This certainly isn't new or 6.1-specific either, as I know many developers have been interfacing with one credit card reader/keypad/signature terminal or another for many years. But we have once again been asked to look at a particular package (ChargeItPro), and before assisting in the development of another one-off interface, it seemed sensible to inquire generally if anyone else was either looking for such a think or had particular advice or experiences to share.

Doing anything related to credit cards may require PCI compliance certification. This certainly is something to consider on the front-end of any development because it's a very tedious and expensive process. We removed our TCPX communication with Verifone's PC-Charge for credit card verification because of PCI compliance issues.

Good point. We stopped taking credit cards for the same reason (and switched to PayPal), but we never dealt with the physical cards like most retailers do.

ChargeItPro, like most credit card processing vendors, claims some degree of PCI Compliance. But I'm not yet sure whether communicating details of the transaction across the SSH link between the server and ATE would contravene the standards.

The primary/critical card data doesn't have to pass over that link or even touch the application, so I'm guessing that as long as we are only passing the secondary information like the authorization code across the application/workstation link, there should be little to worry about. But I haven't read the complete standard, so would be interested in hearing what others are doing and whether there was anything to be gained by pooling resources at some level.