POS SAF Processing
Simplify can be configured to support SAF (Store and Forward) processing for timed-out (offline) transactions. Depending on configuration, SAF processing will be performed by either the POS or Simplify:
POS SAF – Simplify sends a response that allows the transaction to be locally approved or declined by the POS (Stand-in process). If approved, the POS forwards (i.e. resubmits) the transaction (through Simplify or directly to Fusebox) for host approval. Described below.
On-Device SAF (version 28 and above) – Simplify performs Stand-in and other SAF processing. See under On-Device SAF.
A transaction is considered to have timed out when either of the following occurs:
The Fusebox response indicates that the Fusebox request to the authorizer timed out.
Simplify times out before receiving a Fusebox response.
The Simplify timeout interval for a request to Fusebox is defined individually for each request from the POS in the first 3 bytes of Field 11.
PCI DSS Compliance: For POS SAF only, the response for a timed out transaction contains encrypted customer data. The customer is responsible for making this data unrecoverable after completion of the authorization process (PCI DSS 3.0 Requirement 3.2).
For timed-out EMV transactions, Simplify can be configured to return EMV tags in the response. The POS can include these tags in the resubmitted transaction. Resubmission of EMV Stand-In transactions without EMV tags can cause declines from some issuers. See the Fusebox Integration Guide under EMV API Fields for more information on EMV tags.
SAF support is configured independently for each tender type and applies to the following transaction types:
If Simplify times out waiting for a Fusebox response to one of these three financial transaction types, the outcome at the POS process will depend on whether SAF is enabled.
For SAF Enabled - Simplify can be configured to validate transactions for SAF eligibility.
If not eligible, the transaction will be declined with a communications error (same as SAF not enabled).
If SAF is enabled and the transaction passes validation (if enabled), the POS process will receive a Stand-in response (Field 1010 = “*SLR STAND-IN.”) containing encrypted account data. This data allows the POS to resubmit locally approved transactions for host approval.
“*SLR STAND-IN.” is also returned when Simplify performs Stand-in on a transaction (On-Device SAF). However for On-Device SAF, no PCI-sensitive data is returned.
For Stand-in Not Enabled - If Stand-in/SAF is not enabled, Simplify will decline the transaction with a communications error (Field 1010 contains “*SLR COMMUNICATIONS ERROR.” or “*SLR SWITCH TIMEOUT.”).
In either case, Inquiry Message processing must be performed.