Welcome to BigScreenBiz.com

My wife and I are re-opening a vintage theatre early in 2009. One of the first things I did was research POS systems and settled on one that was regularly recommended and offered the features I need.

The drawback is that the independent software vendor who wrote it requires an additional and substantial annual fee to provide support for using my own card processing vendor -- in my case, the bank who handles my merchant accounts has given me a very good rate on transactions that would more than make up for the ISV's fee. When I talk with the ISV, the REALLY push their preferred processor.

The major credit cards now require that all acquisition software, processors, and merchants be PCI DSS compliant, and thus my bank requires it as well.

The problem is that the software package I had decided on is still not certified. Compliance was required by the end of October, but nothing in site yet. When contacted, the ISV claims they have until the end of the year (they don't) and that I should consider their processor, who doesn't require the compliance certificate (but the card companies do require it of all processors). They REALLY, REALLY want me to use their preferred partner.

I don't like how hard they push their partner and it has made me really suspicious of the business relationship between the two. Maybe some co-ownership or something.

In any case, now I've decided to open with regular tickets and standalone card scanners. That way, I only have to deal with getting my PCI compliance in place. It really blows. Now I need to re-evaluate the other packages out there.

Has anyone else run into this?

RTS also does this... at least, they did last time I checked. I wonder if it involves the cost of integrating with some providers.

RTS's card processing is free if you use the MercuryPay service. They do charge for others, though. I've used their system since '02, and was the 7th customer to sign with Mercury / Globalpay.

If you're having any trouble with your provider, you might look into this. Mercury does have some flexibility, as far as rates are concerned. They'd probably be willing to negotiate with you on that. RTS has nothing to do with the rates.

The RTS/Mercurypay system is absolutely seamless. It's reliable, and not something I never have to worry about.

About the only downside to this system is the annual license, but I think they make up for that in the way they keep the software updated. They've NEVER pushed any add-ons at me.

I don't mind the additional fee, which is in fact an "integration" supplement. The problem is, they don't seem to be able to actually integrate national processors. Paying an additional $1000/year for not being able to integrate seems like a lose-lose for me.

I'm not having a problem with my processor, I'm having a problem with the ISV. More importantly, even if I went with their preferred processor to get around VISA/MC/Discover/AmEx requirements for PCI DSS compliance, I'm now playing with fire should cardholder information be exposed during the processing. And, given that I knowingly bypassed the card requirements by going with a payment processor that is ignoring the PCI DSS requirements, I would probably be on the hook legally as well.

The software in question actually seemed like it was a really good fit for us, but the PCI DSS issue is a non-starter regardless of processor.

Hopefully, they'll get their PCI compliance at some point.

-David

From the RTS message boards dated 14 November 2008:

Due to requirements in the PA-DSS Compliance standards ( www.visa.com/cisp ), we have had to make some changes to the way RTS Ticketing 7.0 processes credit card transactions. The Credit Server has been removed and now each PC (selling station) that takes credit cards will need to have a working Internet connection in order to be able to process credit cards. We are required to provide a PA-DSS compliant application in order to allow our customers the ability to meet the PCI-DSS Compliance standards. Be advised that ALL PCs running the RTS software will need to be upgraded to the new release due to changes in the data format used for processing credit cards.

Weird. The merchant services manager at our bank just talked to them about 10 days ago and there was still no word on their certification. I suspect they may have done what needed to be done, but have yet to be certified.

Checking....

I was correct. They are yet to be listed as a Validated Payment Application. So, even if they have made any corrections to issues identified by a PA-QSA, they still have not made it to the actual certificate issuance from PCI.

To update my earlier hopefully...

Hopefully, they'll have the certification within the next month or so.

-David

RTS has also been developing their "Version 8" for YEARS now. It is supposed to be very different than the current Version 7 iterations. Perhaps the new version will be compliant, and they did the minimum that they had to in order to make the existing versions compliant. There was some verbage on their boards suggesting that this update would probably be the last of version 7.