08 Feb: Southeast Acquirers Conference 2018

If you’re attending the Southeast Acquirers show, please stop by the ID TECH booth where we will be showing our latest innovative products. See you at the Loews Royal Pacific Resort in Universal Orlando, Florida from March 12-14, 2018! LEARN MORE: http://www.southeastacquirers.com/registration.html


29 Jan: Tools for Payment Device Integration: Parsomatic

Integrating a payment peripheral into a POS app (or other payment app) can be challenging, even under the best of circumstances. It helps to have good documentation. It helps even more to have good tools. ID TECH offers a number of free tools to make the integration process easier. One of our most popular tools, Parsomatic, is hosted on this site (go here). Another tool that gets heavy use not only by customers but by ID TECH’s internal support staff is our Encrypt/Decrypt Tool (go here). We also have a Windows-based (.NET) utility, which works with all current-production (and some older) ID TECH products, that we call UDemo (or the Universal SDK Demo). It’s available, with many other demos and utilities, on our downloads page. If you’re starting to do an integration, or you’re new to EMV and need a quick tag-lookup utility that can also parse arbitrary blocks of…


26 Jan: ID TECH’s VP3300C Allows for Contactless Donation Payments

Thanks to ID TECH’s VP3300C, the Catholic church is going digital in Paris. The city’s diocese will introduce a system allowing contactless card payments during Sunday’s mass at Saint Francois de Molitor, a church located in an upscale and conservative Paris neighborhood. The diocese explained Thursday that five connected collection baskets with a traditional design will be handed out to mass attenders during the service. They will choose on a screen the amount they want to donate — from 2 to 10 euros ($2.4 to $12.2) — and their payment will be processed in “one second.” You can view the full article here. Click this link to see a video of the VP3300C in action.


05 Jan: TRANSACT: Powered by ETA

Come visit the ID TECH Booth #1019 while at Transact 2018. We will be featuring our latest EMV and contactless payment solutions in Countertop, MPOS and Unattended environments. With EMV certifications completed and many more in process, we are ready to help you deliver EMV acceptance to the market. LEARN MORE: http://www.electran.org/events/etatransact18/


05 Jan: Northeast Acquirers Show 2018

If you’re attending the Northeast Acquirers show, please stop by the ID TECH booth where we will be showing our latest innovative products. See you at the Mohegan Sun in Connecticut from January 29-31, 2018! LEARN MORE: http://northeastacquirers.com/neaa-2018/

VP 6300


Here at ID TECH, we get a lot of technical questions about the payments business. People are sometime confused about Payment Card Industry requirements. For example, we get questions like: “Can you help me by providing a PCI DSS Certificate for these devices?” or “I don’t see X product on the PCI website, is it P2PE certified?”   These are common questions, yet these kinds of questions are sometimes motivated by faulty assumptions. If the assumption is that non-PCI-certified devices are inherently less secure than PCI-certified devices, that’s simply not the case. ID TECH can supply PCI PTS SRED certified hardware (such as the SREDKey pictured at right; or the Augusta S, Spectrum Pro, SecuRED, VP8800, or others), but our non-SRED devices are still highly secure devices that can be used for most payment solutions being developed for the market. PCI DSS is a systems solution requiring certification of all aspects of a payment system, not just the hardware device(s)….


Many of ID TECH’s customers are interested in point-to-point encryption (P2PE), and as part of their quest to achieve compliance with PCI’s stringent P2PE rules, customers often consider SRED (Secure Reading and Exchange of Data) payment devices. Such devices not only encrypt data at the point of capture (as all of ID TECH’s devices are capable of doing) but also incorporate tamper detection, automatic data zeroization in the event of tamper, and other specialized security features. Chief among the “other specialized security features” is something known as MAC authentication of commands. In cryptography, a message authentication code (MAC) is a short code used to allow the receiver of a message to authenticate the message—in other words, confirm that the message came from a trusted sender. The MAC value protects both a message’s data integrity as well as its authenticity, by combining the message with a secret known to both the sender and the receiver. The message is sent in the clear, but…


Compared to magstripe readers, chip-card readers are fussy. Reading a magnetic stripe is comparatively straightforward, but getting a chip-card reader to converse with the chip on a chip card requires a substantial amount of preparation and setup. Let’s talk about what that means. Before attempting to perform any EMV transactions using a chip-card reader, you need to make sure your card reader is properly configured. At a minimum, this means loading the device with: Proper terminal settings Any AIDs that might be needed Public keys for the card brands you intend to honor TERMINAL SETTINGS So-called “terminal settings” must be supplied to the device as TLVs (data formatted as tag/length/value triplets), using industry-standard tagsas defined in the EMVCo specs for contact EMV and/or contactless EMV. Here’s an example of what such settings look like: Major Settings 9F35 Terminal Type 21 9F33 Terminal Capabilities 6028C8 9F40 Additional Terminal Capabilities F000F0A001 DF26 Enable Revocation List…


Checksums of various kinds are commonly used in data communication protocols to allow the recipient of a message to determine, quickly and easily, whether the data is likely to have been corrupted in transit. If you add all the bytes of a message together, and find (neglecting overflow) that the sum is 96, then you tack that number onto the message before sending it, the recipient can repeat your summation on the first N – 1 bytes of the message, and compare the result to the final byte to see if it’s 96. If so, the recipient can infer that the message probably (arguably) wasn’t altered in transit. You’ll find a wide array of checksum techniques in common use. Three of the most popular ones are the conventional checksum, LRC (longitudinal redundancy check), and CRC (cyclic redundancy check). The latter isn’t really a checksum in the usual sense, but is an example of a one-way hash that…


Getting a payment app up and running means being able to handle at least two different kinds of integration: First, you need to know how to integrate the necessary hardware (i.e., the card reader plus whatever it’s plugged into); then you need to know how to integrate with a payment “back end,” such as an online payment gateway (the party that “okays” the transaction and processes it for settlement). In previous posts, I’ve talked a lot about the hardware integration piece of this puzzle, which turns out to be not so terribly difficult, because with ID TECH card readers, you can use our Universal SDK to talk to devices from a high-level language environment, or you can do a pure-JavaScript solution, if you’re willing to enlist Node JS in your architecture. Either way, talking to ID TECH devices isn’t really a very big deal. But the question remains: After you get the credit card reader to…