Encryption protects data in transit, securing the transaction from the card entry device to the backend processor. In order for encryption to work successfully, it needs to be configured correctly along the whole transaction path. If any one of these are “mismatched”, you’ll likely receive one of the errors listed below:
*Check the Encryption Summary to determine the encryption methods for each backend processor
Voltage Errors (TSYS, Heartland and Global Portico)
E2EE Encryption is Not Configured
The PIN Pad is injected with Voltage Encryption, but Encryption is not setup at the backend processor.
Resolution: Processor/ISO needs to enable Voltage Encryption for the merchant account.
Encryption Should Not be Enabled (TSYS)
The PIN Pad is injected with Voltage Encryption, but a “clear” Secure Device ID is being selected in the integration.
Resolution: Change the Secure Device value to one ending in “_VOLT”. i.e. EMV_LANE5000_TSYS_VOLT
TDES DUKPT Errors (NETePay Hosted, EVO, Fiserv (First Data), Worldpay IP, Worldpay Core)
Type 11/19 DUKPT Encryption is Not Enabled
The PIN Pad is not injected with an Encryption Key, but the backend processor is configured for Encryption.
Resolution: Either the device needs to be re-injected (preferred) or the processor needs to disable Encryption (not all processors will allow this option).
Encryption Failed
The PIN Pad is injected with an Encryption Key, but it is the incorrect key.
Resolution: The device will need to be returned to the Injection Facility for re-injection.
Serv Not Allowed: 512 (Fiserv (First Data RapidConnect))
The PIN Pad is injected with an Encryption Key, but the TransArmor settings are not correctly configured at Fiserv.
Resolution: Request that Fiserv enable TransArmor Tokens and Encryption for the merchant account.
Encryption Should Not be Enabled
- The PIN Pad is injected with an Encryption Key, but a “clear” Secure Device ID is being selected in the integration.
Resolution: Change the Secure Device value to one indicating Encryption (i.e. EMV_LANE8000_DATACAP_E2E) .
OR
- The PIN Pad is injected with an Encryption Key, but it has not been configured for Encryption. Injection Facilities typically use a DP (Data Package) file to set the encryption type.
Resolution: The device will need to be returned to the Injection Facility for re-configuration.
Invalid Field Encrypted Format
The PIN Pad is injected with an Encryption Key, but a Secure Device ID is selected that does not match the payment application.
Resolution: Ensure that the Secure Device ID being used is applicable for the Deployment’s application (i.e. For “Datacap TDES DUKPT – Slot 2” use EMV_A30_DATACAP_E2E ).
Crypto Failure: 500 (Fiserv (First Data RapidConnect))
The PIN Pad is injected with a TDES DUKPT Encryption Key and it is properly configured, however the particular key selected is incorrect.
Resolution: The device will need to be returned to the Injection Facility for re-injection.
OR
If the error only occurs during manual entry, we’ve identified this to be an issue specific to UPP 7.80.44 for Ingenico devices. An alternate error message for this condition is: “Invalid TransArmor Request: 216”
Resolution: The device will need to be returned to the Injection Facility to load UPP 7.80.01.
Primary Account Decryption Error (Bluefin P2PE)
The PIN Pad Serial Number is not correctly configured in Bluefin’s Device Management platform (P2PEManager). In your P2PEManager portal, ensure that the Serial Number is set to “Activated” or “Activating”. If that setting is correct, Bluefin teams will need to manually adjust in their system. Contact Datacap Support to help initiate that request.