Safe-T

SAFE-T Suite solutions are described as follows:

EMV

Europay, MasterCard, and Visa (EMV) have evolved to become the standard for Integrated Chip Card (Chip) processing. This card present anti-fraud standard is deployed in most of Europe, Middle East, and Africa (EMEA), Asia Pacific (APAC), and the America’s (Canada, Caribbean, Mexico and larger countries in South America.

The chip prevents fraudulent card clones and stronger cardholder verification methods such as PIN, PIN and Signature or Signature to protect against lost / stolen liability. EMV requires a chip card reader (non-magnetic stripe) capable payment terminal. Due to the liability shift for the U.S. market, it is strongly recommended that all current projects and purchases of payment terminals in a card present environment be EMV-capable.

Simplify will also be developed and released with EMV functionality and will be a certified solution from point-of-entry to approval which will reduce the POS certification effort with each card brand and association. Simplify running on Ingenico terminals using On-Guard encryption can operate as part of a PCI P2PE-validated solution.

Validation is specifically performed through Safe-T link with P2PE Protect.

Point-to-Point Encryption

P2PE is an Elavon service offered with several different providers, where either a piece of hardware or a software module encrypts card data at the point of entry or it is decrypted downstream (either by Elavon Gateway or a point beyond Elavon Gateway). The term Point-to-Point Encryption ensures the card data point of entry into systems to the point of decryption is identified in the solution.

Elavon can provide a complete PCI P2PE-validated solution using Ingenico terminals running Simplify with On-Guard encryption.

Validation is specifically performed through Safe-T Link with P2PE Protect.

Simplify is an Elavon Gateway software and hardware solution that supports P2PE with a Tamper Resistant Security Module (TRSM) and format preserving card encryption.

Gives Integrator the ability to place a stand-beside terminal into the transaction flow and address that terminal from the POS with the standard Elavon Gateway message.

  • The POS communicates to the hardware via TCP/IP or serial port and the terminal will gather the payment information, validate amount of transaction, and accept a PIN entry (if PIN Debit Selected).
  • The card swipe or manually entered card number is encrypted and passed to the Elavon Gateway, where decrypted and processed to the TPP.
  • Responses back to the POS will be returned with a masked account number and a token to be used with future transactions if necessary.

Simplify offers multiple terminal manufacturers and P2PE solutions for an integrator who does not want to code to a hardware device directly or wants to leverage the ease of this solution in their integration.

Integrators can code to and certify an integrated hardware, or stand-beside terminal of their choice based on pre-qualifying the hardware, firmware, and Software Development Toolkit (SDK) to be used to ensure compatibility with Token Vault and P2PE solutions.

Simplify will also be developed and released with EMV functionality and will be a certified solution from point-of-entry to approval which will reduce the POS certification effort with each card brand and association.

Simplify running on Ingenico terminals using On-Guard encryption can operate as part of a PCI P2PE-validated solution. Validation is specifically performed through Safe-T link with P2PE Protect.

Note: Simplify offers many advantages over a POS developed terminal application. However, in some circumstances there may be integrations approved with a bring-your-own-device implementation.

Token Vault is a service available with Fusebox where sensitive data can be rendered to a token.

The Token Vault system offers the ability to tokenize data in incoming transactions and store a token in the POS instead of a card number. Tokens can be created as a result of a financial transaction (authorization or sale), as well as for times when only a card number needs to be stored (no authorization or financial transaction) for later use (example: card in the active transaction database for a recurring payment or future reservation).

Token Vault is an advance on previous token solutions at Elavon Gateway such as; Unique ID, DataLCK, and Tokenization.

Consider the following variables before selecting SAFE-T Suite as a solution:

  • How you deploy hardware and stand-beside terminals.

  • What features you incorporate into the POS and PMS integration.

Simplify to Fusebox Solution

Simplify is an Elavon-developed and supported software that is custom built to the client’s unique specifications and requirements. It provides EMV, P2PE, and Token functionality to a POS or PMS system. The POS / PMS system integrates to Simplify and never needs to have access to PCI-sensitive data which reduces its PCI scope.

Device used with Simplify

  • Automatically adds in the terminal serial number and encryption provider ID.

  • If the integrator codes directly to the Verifone terminal, then the POS must obtain the device serial number from the device and supplement the Elavon Gateway API with the encryption provider ID;
    5004, S1 or V1.

Trigger for Manually-keyed Transaction

  • To trigger a manually keyed transaction, pass a K in API Field 3 (example: 3,K).
  • This trigger allows manual input of the card number by encrypting it at the device.
  • If you do not want to decrypt a card number with the decryption service, do one of the following:

    • Do not pass S1 or V1 in API field 5004, or
    • Pass the transaction to another terminal.

error_outline
note

Passing S1 or V1 in API field 5004 to any Site ID that is not boarded with VSP will result in a transaction error.

When Verifone P2PE is enabled, cards are encrypted with Format Preserving Encryption,which preserves the card BIN (the first 6 characters) and last 4 of manually-keyed and swiped card data.

  • However, the middle portion of the card number is altered from the original card.

  • Track 2 data is loaded with values used to decrypt the card with the private keys located on the Verifone VeriShield Protect servers.

  • Review the expiration date in Track Data prior to decryption to find out if a card number has been encrypted in an incoming message or in logs.

  • Verifone Encryption adds 32 years to the expiration date. For example, if a card expires on March 2015 (0315), the encrypted card swipe will say 0347.

POS Integrated to Fusebox Solution

Direct Integration

If you are using a direct integration from the POS to Hardware or stand-beside terminal, P2PE, or Token Vault with the POS integrated to Fusebox (not the stand-beside terminal) the following occurs:

  • Track 1 or 2 swiped or manually keyed PAN data is encrypted at the device and passed to the POS.

  • The POS will see encrypted Track 1 or 2 swiped or manually-keyed PAN data (possibly format preserving).

  • The data returned to the POS is the same as from Simplify to Fusebox Solution.

POS Integrated with Bring Your Own Device to Fusebox Solution

The term Bring Your Own Device means that the POS vendor is choosing to write to and certify with a terminal solution of their choice and is NOT using the Elavon Gateway Simplify solution.