Technical Blog

Welcome to the ID TECH Products technical blog

Home  > Technical Blog

Kas Thomas
Posted: 29 Jan 2018

Integrating a payment peripheral into a POS app (or other payment app) can be challenging, even under the best of circumstances. It helps to have good documentation. It helps even more to have good tools. ID TECH offers a number of free tools to make the integration process easier. One of our most popular tools, Parsomatic, is hosted on this site (go here). Another tool that gets heavy use not only by customers but by ID TECH's internal support staff is our Encrypt/Decrypt Tool (go here). We also have a Windows-based (.NET) utility, which works with all current-production (and some...

Kas Thomas
Posted: 5 Nov 2017

Here at ID TECH, we get a lot of technical questions about the payments business. People are sometime confused about Payment Card Industry requirements. For example, we get questions like: “Can you help me by providing a PCI DSS Certificate for these devices?” or "I don't see X product on the PCI website, is it P2PE certified?"   These are common questions, yet these kinds of questions are sometimes motivated by faulty assumptions. If the assumption is that non-PCI-certified devices are inherently less secure than PCI-certified devices, that's simply not the case. ID TECH can supply PCI PTS SRED certified hardware (such as the SREDKey pictured...

Kas Thomas
Posted: 5 Oct 2017

Many of ID TECH's customers are interested in point-to-point encryption (P2PE), and as part of their quest to achieve compliance with PCI's stringent P2PE rules, customers often consider SRED (Secure Reading and Exchange of Data) payment devices. Such devices not only encrypt data at the point of capture (as all of ID TECH's devices are capable of doing) but also incorporate tamper detection, automatic data zeroization in the event of tamper, and other specialized security features. Chief among the "other specialized security features" is something known as MAC authentication of commands. In cryptography, a message authentication code (MAC) is a short code used to allow the...

Kas Thomas
Posted: 5 Sep 2017

Checksums of various kinds are commonly used in data communication protocols to allow the recipient of a message to determine, quickly and easily, whether the data is likely to have been corrupted in transit. If you add all the bytes of a message together and find (neglecting overflow) that the sum is 96, then you tack that number onto the message before sending it, the recipient can repeat your summation on the first N - 1 byte of the message, and compare the result to the final byte to see if it's 96. If so, the recipient can infer that...

Kas Thomas
Posted: 5 Aug 2017

Getting a payment app up and running means being able to handle at least two different kinds of integration: First, you need to know how to integrate the necessary hardware (i.e., the card reader plus whatever it's plugged into); then you need to know how to integrate with a payment "back end," such as an online payment gateway (the party that "okays" the transaction and processes it for settlement). In previous posts, I've talked a lot about the hardware integration piece of this puzzle, which turns out to be not so terribly difficult, because with ID TECH card readers, you can use our Universal...

Kas Thomas
Posted: 5 Jul 2017

Everybody knows what a pain in the "back end" chip cards can be. Insert your card, tap your foot, pray the chip misfires so you can go ahead and swipe... Okay, that might be overstating it. But you know what I mean. Standard "contact EMV" frustrates customers (and has driven many a payment-app developer to the brink of drink) because it's slow, complex, and unforgiving. All that changes with contactless EMV. A "tap and go" transaction typically takes less than 500 milliseconds, and can be done with your phone (which is a lot more convenient than whipping out a plastic...

Kas Thomas
Posted: 5 Jun 2017

In a previous post, I showed how to establish USB connectivity using NodeJS, the popular JavaScript runtime engine. In a followup post, we saw how Websockets can be used for inter-process communication between NodeJS and any browser (even older browsers that don't know about Websockets). If we tie together the USB connectivity code and Websockets code, it becomes possible for a web page to control a USB device (such as our VP3300 3-way card reader, shown at right) using only JavaScript. That's the code I want to show you today. If you didn't already download the scripts from my previous posts, don't worry: The...

Kas Thomas
Posted: 5 May 2017

You can connect to any USB card reader from any web browser using Websockets and NodeJS. Which means you can do EMV transactions from a Virtual Terminal. Find out how, below! Last time, I showed how to set up USB connectivity via JavaScript using NodeJS and a module called node-hid. The result was that we were able to get programmatic access to USB devices, from JavaScript, in only about 75 lines of code. Our script implemented automatic device detection and connection, and got us a device handle with which to do reading and writing of USB data. All of which is fine, if the only...

Kas Thomas
Posted: 5 Apr 2017

A really handy thing to be able to do is to control USB devices using JavaScript. This is a powerful capability, made easily possible by NodeJS (better known, simply, as Node). To get Node, go here.    Node is an increasingly vital piece of infrastructure for companies that do business via the Web. You've heard of many of the companies I'm talking about. (Check out their logos below.) Most companies that use Node run it on the server side. But it's easily possible (and definitely worthwhile) to run it on the client side, too. Unlike scripts written for web pages, scripts that run on Node have...