Datacap offers both non-validated End-to-End Encryption and PCI-Validated Point-to-Point Encryption. Benefits of PCI-Validated P2PE include:
- PCI-validated P2PE solution secures transactions by encrypting all data within a PCI-approved point of entry device, preventing clear-text cardholder data from being available.
- Reduced PCI scope for the merchant (reducing SAQ questions by 90%).
- Available to Datacap POS partners without integration changes.
Setting up PCI-Validated P2PE requires some additional steps compared to a standard Datacap install that utilizes End-to-End Encryption. To set-up PCI-Validated P2PE with Datacap, follow the steps below:
Note: PCI-Validated P2PE with Datacap requires NETePay Hosted
1 In PSCS, create a NETePay Hosted deployment and select "Enable" for BlueFin Validated P2PE Support.
2 Order your devices via BlueFin's P2PE Manager
2A Once logged in, from the home page, click on "Device Requests".
Create a new order by clicking on the “create new order” button.
Notes: All fields marked with an asterisk (*) are required for new requests
- If that data is not initially available, you can save the record but you will not be able to submit the record.
- The save button will not be available if the order has already been submitted.
- The submit button will not be available if there are no devices on the request or if there are missing fields that are required
A list of missing fields will display below the submit button.
2B After completing the required account/custodian information, add the required devices.
Click on the “Add a Device” button
Select Device, Quantity and Comm Type. Click “Save”. Repeat for additional devices
Note: Cables and/or other accessories that are automatically included will be listed in the Included Accessories section below the Selected Devices
2C Submit your device request by clicking on the "Submit" button. Once submitted, you can no longer edit the request. Contact your BlueFin sales rep if changes need to be made after it was submitted.
3 After receiving your order, confirm devices were not tampered with and confirm the identity of any third-party personnel.
Notes: When the POI devices arrive at the customer location, the employee listed as the contact for the location logs into the P2PE Manager and starts the process for confirming the device they received. The merchant employee manually keys (or scans) in the serial number of the device, and the serial number from the tamper seal into the P2PE Manager, and if they both match the injection and shipment records recorded by the KIF, then the device is marked as being eligible for use (see P2PE Manager Device Activation v3.0 below).
If the serial number of the device and the serial number on the tamper bag do not match, the device is programmatically barred from use. Without the validation of those two authenticating serial numbers, substituted devices could not be put into use.
P2PE Manager Device Activation v3.0
Specific steps for activating a device within P2PE Manager can be found in your P2PE Manager User Guide or via the following video link: https://vimeo.com/182772442/30b87f999e
4 Ensure your Point of Sale is referencing the appropriate Datacap Secure Device ID that corresponds with your device. See chart below for some PCI-Validated P2PE-specific Secure Device ID examples.
Device | Secure Device ID |
---|---|
PAX A920Pro+ | EMV_A920PRO_DATACAP_BLUEFIN |
PAX A30+ | EMV_A30_DATACAP_BLUEFIN |
PAX A35+ | EMV_A35_DATACAP_BLUEFIN |
PAX A77+ | EMV_A77_DATACAP_BLUEFIN |
PAX Aries8+ | EMV_ARIES8_DATACAP_BLUEFIN |
PAX IM30+ | EMV_IM30_DATACAP_BLUEFIN |
Verifone P400 | EMV_P400_DATACAP_BLUEFIN |
Verifone P400 for Global Canada | P400GlobalDatacapBlueFin |
Ingenico Move/5000 | EMV_MOVE5000_DATACAP_ONGUARD |
Ingenico Link/2500 | EMV_LINK2500_DATACAP_ONGUARDD |
Ingenico Lane/3000 | EMV_LANE3000_DATACAP_ONGUARD |
Ingenico Lane/5000 | EMV_LANE5000_DATACAP_ONGUARD |
Ingenico Lane/7000 | EMV_LANE7000_DATACAP_ONGUARD |
Ingenico Lane/8000 | EMV_LANE8000_DATACAP_ONGUARD |
ID Tech Augusta | EMV_AUGUSTA_MONETARY |
ID Tech VP6800 | EMV_VP6800_DATACAP_BLUEFIN |
+ DC Direct P2PE support on these devices only
To search for the appropriate Secure Device ID value, refer to Datacap’s compatible devices and choose a device. On the NETePay Hosted Secure Device IDs section, look for the row or rows that are labeled (PCI-Validated P2PE).