer's accounts and the merchant's account. Many processors offer additional services such as integration to POS systems like Veloce, access to real-time reports, etc.

Of course, PayFacto has the advantage of being able to offer a complete end-to-end solution to its customers. A full-featured POS system and a complete line of payment services are available under the same roof.

Integration types

There are 3 main types of integrations for EFT solutions, regardless of the POS system in use.

Non-integrated (standalone)

The non-integrated or standalone mode, as its name suggests, does not communicate at all with the POS system. This is common for very small merchants who use a standard cash register to manage their sales. This is also common in remote areas where communication between the merchant and the payment processor is carried over standard phone lines.

When using a non-integrated solution with Veloce, the cashier needs to manually select the appropriate payment mode after asking the customer how they were going to pay. The amount of the sale and tip amounts also need to be entered manually in Veloce, and the daily reconciliation (making sure payments and sales balance) needs to be done by looking at the Veloce reports and the payment terminal's reports separately.

Semi-Integrated

The semi-integrated mode is the most common and is also the safest in terms of data protection. With a semi-integrated implementation, the POS system and the EFT provider only exchange non-sensitive information, such as transaction amounts, tip amounts, card brand used, etc. Sensitive data is never shared with the POS system, which makes it a less attractive target for hackers. Sensitive data includes credit card numbers and their expiration dates as well as the card's security code.

The use of a semi-integrated mode generally implies the use of dedicated payment terminals, which are often referred to as PIN Pads. However, some semi-integrated solutions allow for a portion of the POS software to be installed on the same physical device as the payment terminal, giving it the practical look & feel of a fully integrated solution. One such solution is the Veloce POS app, which can be installed on the PAX A920 payment terminal offered by PayFacto.

With Veloce, a semi-integrated solution allows for the automation or a large portion of the card payment process and limits the amount of input that has to be done manually by the cashier. All the data, such as the type of card used, the card brand used, the sale amount, amount authorized and tip amount are managed automatically and exchanged between Veloce and the payment terminal without intervention from the cashier. This eliminates many possibilities of input errors by the cashier and speeds up the payment process. Also, since sensitive data is always kept on the processor's side and never shared with Veloce, this greatly simplifies data security management on the Veloce side.

Fully Integrated

The full integration was very popular around the early 2000's. However, this type of solution became less popular owing to the ever growing challenges in data protection caused by the design of these solutions. With a fully integrated solution, the POS system effectively becomes a payment application, subject to PA-DSS and PCI-DSS data security standards, since sensitive information is managed directly by the POS system. This requires more stringent data security management, special employee training and sometimes incurs additional costs from card issuers and service providers. Very few merchants still use fully integrated solutions and most are being replaced with semi-integrated solutions.