Whitelisting

Simplify uses a Whitelisting process to determine which accounts can be exempted from encryption of PCI-sensitive data and returned to the POS unencrypted. This process is based on two lists of account numbers, a whitelist (merchant-configurable) and a blacklist, used together as follows:

  • Data for accounts in the whitelist will not be sent to the host, but will be returned to the POS unencrypted for use as determined by the merchant (Whitelist response).

    • Exception: Sensitive data for PCI-protected accounts (as defined in the blacklist) will never be sent to the POS unencrypted, even if the PAN is included in the whitelist.
  • PCI-sensitive data fields for non PCI-protected accounts not in the whitelist (i.e. for accounts not in the whitelist or blacklist) will normally be encrypted.

    • Exception: If there is an encryption failure (not caused by system failure), sensitive data for these accounts can be sent unencrypted.
  • A Whitelist response is triggered by the POS sending a financial request for an account in the whitelist and not in the blacklist. Please see below for a sample request/Whitelist response.

If you want to use a Whitelisting process, please contact your Elavon representative for whitelist configuration.

Sample Transaction with Whitelist Response

The following sample of a whitelisted Sale transaction shows the Whitelist response sending account data to the POS in the clear (field 3). The PAN must be in the whitelist and not in the blacklist.

Request

API Field #, ValueDescription
0001,02Transaction Type
0002,4.00Transaction Amount
0007,1025Transaction ID / Reference Number
0011,xxx..User Data. See Field 11 (User Data).
0013,022519Transaction Date (current date) – MMDDYY
0014,143005Transaction Time (current time) – HHMMSS
0017,0.00Cash Back Amount
0109,TERM1Terminal ID
0110,205Cashier ID
0201,0.00Tip Amount
1008,ID:Set to ‘ID:’ to request that an account Token be returned by Fusebox.
8002,ONGUARDLocation Name (provided by Elavon)
8006,TSTLA3Chain Code (provided by Elavon)

Whitelist Response

The Response Message field (1010) will contain *SLR WHITELIST, indicating a Whitelist response. Note that field 5004 (Encryption Provider ID) is not sent in a whitelist response because the account data is not encrypted.

API Field #, ValueDescription
0001,02Transaction Type
0002,4.00Transaction Amount
0003,&&&&&&&&&&&&&&&&&=&&&&Account data in the clear
See under Usage for details.)
0007,1025Transaction ID / Reference Number
0011,xxx..User Data. See Field 11 (User Data).
0013,022519Transaction Date (current date) – MMDDYY
0014,143005Transaction Time (current time) – HHMMSS
0017,0.00Cash Back Amount
0109,TERM1Terminal ID (provided by Elavon)
0110,205Cashier ID
0201,0.00Tip Amount
1003,0000Response Code
1004,-99Response Message
1008,ID:Echoes values in request
1009,999Response Code
1010,*SLR WHITELISTSimplify Response Message
5002,81112159Device Serial Number
5010,EMVDC0838EMV kernel version
8002,ONGUARDLocation Name (provided by Elavon)
8006,TSTLA3Chain Code (provided by Elavon)