Whitelisting

Simplify uses a Whitelisting process to determine which accounts can be exempted from encryption of PCI-sensitive data and returned to the POS unencrypted. This process is based on two lists of account numbers, a whitelist (merchant-configurable) and a blacklist, used together as follows:

  • Data for accounts in the whitelist will not be sent to the host, but will be returned to the POS unencrypted for use as determined by the merchant (Whitelist response).

    • Exception: Sensitive data for PCI-protected accounts (as defined in the blacklist) will never be sent to the POS unencrypted, even if the PAN is included in the whitelist.
  • PCI-sensitive data fields for non PCI-protected accounts not in the whitelist (i.e. for accounts not in the whitelist or blacklist) will normally be encrypted.

    • Exception: If there is an encryption failure (not caused by system failure), sensitive data for these accounts can be sent unencrypted.
  • A Whitelist response is triggered by the POS sending a financial request for an account in the whitelist and not in the blacklist. Please see below for a sample request/Whitelist response.

If you want to use a Whitelisting process, please contact your Elavon representative for whitelist configuration.

Sample Transaction with Whitelist Response

The following sample of a whitelisted Sale transaction shows the Whitelist response sending account data to the POS in the clear (field 3). The PAN must be in the whitelist and not in the blacklist.

Request

API Field #, Value Description
0001,02 Transaction Type
0002,4.00 Transaction Amount
0007,1025 Transaction ID / Reference Number
0011,xxx.. User Data. See Field 11 (User Data) .
0013,022519 Transaction Date (current date) – MMDDYY
0014,143005 Transaction Time (current time) – HHMMSS
0017,0.00 Cash Back Amount
0109,TERM1 Terminal ID
0110,205 Cashier ID
0201,0.00 Tip Amount
1008,ID: Set to ‘ID:’ to request that an account Token be returned by Fusebox.
8002,ONGUARD Location Name (provided by Elavon)
8006,TSTLA3 Chain Code (provided by Elavon)

Whitelist Response

The Response Message field (1010) will contain *SLR WHITELIST, indicating a Whitelist response. Note that field 5004 (Encryption Provider ID) is not sent in a whitelist response because the account data is not encrypted.

API Field #, Value Description
0001,02 Transaction Type
0002,4.00 Transaction Amount
0003,&&&&&&&&&&&&&&&&&=&&&& Account data in the clear
See under Appendix G - Usage for details.)
0007,1025 Transaction ID / Reference Number
0011,xxx.. User Data. See Field 11 (User Data) .
0013,022519 Transaction Date (current date) – MMDDYY
0014,143005 Transaction Time (current time) – HHMMSS
0017,0.00 Cash Back Amount
0109,TERM1 Terminal ID (provided by Elavon)
0110,205 Cashier ID
0201,0.00 Tip Amount
1003,0000 Response Code
1004,-99 Response Message
1008,ID: Echoes values in request
1009,999 Response Code
1010,*SLR WHITELIST Simplify Response Message
5002,81112159 Device Serial Number
5010,EMVDC0838 EMV kernel version
8002,ONGUARD Location Name (provided by Elavon)
8006,TSTLA3 Chain Code (provided by Elavon)