On-Device SAF

SAF (Store and Forward) is currently supported by storing sensitive data on the POS system. To avoid this, Simplify 2.03.xxx supports On-Device SAF on Tetra devices. If this feature is enabled, Simplify will not send sensitive data to the POS.

Note:

  • On-Device SAF is recommended with OnGuard as the encryption mode, as Voltage is not valid for PCI-validated P2PE.

  • On-Device SAF requires a different configuration setting. If enabled, SAF on POS is no longer allowed.

On-Device SAF Transaction Lifecycle

If enabled, On-Device SAF processing will occur when a supported transaction cannot process online due to a supported communications error. (These transactions will be referred to as SAF-eligible transactions.) Simplify will then process offline as follows (see On-Device SAF Transaction Lifecycle for details):

  • Perform Stand-in – Locally approve the transaction if no SAF limit is exceeded; else locally decline.

  • Send the result to the POS, including a SAF token. (No sensitive data.)

  • Write SAF token and data needed for resubmission to a SAF database. Simplify attempts to process the stored transaction through Fusebox until the transaction is resolved. A transaction is resolved when it receives a forwarded (host) response from Fusebox (used to update the database) or expires.

Note: Transactions processed through Stand-in and written to the SAF database (implying that a SAF Token was generated) will be referred to as SAF transactions.

Supported Transactions

  • Card Present

  • Sale, Refund, Auth Only

  • Credit AID (no PINblock)

Conditions leading to Store and Forwarding of a Transaction

  • Socket to Fusebox could not be opened.

  • Simplify timed out before receiving the financial response from Fusebox.

Modifications to Inquiry Process

  • POS does not send Inquiries for local declines. (Simplify handles all required processing).

  • For local approvals, the Inquiry request should include the SAF token (API 5073) from the original transaction response.

  • Since Simplify handles expiration of SAF transactions, the Inquiry response may indicate that the transaction has expired (either the card has expired, or the transaction is older that the configured number of days to keep pending).

  • If the Inquiry response indicates that the transaction has been forwarded approved, the POS can obtain the Fusebox token from API 5035.

error_outline

note

If a transaction requires a token from a prior transaction that was locally approved, the POS should not send the transaction until the true (Fusebox) token has been received in an Inquiry response for the original transaction (i.e. until the transaction has been forwarded and approved).

For more information on the modified Inquiry process, see POS Inquiry with On-Device SAF Enabled.