Here’s why you should demand remote key injection (RKI) from your payment gateway
Very seldom do we speak with software developers who want to spend their valuable time or their staff’s time on payment integrations and coordinating terminal deployments. More likely, you’d prefer to spend your time adding value to your software and better serving your customers, which is why selecting the right payment partner is so critical. While considerations such as support, technology innovation, EMV certifications, and security are essential, there’s an often-overlooked factor that can help you add value, better serve customers, and reduce a burden on your team — remote key injection (RKI).
RKI makes it possible to ship new payment terminals directly from the manufacturer or distributor to the merchant without any encryption keys. Once at the merchant locations, the devices can be connected to the payment system, request a unique key, receive the remote and secure injection, and be off and running.
The alternative, as many software developers know all too well, is having to manage time and costs associated with shipping units, securing them at a key injection facility, and manually injecting keys. Then the terminals can be sent to the customer and deployed. With RKI, thousands of terminals can be remotely injected at the customer site in minutes, entirely skipping a key injection facility and its related costs and challenges.
Because terminals ship in a blank state, the challenge of managing inventory and SKUs disappears, along with other logistical nightmares. Additionally, if you or your merchants want to change processors or there’s an issue with the payment device, new keys can be injected remotely, eliminating downtime for the merchant.
In the end, RKI provides nothing but upside for software developers, VARs, and ISOs looking to serve their customers better. Unfortunately, not all payment gateways can offer RKI due to the complexity and onerous security regulations that require a lot of skill, expertise, and financial investment. The certifications required to be a part of the RKI process is difficult to obtain. Two exhaustive security standards — PCI PIN and TR-39 — are necessary, along with many other requisites.
The reality is that most gateways are still trying to keep up with traditional key injection methods and certifications, and something as complex as RKI isn’t possible. However, just because something is difficult doesn’t mean it’s unrealistic for you to have it as part of your gateway partnership.
There are, indeed, payment gateways which have made the investments and taken steps to be able to perform RKI. Creditcall is one such gateway that has the certifications required and the facilities necessary to provide this secure value-added service to its partners.
If you’re evaluating your existing payment partnerships, consider how RKI can help you and your merchants. Your payment partners should be promising to help you deliver innovative solutions to your customers while offloading the burden of payment security, so you can spend more time doing what you do best. RKI is one way to fulfill this promise.