TSYS SHA2 Deadline: What Microsoft RMS Users Need to Know

Wow - lots of calls and emails the last couple of days asking about the looming January 1st, 2017 SHA2 compliance deadline and what options are available for retailers using the Microsoft RMS point of sale software. It appears that TSYS and possibly First Data are pushing for compliance via the companies that use the TSYS and First Data platforms for merchant services.

First off - this is actually a good thing from a security standpoint as many retailers have held off on implementing EMV/Chip Card solutions and/or are still using Windows XP. Given the calls that I have been receiving about EMV fraud, the time has come to move forward with putting in the equipment to process EMV/Chip Cards.

I would strongly recommend that retailers using the Microsoft RMS point of sale software move to Windows 7. Windows 10 is possible with some help from myself or another Microsoft Dynamics RMS Partner. Skip Windows 8 or 8.1.

When it comes to retailers using the Microsoft RMS point of sale software, you have several options to meet the SHA2 deadline. My, advice (in order of preference) is the following:

1. Implement Card Defender for Microsoft RMS: Card Defender solves your security issues and allows for both EMV/Chip Card processing and NFC (Apple Pay and Google Wallet) processing as an integrated add-on for Microsoft RMS .  Card Defender does not add any gateway or per-transaction fees above what your merchant services company charges, is processor agnostic (TSYS, First Data, and Heartland), and requires no contracts. Visit this page on my blog for more information on Card Defender or contact me for more information - I've already had 5 retailers using RMS contact me in just the last 2 days about Card Defender so it is clear that the is upcoming deadline is being taken seriously. 
2. Vantiv/Mercury, Shift 4, Heartland and Cayan/Merchants Warehouse also offer some EMV/Chip Card add-ons/payment gateways/payment tunnels for Microsoft RMS. Generally I have found that these solutions are more expensive than Card Defender in the long run (1+ years) due to additional per-transaction fees and/or locking you into a contract using only one company for merchant services (which is another thing that I like about Card Defender - its keeps your merchant services provider honest when it comes to the rates and fees that they charge as they know that you can switch companies of you are unhappy while these other solutions basically lock you in). 
3. Use a separate credit card terminal that does not interface with the Microsoft RMS software. While this is the easiest and lowest cost option, keep in mind that you will be reconciling two reports at the end of each day and you open up the system to human error when entering the total on the credit card terminal (for example: a transaction totaling $15.20 could be entered as $1.52 or $152.00 - not fun to have have to track a customer down to correct the error).

All in all - there are plenty of options that allow Microsoft RMS point of sale software users to keep using RMS and meet the SHA2 deadline. Do contact me with any questions or clarifications.