Reply
Highlighted
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011
Accepted Solution

Encrypted track data with mobile:

I got a call today from someone who has a bunch of encrypted swipers and wants to be able to integrate them using Authorize.net. I realize that there's no interface for entering the decryption keys in Authorize.net - that's something that has to be negotiated between the device manufacturer and the merchant processor - but assuming that issue can be figured out, how does one go about passing the encrypted track data through Authorize.net? This thread indicates that there's a way to do so via the SOAP and XML API's...

 

http://community.developer.authorize.net/t5/Integration-and-Testing/Smart-vending-machine-integratio...

 

...but I can't seem to find documentation, and in any case the object is to do this via the mobile API's, preferably without having to cheat and use an intermediary web site. Has anyone integrated encrypted swipers / mobie, and if so, how do you go about doing it? The client is willing to pay a reasonable amount for your time, if necessary, and I can forward you if this is something you've already solved before. Short of that, a link to documentation explaining how to pass encrypted data will be much appreciated.


Accepted Solutions
Highlighted
Solution
Accepted by topic author TJPride
‎08-21-2015 01:58 AM
Posts: 2,765
Topics: 57
Kudos: 248
Blog Posts: 67
Registered: ‎12-05-2011

Re: Encrypted track data with mobile:

@TJPride 

 

In your scenario, if the merchant has seeded the card reader with their key, they will need to obtain the data and decrypt it prior to sending to the payment gateway.  It goes without saying that the merchant will need to manage all PCI scope on their website.

 

Richard

View solution in original post


All Replies
Highlighted
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Encrypted track data with mobile:

The client has decided to go with a web intermediary, so knowing how to do this via mobile is not an immediate concern any more. How does one go about passing encrypted track data via the PHP API, or using PHP/XML?

Highlighted
Posts: 2,765
Topics: 57
Kudos: 248
Blog Posts: 67
Registered: ‎12-05-2011

Re: Encrypted track data with mobile:

Hello TJPride

 

Instructions for integrating mobile devices and handling encrypted track data is available in the AIM XML Developer Guide.   However, you must use encrypted readers provisioned with the Authorize.Net Key.  As mentioned in the previous post from Trevor, we are currently working with multiple vendors to make them available.

 

Richard

Highlighted
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Encrypted track data with mobile:

I understand that that would be the case with Cybersource, but are you saying that if we have a merchant integrated with Authorize.net, and they have seeded the swipers, Authorize.net has no mechanism for just passing the encrypted data through verbatim to the merchant so the merchant can decode it? It has to be an Authorize.net device?
Highlighted
Solution
Accepted by topic author TJPride
‎08-21-2015 01:58 AM
Posts: 2,765
Topics: 57
Kudos: 248
Blog Posts: 67
Registered: ‎12-05-2011

Re: Encrypted track data with mobile:

@TJPride 

 

In your scenario, if the merchant has seeded the card reader with their key, they will need to obtain the data and decrypt it prior to sending to the payment gateway.  It goes without saying that the merchant will need to manage all PCI scope on their website.

 

Richard