This resource is used to send EMV payment pre-authorizations or purchase from an EMV payment terminal. The EMV payment terminal must be registered in Hips TMS (see separate TMS API) and you must have the TerminalApiKeyAuth to authenticate to this resouce. Idempotency-Key header is required for the resource. Authentication Key Type: TerminalApiKeyAuth
SRED Encryption Magnetic Swipe Track2 (DUKPT)
Magstripe (Track 2) without DUKPT Encryption will be declined!
Read more about DUKPT Encryption
Test key (BDK) for SRED Encryption (DUKPT) double length
BDK: 0123456789ABCDEFFEDCBA9876543210, KCV: 08D7B4
| Parameter | Description | |
|---|---|---|
| track2 | Encrypted Track 2 Data The encrypted data must be a multiple of 8 padded with 0x00 represented in ASCII. | |
| track2_ksn | 10 byte. For DUKPT SRED this subfield contains the KSN. | |
| pos_entry_mode | Allowed values: magnetic_stripe_read or complete_contents_of_magnetic_stripe_track2 | POS Entry Mode |
SRED Encryption in TLV (DUKPT)
Read more about DUKPT Encryption
Test key (BDK) for SRED Encryption (DUKPT) double length
BDK: 0123456789ABCDEFFEDCBA9876543210, KCV: 08D7B4
When encrypting data with SRED the following TLV tag-fields should be encrypted:
| EMV Tag | Encrypted EMV Tag | Description |
|---|---|---|
| 57 | DFAE02 | Track 2 Equivalent Data You should not send EMV TAG 57 if DFAE02 is present |
| 5A | DFAE5A | Application Primary Account Number (PAN) You should not send EMV TAG 5A if DFAE5A is present |
| DFAE03 | - | 10 byte. For DUKPT SRED this subfield contains the KSN. |
The encrypted data must be a multiple of 8 padded with 0x00 represented in HEX.
Example (using BDK 0123456789ABCDEFFEDCBA9876543210 and KSN FFFF9876543210E00001):
4111111111111111D12211234
The above example is 25 bytes and must therefore be padded with 0x00 up to next multiple of 8 which is 32. The data to Encrypt will therefore be:
4111111111111111D12211234 + \0x00\0x00\0x00\0x00\0x00\0x00\0x00
343131313131313131313131313131314431323231313233340000000
DUKPT Encrypt data Result:
7B779F3C0277D9733FEF2488997A7FB1813005C8988B78B254EB749A27ED6401
The above encrypted data result is the data you should send in the encrypted EMV tag.
Are you getting the encrypted data result F498871302C3DAED9CF9A2D13EFD9260453EC72F6BE7CA9859E751E5665FC14B instead of 7B779F3C0277D9733FEF2488997A7FB1813005C8988B78B254EB749A27ED6401 in the above example? Then please make sure you are encrypting with DATA Variant. The PEK should be XOR-ed with the value of 0x0000000000FF00000000000000FF0000 (See ANSI X9.24-2004 Appendix A, A.5, page 42)
PIN Data (DUKPT)
Read more about DUKPT Encryption
Test key (BDK) for PIN (DUKPT) double length
BDK: 0123456789ABCDEF0123456789ABCDEF, KCV: D5D44F