Overview

This article provides answers to frequently asked questions related to integrating devices with CardConnect.

Simply select a question to display it's answer.

Basic Device Integration FAQ

Can I use the CardConnect P2PE solutions without doing a direct terminal device integration?

Yes. CardConnect provides a Desktop Tokenizer application that can be used to operate the device to prompt a user to swipe or manually key in a card.

What is the Desktop Tokenizer?

The Desktop Tokenizer is a CardConnect application that enables the activation and operation of a CardConnect terminal device. The Desktop Tokenizer application comes in two versions: an executable application .exe file or a web page. The Desktop Tokenizer is available when direct device integration is not an option.

Note: Using the Desktop Tokenizer with terminal devices requires at least .NET 4.0 of the Microsoft .NET framework.

Can I integrate a CardConnect terminal device while submitting transactions to a different payment gateway?

No. CardConnect terminal devices are encrypted with a CardConnect encryption key. The terminal devices communicate with the CardConnect Hardware Security Module (HSM) to decrypt the device encryption keys. The CardConnect terminal device also requires activation within the CardConnect Terminal Management System (TMS). Tokens generated with the use of the CardConnect hardware are only usable within the CardConnect gateway.

How do I integrate the terminal devices you support?

Terminal devices can be integrated directly with the use of the Desktop Tokenizer CCPanPad.DLL (with or without the use of TokenMux) or can be integrated to operate with the CardConnect Desktop Tokenizer. 

Does CardConnect provide documentation or sample code for device integration?

Yes. Upon request, CardConnect will provide documentation that can help ease the device integration process and sample application code to test device integration.

Additional requests for support can be submitted to ISVIntegrations@cardconnect.com

Supported Devices and Encryption Keys

Which terminal devices are supported by CardConnect for integration?

CardConnect currently supports the following terminal devices: 

  • Ingenico 
    • iSC250
      • Signature Capture
      • Color Screen
    • iPP320
      • PinPad
  • IDTech
    • SRED Key
      • Keyboard Emulation

Which mobile devices do you support?

CardConnect currently supports the following mobile devices: 

  • Magtek: 
    • iDynamo(30-pin)
    • iDynamo 5(lightning)
    • uDynamo (auxilary)
  • BBPOS
    • Chipper Mini (auxilary)

Do you provide an SDK for the integration or mobile devices?

No. CardConnect currently does not provide an SDK for direct integration with mobile devices. CardConnect recommends using the mobile device manufacturer’s technical support website to download any available SDK for iOS/Android integration.

Does CardConnect support any magnetic stripe readers?

Yes. CardConnect supports the following

  • Magtek Dynamag, 
  • IDTech
    • SecuRED 
    • SREDKey

Which terminal devices support P2PE configuration with EMV and NFC functionality?

Ingenico iSC250 and iPP320 

Do the available P2PE CardConnect terminal devices support retail transaction?

No. Integration of the P2PE terminal devices only produce tokens to replace card numbers.

Can I use my existing terminal devices with the CardConnect Gateway?

No. You will be required to use the CardConnect assigned terminal devices. CardConnect P2PE enabled devices require injection of an encrypted key and need to be configured to communicate with the CardConnect Terminal Management System (TMS) for authentication.

Can I use the CardConnect encryption key with my existing device?

No. You will be required to use the CardConnect assigned terminal devices. In order to remain P2PE compliant, CardConnect P2PE enabled devices require injection of an encrypted key and need to be configured to communicate with the CardConnect Terminal Management System (TMS) for authentication. For PCI compliance, CardConnect does not share any of its encryption device keys.

PanPad Integration FAQ

Initialization and Timeouts

Is there any way to re-initialize the device from my application?

You can call IngenicoBase.cancel() to cancel the current command running on the Ingenico, but you will need to call that from another thread in your application. The Desktop Tokenizer does this by listening for the ESC key (via a background worker task) and then calling cancel(). Once initialized (via the initialize() method), there is no need to re-initialize during the application instance's lifetime.

Is there a timeout setting once the device has been initialized?

The DLL does spawn a new thread when sending commands to the PanPad. However, there is not a timeout specified for Thread.Join() so it should wait indefinitely.

Track and EMV Data

How long does CardConnect retain track data extracted from a device?

When a card is swiped on a terminal device, track data is submitted to CardConnect. CardConnect will generate a token and store the track data associated with the token. CardConnect stores track data with the generated token every time a card present transaction occurs. Track data is then released with the first transaction submitted for the generated token. Track data is released within 24 hours if unused.

When I call getEMV function of the CCPanPad.DLL library, will it still accept a swipe for cards that do not have a chip?

Yes. A card with no chip will still be processed as a normal mag stripe transaction.

Will the Ingenico device reject a swipe for a card that has a chip?

Yes. If a card with a chip is swiped, the terminal prompts the user to insert the card to force an EMV transaction.

Signature Capture

Do CardConnect terminal devices support signature capture?

Yes. The CardConnect Ingenico iSC250 device supports signature capture. Captured signatures are stored with a token. The signature acquired is used with the first authorization submitted with the generated token. A signature can then be extracted to be printed on a receipt.

Can the signature be printed on a receipt?

Yes. The signature can be extracted, decoded, and printed on a receipt.

How can the signature be extracted?

To retrieve a signature, a POST method is used with the following url:

(sample: https://fts.prinpay.com:6443/cardconnect/signature?retref=166850151142&merchid=496160873888)

What is then returned is a base64 encoded image string. The signature can be decoded using the returned string to get a .bmp image file. 

How is the signature stored within CardConnect?

The format of the signature data is a Base64 encoded, GZipped BMP. (Base64(GZip(BMP signature data)) ). By using a terminal device with signature capture capabilities (like the Ingenico iSC250), the signature can be captured and sent to CardSecure for tokenization. The generated token is stored with the mime encoded signature bitmap and the token is returned to the merchant. When a merchant submits the authorization with the token, the signature is saved with the authorization record. 

Hardware Configuration

Do I need to deploy drivers when integrating P2PE terminal devices?

Yes. With the exception of the IDTech SREDKey device, P2PE terminal devices connecting to a local machine require drivers to be installed locally. 

Note: Direct integration with terminal devices requires at least .NET 4.0 of the Microsoft .NET framework.

Do I need to install devices drivers with the IDTech SREDKey device?

No. The SREDKey device operates with standard USB drivers and does not require device driver installation.

Security & Maintenance

How does integrating with CardConnect P2PE devices remove software applications from PCI Scope?

By integrating a CardConnect P2PE solution within a vendor software application, the vendor software application is removed from PCI scope because all card data is managed between the terminal device and a decryption device at the CardConnect data center. Clear text card data does not pass through the vendor application. The vendor application can store any of the returned CardConnect tokens as the tokens are not raw card data.

How is the terminal device authenticated?

CardConnect P2PE terminal devices are preconfigured and registered within the CardConnect Terminal Management System (TMS). A terminal device cannot be used unless it authenticates and is enabled within TMS.

How are terminals inspected?

It is recommended that a merchant follows the CardConnect recommended inspection routines to determine if a terminal has been tampered with. 

For more information regarding terminal inspection, please see the CardConnect Integrated-Terminal Security Inspection Guide.

How are terminal devices de-activated?

A terminal that you have identified as lost can be disabled by contacting the CardConnect support team. A terminal that produces over 20 errors is automatically disabled by CardConnect and the support team will be notified to contact you to inquire about it. 

Terminal Management Systems

What is the Terminal Management System (TMS)?

CardConnect manages its terminals with its Terminal Management System (TMS). TMS is a module of the CardConnect payment gateway. The TMS has knowledge of all terminals ordered, including its serial number, encryption key, software version, and ship to location among other information.  The TMS can instruct a terminal to update its software version or remotely disable devices.

How are the devices upgraded?

Terminal firmware upgrades are done through a remote push/pull transmission. CardConnect maintains the ability to push new firmware to devices. Upgrades are performed upon terminal device initialization. The CardConnect Integration Support Team will be able to communicate new versions/features and coordinate these updates through TMS. 

Device Procurement

How do I order a test device and any documentation for integration including the Desktop Tokenizer?

Please contact your CardConnect Sales Representative to inquire about terminal devices. 

How are P2PE terminal devices activated to process tokens through the CardConnect gateway?

P2PE terminals are preconfigured by a P2PE-certified vendor with a unique CardConnect assigned terminal ID. The assigned terminal ID and/or HSN is registered with the CardConnect Terminal Management System (TMS) for terminal ID authentication. When a device has been registered via TMS and is enabled, the terminal device will be able to submit encrypted card data and generate tokens.

What is the average time needed for direct terminal device integration?

Depending on the terminal device ordered and its configuration, integration can take up to 6 weeks. 

Note: Ingenico device orders require an extended period of time based on configurations, so you should coordinate with your sales engineer in advance. 

Does CardConnect provide support, recommendations and suggestions for the integration of CardConnect terminal devices?

CardConnect takes a consultative approach to device integration and requires an approved projected scope for execution. 

SREDKey Device

How do I extract swiped/key data from the SREDKey device?

The SREDKey devices works in USB Keyboard mode. Once a card is swiped or keyed, the encrypted data is available in the machine's clipboard and can be passed to the CardConnect gateway for processing a transaction.

Does the SREDKey put my workstation in PCI Scope while handling the encrypted data produced by the device?

The SREDKey device is encrypted with a key that keeps the data secure. The device decryption key is configured within the CardConnect Hardware Security Module (HSM) hardware. As a result, no clear card data traverses through your system when using the terminal device.

How can I use the encrypted data extracted from the SREDKey device?

The extracted encrypted data from the SREDKey can be submitted directly to the CardSecure tokenization solution to request a token. The data can also be passed as part of a transaction.

CardConnect Tokenization

How does CardConnect generate tokens?

CardConnect provides a tokenization solution called CardSecure. CardSecure uses a patented tokenization algorithm to convert card data into 16-digit number tokens or alpha-numeric tokens. These tokens can only be used within the CardConnnect gateway for transaction processing. Using/storing the CardSecure tokens releases a software application from PCI scope because the card data is replaced with tokens.

What types of tokens are generated by CardConnect?

CardConnect can generate 16-digit numeric tokens or alpha-numeric tokens that can be used instead of card numbers. The token can be submitted within a transaction instead of the card number. The token is translated by CardConnect and submitted to the payment processor as part of the transaction.

Can I determine the card type from the token generated?

Yes. The generated token reflects the last 4 digits of the card. The first digit of the token is always ‘9’ and the second digit reflects the first digit of the card. By looking at the second digit of the token, you can determine the card type:

  • 3X= Amex
  • 4X= Visa 
  • 5X= Mastercard 
  • 6X= Discover

Do CardConnect tokens expire?

No. A CardConnect token generated for a card does not expire. In the event a card is re-swiped or manually keyed within a device, the same token is generated for that card.