DEVELOPER

Back to Developer Blog

technical

Integrated vs. Semi-Integrated Payment Architecture Solutions

By Bryan Long | January 8th, 2024


Introduction

Developers working on behalf of merchants or Independent Software Vendors (ISVs) have nearly limitless options when it comes to adding integrated payments or semi-integrated payments to their software applications. With semi-integrated payment systems, meeting Payment Card Industry (PCI) requirements is primarily the payment service provider's responsibility. This means that businesses don't have to spend months on the development and infrastructure work required to integrate and certify a new PCI-compliant solution. Payment service providers offer pre-built semi-integrated payment solutions for this purpose, which simply require that the merchant or ISV makes a few adjustments to their existing software application to work with the semi-integrated solution. The following sections will describe the differences between semi-integrated and integrated architecture.

Get in Touch

Talk to us about setting up the perfect payment solution for your business.

Semi-Integrated Payments Architecture

The fundamental difference between integrated payment architecture and semi-integrated architecture is that in semi-integrated solutions, the payment terminal communicates sensitive transaction information directly to the payment gateway or payment processor, keeping that data separate from the merchant's and ISV's systems. This is critical for developers because it shifts most of the burden of PCI compliance away from the business's application and onto the payment gateway or payment processor. The payment service provider's EMV-certified and PCI-compliant software runs on the physical payment terminal, but only transmits non-sensitive data to the business's application. The sensitive transaction data is sent directly from the payment provider's terminal application to the payment gateway or processor, and the only data that's returned to the POS application is a PCI-compliant response with non-sensitive data.

Semi-Integrated Transaction Flow Process

In a semi-integrated solution, the POS application initiates the transaction and prompts the cardholder to insert, tap, or swipe their card or mobile wallet. The credit card information is then encrypted and sent directly from the payment terminal to the gateway or processor, and on to the acquiring bank for authorization. The authorization approval or denial is then sent directly back through the processor to the terminal, and the terminal forwards a PCI-compliant, non-sensitive response to the POS, masking sensitive card data and any personally identifiable information (PII). This response includes data such as the approval code, the truncated card number, and depending on the configuration, the transaction token.
Semi-Integrated Transaction Flow Detail
Understanding this transaction flow is important for developers because it keeps their applications — which become part of the POS software — out of the flow of PII and PCI-protected data. This further benefits developers and merchants because deploying this architectural pattern means they do not have to complete a full EMV certification, which requires a high level of specialized development work and can take months to complete. Instead, EMV pre-certified products can be leveraged to significantly reduce the integration time and effort.

Developers looking for code samples and integration guides for pre-certified devices can review documentation for the Ingenico and PAX Semi-Integrated Solutions. A key benefit of the Ingenico Semi-Integrated Solution is that it allows developers to code once and then work with the entire line of Ingenico Tetra devices, including the Desk 3500 and the Lane 5000, without having to make code changes for each device. The PAX Semi-Integrated Solution provides partners with the latest smart terminals from the PAX A-Series and E-Series. View details for the entire collection of compatible hardware and place an order for a test terminal on the Hardware page.

Integrated Payments Architecture

An integrated payments system has the same components as a semi-integrated solution, but — as the name implies — the components are integrated together. Specifically, the application that manages the transaction and interacts with the sensitive payment data is integrated into the POS system. This fully integrated payments software processes the payment and is often combined with other business functions including accounting, inventory, and CRM systems. In this architectural model, raw card data must travel securely through the POS, to the payment processor, and on to the bank for payment authorization. Because of this key difference, the Point of Sale application is responsible for complying with Payment Card Industry Data Security Standards (PCI-DSS). Learn more about what PCI means and review PCI-DSS requirements at pcisecuritystandards.org.
Integrated Payments Architecture

Which integrated solution is best?

From a developer's perspective, integrated solutions can pose significant security risks. The POS software that development teams create is vulnerable to malware that hackers leverage to attempt to steal credit card information. Additionally, the entire system that developers work on must be built to comply with PCI requirements and earn approval by the PCI Security Standards Council. This means the application also needs to go through EMV certification, which requires more specialized developer effort, more time, and regulatory reviews in order to be fully PCI compliant. Finally, any subsequent changes to the POS application after initial approval require re-certification, which introduces additional compliance and regulatory factors. Semi-integrated solutions remove that burden.

Developers are increasingly becoming technology decision-makers on behalf of ISVs and merchants. For developers, leveraging semi-integrated solutions requires less programming, reduces PCI burden, and offers increased security compared to fully integrated solutions. All while providing fast and frictionless acceptance for any payment environment.

How To Get Started

Talk to your payment services company to explore the features of your current hardware and software. With decades of financial service and payments experience, North provides support to developers and business decision-makers to select the best possible payment solution. Contact us to learn more about how to connect your system to the North ecosystem.


Start your free Developer account and try it now.


©2025 North is a registered DBA of NorthAB, LLC. All rights reserved. North is a registered ISO of BMO Harris Bank N.A., Chicago, IL, Citizens Bank N.A., Providence, RI, The Bancorp Bank, Philadelphia, PA, FFB Bank, Fresno, CA, Wells Fargo Bank, N.A., Concord, CA, and PNC Bank, N.A.