General Guidelines

POS development for Simplify should be based on the following set of principles:

  1. PCI DSS Compliance: The customer is responsible for securely deleting the encrypted account data and making it unrecoverable after authorization using a method that supports PCI DSS secure delete standards (PCI DSS 3.0 Requirement 3.2).

  2. The POS process should disregard any message that does not correspond with the POS state.

  3. The POS process should compare the Transaction ID / Reference Number (field 7) in the request and response. If the response doesn’t match the request, the message should be discarded.

  4. If multiple POS workstations can be associated with a single PIN Pad, Simplify assumes that the POS process ensures there is only one outstanding transaction per PIN Pad. (This situation can occur under TCP/IP.)

  5. Simplify can return encrypted account data to allow Stand-in processing by the POS. See Stand-in Processing for more information.

  6. For support purposes, Elavon strongly recommends that the POS logs all messages received from and sent to Simplify.

  7. API fields in messages sent to the POS will not necessarily appear in order by field number. E.g. the following sequence of fields is possible:

    API Field #, ValueDescription
    0001,36Transaction Type
    5001,010003888Non-Financial Data
    0011,14123010000?V102.18B01803User Data
  8. For API fields that are defined as variable length, the POS must be able to handle data of varying lengths.

  9. Terminal maintenance and updates can be managed using the Verifone MX Downloader or POS commands. Elavon recommends testing this functionality during pilot.

  10. Elavon uses Inquiry and Voids to recover from communication issues on Financial Messages. Please pay close attention when implementing Inquiry and Void logic.

  11. Fields 13 (date) and 14 (time) are required in all financial requests.

  12. To protect against EMV cards being left in the Simplify device, Simplify will not accept any message from the POS until the card is removed. An error message will be returned indicating that the card is still inserted.

  13. If no response is received for a financial request, or if you need to start over for any reason, the POS should send a Cancel before sending another financial request.