P2PE

On this page:

Introduction

Point to Point Encryption (P2PE) enhances the security of account data by encrypting it between a Point of Interaction (POI) device and the decryption environment. Starting with version 2.02.021, Simplify can be implemented as part of an Elavon PCI-validated P2PE solution (not supported for Canada). This will allow Simplify customers to reduce the scope of their PCI audits.

The principal purpose of this section is to serve as a guide to inform users on the role of Simplify in Elavon’s PCI-validated P2PE solution. Customer requirements for PCI-validated P2PE can be summarized as follows:

  • Ingenico Telium or Tetra PIN Pads using On-Guard encryption. See Versioning for more information.

  • All general requirements for secure communications must be followed. Network security must be reviewed periodically.

  • Any PCI-sensitive data received by the POS (encrypted or unencrypted) must be securely deleted when no longer needed.

  • Printing must conform with PCI and TPP rules for masking.

  • Informational Prompt messages (see Informational Prompting) must not be used to request PCI-sensitive data from the customer.

Encryption Types

Simplify supports two types of encryption (starting with version 2.02.021):

  • The legacy Voltage encryption. Not eligible for PCI-validated P2PE.

  • Ingenico’s On-Guard encryption. Eligible for PCI-validated P2PE.

The type of encryption used in an implementation can be displayed on the PIN Pad, as described under Versioning. This information is also sent in API field 5004, which has been modified as follows:

Encryption Provider ID (field 5004)

The Elavon API uses field 5004 to indicate the encryption type as follows:

  • G2 = Voltage

  • OG = On-Guard (version 2.02.021 and higher)

List-Based Transaction Processing

By default, Simplify sends transactions to Fusebox with PCI-sensitive data fields encrypted. Simplify uses two BIN lists to control and (if desired) modify this processing:

  • Encrypt list – A non-configurable list containing BINs for PCI-protected PANs and any other BINs for which PCI-sensitive data fields can never be sent to Fusebox unencrypted. If this data cannot be encrypted, the transaction will not be sent to Fusebox and a bad card read response will be returned to the POS (no data).

  • Return list – A merchant-configurable list containing BINs which will not be sent to Fusebox. These transactions will be returned to the POS unencrypted for use as determined by the merchant. Can only include BINs not in the Encrypt list.

If in neither list, the transaction will normally be sent to Fusebox encrypted (default processing). If there is an encryption failure not caused by system failure (e.g. data too long to encrypt), it will be sent unencrypted.

note

If you want to use this list-based process to control transaction processing, please contact your Elavon representative regarding list configuration.

Sample Transaction with Return Unencrypted Response

The following sample is for a Sale transaction whose BIN is in the Return list. Simplify sends a Return Unencrypted response to the POS.

Request

API Field #, ValueDescription
0001,02Transaction Type
0002,4.00Transaction Amount
0007,9Transaction ID / Reference Number
0011,xxx..User Data. See Simplify-Controlled Field Definitions.
0013,022519Transaction Date (current date) – MMDDYY
0014,215014Transaction Time (current time) – HHMMSS
0017,0.00Cash Back Amount
0109,TERM02Terminal ID (provided by Elavon)
0110,205Cashier ID
0201,0.00Tip Amount
1008,ID:Set to ‘ID:’ to request that an account Token be returned by Fusebox.
8002,ONGUARDLocation Name (provided by Elavon)
8006,TSTLA3Chain Code (provided by Elavon)

Return Unencrypted Response

The following response sends account data to the POS in the clear (API 0003). The Response Message field (API 1010) contains *SLR WHITELIST, indicating a Return Unencrypted Response. Note that API 5004 (Encryption Provider ID) is not sent since the account data is not encrypted.

API Field #, ValueDescription
0001,02Transaction Type
0002,4.00Transaction Amount
0003,&&&&&&&&&&&&&&&&&=&&&&Account data in the clear
See under Usage for details.)
0007,9Transaction ID / Reference Number
0011,xxx..User Data. See Simplify-Controlled Field Definitions.
0013,022519Transaction Date (current date) – MMDDYY
0014,215014Transaction Time (current time) – HHMMSS
0017,0.00Cash Back Amount
0109,TERM02Terminal ID
0110,205Cashier ID
0201,0.00Tip Amount
1003,0000Response Code
1004,-99Response Message
1008,ID:Echoes value in request
1009,999Response Code
1010,*SLR WHITELIST.Simplify-Generated Response Message
5002,81112159Device Serial Number
5010,EMVDC0838EMV kernel version
8002,ONGUARDLocation Name
8006,TSTLA3Chain Code