Velocity Point-to-Point Encryption (P2PE)

Production Architecture

The P2PE VAS production architecture communicates directly with the Web Service for all card data decryption and optional card scoring.

Sandbox Architecture

The P2PE VAS Sandbox architecture communicates with a Web Service "test host" that stores magnetic fingerprint values for test cards issued. These test cards are used to simulate production card data decryption and optional card scoring during testing/certification. In addition, Velocity provides a Sandbox environment for integration, testing, and certification purposes.

P2PE VAS Implementation

Integration to the P2PE VAS requires a P2PE VAS-enabled workflowId that must be passed with each Commerce Web Services (CWS) transaction request. This workflowId is returned to the application in the response to the GetServiceInformation call during the Preparing the Application to Transact process of a CWS integration.

Optionally, a ScoreThreshold value can be passed with each transaction request to trigger card authentication.

Setting the ScoreThreshold Value

One of the key features of the security architecture is card authentication, which is used to identify counterfeit credit cards, debit cards, gift cards, and other cards at the point of swipe.
This makes it possible for card issuers to uniquely identify each physical card they produce by analyzing its magnetic "fingerprint". By storing this fingerprint, merchants are able to perform a fingerprint reference check to determine if the card is counterfeit, and should therefore be declined.

Card authentication, or card scoring, is performed based on the presence of the CWS BankcardTransactionData.ScoreThreshold parameter in each transaction authorization request.
•ScoreThreshold Present - Encrypted card data is decrypted and card scoring is performed based on the ScoreThreshold value passed in the transaction request.
•ScoreThreshold Null - Encrypted card data is decrypted, but no card scoring is performed.

P2PE VAS Requirements

Service Overview

Point-to-Point Encryption (P2PE) Value-Added Service (VAS) provides a comprehensive security solution that protects card data throughout the entire Commerce Web Services (CWS) transaction lifecycle. The VAS integrates directly to the Service to decrypt card data that was encrypted during initial swipe at the point-of-sale using a Secure Card Reader Authenticator (SCRA) device.

Bankcard Processing (BCP) Support Credit, PIN Debit
Supported Industries Retail and Restaurant
Certification Testing Trigger Values and Response Codes

Prerequisites

Integration to the P2PE VAS requires a CWS payment solution and a Secure Card Reader Authenticator (SCRA) device Requirements

Requirements

Credit Processing

Supported CWS Transaction Processing operations:

  • Authorize
  • AuthorizeAndCapture
  • ReturnUnlinked 
Only Track 2 data is supported, and is therefore, required.
PIN Debit Processing Supported CWS Transaction Processing operations:
  • AuthorizeAndCapture
  • ReturnUnlinked
  • Undo
 

Required Data Elements

CWS Data Element Common Device Swipe Field Name Field Name Description
ApplicationData.EncryptionType Enumeration set in application data. Value does not come from the device. EncryptionBlockType Encryption Type Enumeration:
  • IPADV1Compatible
  • MagneSafeV4V5Compatible
MerchantProfile.MerchantData.Name Value does not come from the device. RegisteredBy Merchant Name: An alpha numeric entry between 1 and 20 characters long.
BankcardTenderData.CardSecurityData.IdentificationInformation "Print data", "Print Data (hex)" EncMP Encrypted Information returned by the device when card is swiped.
BankcardTenderData.CardSecurityData.CVData Always set to "Null". Value does not come from the device.    
BankcardTenderData.CardSecurityData.CVDataProvided Enumeration set to CVDataProvided.NotSet. Value does not come from the device.    
BankcardTransactionData.EntryMode Enumeration set to EntryMode.Track2DataFromMSR. Value does not come from the device.    
TransactionData.Reference Value does not come from the device. CustTranID An alpha-numeric transaction ID between 1 and 16 characters long.

Note: Reference must be unique. Refer to specific Payment Service Provider Guidelines (where applicable) for additional information.
TransactionTenderData.EncryptionKeyId "DUKPT serial number/counter", "DUKPT Key Serial Number" KSN 20-character string returned by the device when card is swiped.
TransactionTenderData.SecurePaymentAccountData "Track 2 encrypted data", "Track 2 Encrypted" EncTrack2 Encrypted Track 2 data returned by the device when card is swiped. Track 2 data is supported at this time.
TransactionTenderData.SwipeStatus "Print Status" Status Print Status of Card Swipe. This is an alpha numeric string, returned by the device when card is swiped.
Optional Data Elements      
ApplicationData.DeviceSerialNumber Value does not come from the device. Device Serial Number The device serial number.

Comments