Create a EMV payment

This resource is used to send EMV payment pre-authorizations or purchase from an EMV payment terminal. The EMV payment terminal must be registered in Hips TMS (see separate TMS API) and you must have the TerminalApiKeyAuth to authenticate to this resouce. Idempotency-Key header is required for the resource. Authentication Key Type: TerminalApiKeyAuth

SRED Encryption Magnetic Swipe Track2 (DUKPT)

❗️

Magstripe (Track 2) without DUKPT Encryption will be declined!

Read more about DUKPT Encryption

🚧

Test key (BDK) for SRED Encryption (DUKPT) double length

BDK: 0123456789ABCDEFFEDCBA9876543210, KCV: 08D7B4

Parameter

Description

track2

Encrypted Track 2 Data

The encrypted data must be a multiple of 8 padded with 0x00 represented in ASCII.

track2_ksn

10 byte. For DUKPT SRED this subfield contains the KSN.

pos_entry_mode

Allowed values: magnetic_stripe_read or complete_contents_of_magnetic_stripe_track2

POS Entry Mode

SRED Encryption in TLV (DUKPT)

Read more about DUKPT Encryption

🚧

Test key (BDK) for SRED Encryption (DUKPT) double length

BDK: 0123456789ABCDEFFEDCBA9876543210, KCV: 08D7B4

When encrypting data with SRED the following TLV tag-fields should be encrypted:

EMV Tag

Encrypted EMV Tag

Description

57

DFAE02

Track 2 Equivalent Data

You should not send EMV TAG 57 if DFAE02 is present

5A

DFAE5A

Application Primary Account Number (PAN)

You should not send EMV TAG 5A if DFAE5A is present

DFAE03

10 byte. For DUKPT SRED this subfield contains the KSN.

The encrypted data must be a multiple of 8 padded with 0x00 represented in HEX.

Example (using BDK 0123456789ABCDEFFEDCBA9876543210 and KSN FFFF9876543210E00001):

4111111111111111D12211234

The above example is 25 bytes and must therefore be padded with 0x00 up to next multiple of 8 which is 32. The data to Encrypt will therefore be:

4111111111111111D12211234 + \0x00\0x00\0x00\0x00\0x00\0x00\0x00
343131313131313131313131313131314431323231313233340000000

DUKPT Encrypt data Result:

7B779F3C0277D9733FEF2488997A7FB1813005C8988B78B254EB749A27ED6401

The above encrypted data result is the data you should send in the encrypted EMV tag.

📘

Are you getting the encrypted data result F498871302C3DAED9CF9A2D13EFD9260453EC72F6BE7CA9859E751E5665FC14B instead of 7B779F3C0277D9733FEF2488997A7FB1813005C8988B78B254EB749A27ED6401 in the above example? Then please make sure you are encrypting with DATA Variant. The PEK should be XOR-ed with the value of 0x0000000000FF00000000000000FF0000 (See ANSI X9.24-2004 Appendix A, A.5, page 42)

PIN Data (DUKPT)

Read more about DUKPT Encryption

🚧

Test key (BDK) for PIN (DUKPT) double length

BDK: 0123456789ABCDEF0123456789ABCDEF, KCV: D5D44F

Language
Authentication
Basic
base64
:
Click Try It! to start a request and see the response here!