Encryption

Encryption is the strongest protection for card data when it is in transit. From the moment the cardholder swipes or inserts the payment card at a terminal with hardware-based and tamper resistant security module features, encryption protects the card data from fraudsters as it travels across various systems and networks until it is decrypted at Elavon’s secure data center.

You can use XML API integration and encrypting devices to process encrypted card transactions. You can submit card transactions with encrypted track data using a supported MagneSafeTM secure card authenticator to maximize data protection. The card authenticator delivers the encryption inside the read head closest to the magnetic stripe, which adds a layer of protection to the HTTPS POST request.

The supported encrypting devices are as follows:

Ingenico Devices Using Generic TDES DUKPT Encryption
Combines Track 1 and Track into a single cipher text block
Examples: iSC250, iCMP (iCM122) Mobile PIN Pad or ROAM devices
Supports swiped, chip-read and contactless transactions

note

To enable the card reader to communicate with your integrated application, you must download the appropriate SDK for each device type.

The Card Data parameters that you need to pass in the transaction request are as follows:

ssl_enc_track_data
ssl_tlv_enc

The Encrypting Device parameters that you need to pass in the transaction request are as follows:

- `ssl_vm_mobile_device_source` (Mobile Device Type)
- `ssl_mobile_id` (Mobile Device ID)
- `ssl_ksn` (Key Serial Number)
- `ssl_vendor_id` (Vendor ID)

The transactions that support encrypted transactions are as follows:

Credit CardGift CardEMV Card
Sale
Auth Only
Force
Balance Inquiry
Generate Token
 
 
 
Activation
Sale
Balance Inquiry
Reload
Credit
Card Refund
Generate Token
 
Chip Sale
Chip Auth Only
Swipe Sale
Swipe Auth Only
 
 
 
 

Refer to the Credit Card Transactions sections for more information on the applicable Card Data and Encrypting Device parameters for each transaction.