P2PE
On this page:
Introduction
Point to Point Encryption (P2PE) enhances the security of account data by encrypting it between a Point of Interaction (POI) device and the decryption environment. Starting with version 2.02.021, Simplify can be implemented as part of an Elavon PCI-validated P2PE solution (not supported for Canada). This will allow Simplify customers to reduce the scope of their PCI audits.
The principal purpose of this section is to serve as a guide to inform users on the role of Simplify in Elavon’s PCI-validated P2PE solution. Customer requirements for PCI-validated P2PE can be summarized as follows:
Ingenico Telium or Tetra PIN Pads using On-Guard encryption. See Versioning for more information.
All general requirements for secure communications must be followed. Network security must be reviewed periodically.
Any PCI-sensitive data received by the POS (encrypted or unencrypted) must be securely deleted when no longer needed.
Printing must conform with PCI and TPP rules for masking.
Informational Prompt messages (see Informational Prompting) must not be used to request PCI-sensitive data from the customer.
Encryption Types
Simplify supports two types of encryption (starting with version 2.02.021):
The legacy Voltage encryption. Not eligible for PCI-validated P2PE.
Ingenico’s On-Guard encryption. Eligible for PCI-validated P2PE.
The type of encryption used in an implementation can be displayed on the PIN Pad, as described under Versioning. This information is also sent in API field 5004, which has been modified as follows:
Encryption Provider ID (field 5004)
The Elavon API uses field 5004 to indicate the encryption type as follows:
G2 = Voltage
OG = On-Guard (version 2.02.021 and higher)
List-Based Transaction Processing
By default, Simplify sends transactions to Fusebox with PCI-sensitive data fields encrypted. Simplify uses two BIN lists to control and (if desired) modify this processing:
Encrypt list – A non-configurable list containing BINs for PCI-protected PANs and any other BINs for which PCI-sensitive data fields can never be sent to Fusebox unencrypted. If this data cannot be encrypted, the transaction will not be sent to Fusebox and a bad card read response will be returned to the POS (no data).
Return list – A merchant-configurable list containing BINs which will not be sent to Fusebox. These transactions will be returned to the POS unencrypted for use as determined by the merchant. Can only include BINs not in the Encrypt list.
If in neither list, the transaction will normally be sent to Fusebox encrypted (default processing). If there is an encryption failure not caused by system failure (e.g. data too long to encrypt), it will be sent unencrypted.
note
If you want to use this list-based process to control transaction processing, please contact your Elavon representative regarding list configuration.
Sample Transaction with Return Unencrypted Response
The following sample is for a Sale transaction whose BIN is in the Return list. Simplify sends a Return Unencrypted response to the POS.
Request
API Field #, Value | Description |
---|---|
0001,02 | Transaction Type |
0002,4.00 | Transaction Amount |
0007,9 | Transaction ID / Reference Number |
0011,xxx.. | User Data. See Simplify-Controlled Field Definitions. |
0013,022519 | Transaction Date (current date) – MMDDYY |
0014,215014 | Transaction Time (current time) – HHMMSS |
0017,0.00 | Cash Back Amount |
0109,TERM02 | Terminal ID (provided by Elavon) |
0110,205 | Cashier ID |
0201,0.00 | Tip Amount |
1008,ID: | Set to ‘ID:’ to request that an account Token be returned by Fusebox. |
8002,ONGUARD | Location Name (provided by Elavon) |
8006,TSTLA3 | Chain Code (provided by Elavon) |
Return Unencrypted Response
The following response sends account data to the POS in the clear (API 0003). The Response Message field (API 1010) contains *SLR WHITELIST, indicating a Return Unencrypted Response. Note that API 5004 (Encryption Provider ID) is not sent since the account data is not encrypted.
API Field #, Value | Description |
---|---|
0001,02 | Transaction Type |
0002,4.00 | Transaction Amount |
0003,&&&&&&&&&&&&&&&&&=&&&& | Account data in the clear See under Usage for details.) |
0007,9 | Transaction ID / Reference Number |
0011,xxx.. | User Data. See Simplify-Controlled Field Definitions. |
0013,022519 | Transaction Date (current date) – MMDDYY |
0014,215014 | Transaction Time (current time) – HHMMSS |
0017,0.00 | Cash Back Amount |
0109,TERM02 | Terminal ID |
0110,205 | Cashier ID |
0201,0.00 | Tip Amount |
1003,0000 | Response Code |
1004,-99 | Response Message |
1008,ID: | Echoes value in request |
1009,999 | Response Code |
1010,*SLR WHITELIST. | Simplify-Generated Response Message |
5002,81112159 | Device Serial Number |
5010,EMVDC0838 | EMV kernel version |
8002,ONGUARD | Location Name |
8006,TSTLA3 | Chain Code |