Updated: August, 2010
The latest update to Rock Gym Pro changes the way credit cards are handled during POS transactions and while capturing a credit card for EFT members. This change is prompted by the PCI compliance mandate being forced onto retailers from our friends in the credit card industry.
Specifically, RGP will no longer store, transmit, or process credit cards effective August 1, 2010. This allows RGP to not be classified as a payment application and therefore not be subject to the credit card industry’s Payment Application Data Security Standard (PA-DSS).
The PA-DSS audits are prohibitively expensive and cumbersome for a small software application like RGP. Additionally, each update to RGP would need to be audited again… so needless to say getting audited wasn’t going to be an option. Fortunately, XCharge has an innovative solution that has now been integrated into RGP.
So how does RGP process credit cards without processing them?
Rather than processing the cards directly, the POS transaction screen is now a web browser embedded into the application. So when you are swiping a card (or keying one in), you are actually doing so on a secure (and PA-DSS compliant) XCharge web page. RGP just gets back a confirmation when the transaction is approved. So RGP never touches the credit card.
When capturing a credit card for an EFT member, the same process happens and RGP receives an alias for the credit card which is then stored in the database. Once again, RGP never sees or stores the credit card number.
For the existing card numbers stored in the database, when you launch billing for the first time – you will be prompted to have your existing card numbers aliased. This will take 5-10 minutes depending upon how many credit card numbers are stored in the database.