POS development for Simplify should be based on the following set of principles:
PCI DSS Compliance: The customer is responsible for securely deleting the encrypted account data and making it unrecoverable after authorization using a method that supports PCI DSS secure delete standards (PCI DSS 3.0 Requirement 3.2).
The POS process should discard any message that does not correspond with the POS state.
The POS process should compare the Transaction ID / Reference Number (field 7) in the request and response. If the response doesn’t match the request, the message should be discarded.
If multiple POS workstations can be associated with a single PIN Pad, Simplify assumes that the POS process ensures there is only one outstanding transaction per PIN Pad. (This situation can occur under TCP/IP.)
Simplify can return encrypted account data to allow Stand-in processing by the POS. See POS SAF Processing for more information.
For support purposes, Elavon strongly recommends that the POS logs all messages received from and sent to Simplify.
API fields in messages sent to the POS will not necessarily appear in order by field number. E.g. the following sequence of fields is possible:
API Field #, Value Description 0001,36 Transaction Type 5001,010003888 Non-Financial Data 0011,14123010000?V102.18B01803 User Data
For API fields that are defined as variable length, the POS must be able to handle data of varying lengths.
Elavon uses HEM/IngEstate for terminal maintenance and updates. Any issue with HEM/IngEstate connectivity will require shipping back the terminal for updates. Elavon recommends testing the connection to HEM/IngEstate during pilot.
Elavon uses Inquiry and Voids to recover from communication issues on Financial Messages. Please pay close attention when implementing Inquiry and Void logic.
Fields 13 (date) and 14 (time) are required in all financial requests. Time must be sent in military (24 hour) format.
To protect against EMV cards being left in the Simplify device, Simplify will not accept any message from the POS until the card is removed. An error message will be returned indicating that the card is still inserted.
If no response is received for a financial request, or if you need to start over for any reason, the POS should send a Cancel before sending another financial request.
The POS can activate Mifare tap by sending a request to Simplify with “M” or “m” in API 0003. For valid tap, Simplify will extract the UID, and send it to the POS in the response as token 300 in Field 5001 (no Fusebox message). See sample under Sale Message.