How are PCI/Semi Integrated EMV and certification related?

EMV/Semi Integrated

Why are there 2 different api documents? Which one do I use? (transaction flow, for card not present, both)

In order to keep the POS from having to handle card data (which keeps it out of PCI, and EMV Certification scope), the terminal has to handle the card data. The SPIN proxy API enables POS developers to send and receive information from the terminal to the POS for card present transactions. Terminals will be loaded with Clearent EMV application which removes POS from EMV scope.

The Card Present specs are coded to the terminal and the terminal then calls Clearent. The benefit here is that you can now call Clearent and seamlessly do voids refunds and transaction lookups outside of the terminal call. This allows your back-office software to be very functionally rich.

For card not present transactions such as recurring payments, tokenization and moto orders you need to integrate to Clearent’s API.

Can I store my card tokens in a database?

Yes. Tokens are not card numbers. You can store them in your database for future use

What should I do if I receive a timeout or a system error?  

We recommend you build retry logic into your solutions.  The transactions are going across the public internet and sometimes that can cause slowness in the network between your solution and our gateway, there could be times your transaction doesn’t even get to us.  While this doesn’t happen very often it’s important in those cases to retry the transaction.

How do I set up for Network Connection vs. Direct Connection to a POS? – Here’s how:

  • First, make sure that the server is on the same network as the POS units
  • Set communication for Ethernet

The POSLink SDK supports

  • Android
  • PC
  • Java
    • Cloud: Imported into the POS
  • Semi-integration
    • Removes the POS from PCI/EMV compliance
    • PAX device handles all of the communication with the processor host
  • Full integration
    • Same SDK
    • Different cloud
    • API
      • MSR
      • EMV
      • NFC
      • PIN pads and Signature Capture devices with Direct To Host
    • PAX Device acts as peripheral only
      • Data entry only
  • Payment done on POS

If my app is sitting on Amazon AWS somewhere, it needs to talk through the Internet and firewalls to a PAX device attached to a PC in a shop somewhere, right? We don’t have any software installed on the local network where that device is and don’t have a way to reach that IP. In a cloud environment, does the server have to be on the same network as the PAX device? If not, how do they communicate?

Web based POS systems need to know the terminal’s IP address and port. It can be manually or automatically configured. You can have a web service running and have the terminal report its IP address to their server, with client POS system automatically acquiring the corresponding terminal IP from the server.

The client POS system and the PAX terminal must be at the same location and on the same network. The Client POS must know the IP address of the PAX terminal. The client POS can use the HTTP GET protocol to send the payment request to the payment terminal. 

In the SDK development guide, there is example of the of the HTTP GET protocol. You can copy and pasted the sample to the web browser URL and test it. You will also need the low-level message specification.

Can the service port to Telnet, SSH, HTTP, etc. on the D200 be disabled? If so how?

The terminal does NOT support SSH, Telnet. It only supports HTTP to communicate to the POS system, and is only enabled when the ECR comm type is set to LAN/IP. 

How do you set a static IP in the SP30?

Do this:

  • Press the “F”key to access the menu
  • Select Option 6 (Communication)
  • Select Option 7 (LAN Parameters)
  • Select Option 1 (LAN Type)
  • Select Option 2 (Static)
  • Back to LAN Parameters
  • Select Option 2 (IP Address)
  • Input the IP address and press “Enter”
  • Back to LAN Parameters
  • Select Option 3 (Subnet Mask)
  • Input the Subnet Mask and press “Enter”
  • Back to LAN Parameters
  • Option 4 (Gateway IP)
  • Input the Gateway IP and press “Enter”
  • Back to LAN Parameters
  • Option 5 (DNS IP)
  • Back to LAN Parameters
  • Press “Cancel” to return to the idle screen

*Make sure you make the changes in BroadPOS so that they don’t get erased the next time you update your terminal.

How can we make the terminal time out after a card swipe for situations where the cardholder changes his mind and wants to use another form of payment? The ECR seems to store that information and send it to the terminal when the next transaction is initiated and this can cause issues.

*That is supported already. Here’s how:

  • Automatic timeout after card swipe, the default timeout is set to 30 seconds. 
  • If the customer swipes the card and decides to pay with Cash, there is a message on the terminal and the customer should cancel the transaction.
  • There is an API the POS that can call to clear the buffer.

*Not supported with the “Swipe Anytime” feature.

Can we do semi-integration to a Mac-based POS?

Yes. For IOS or any other OS it will work. You can do direct integration to our terminal without the poslink SDK. SDK is just a development/integration tool. Simply talk straight to a TCP server running in the pin pad. 

We have SDK for PC and Android (use Java for Android). If the integrator is using a Mac computer, they can use HTTP protocol to communicate with our device.

ECRRefNum – this field is required. We do not have a reference number to pass it. Will it matter if we pass in the same number every time, such as 12345? If it has to be unique, when does this reset where a number can be reused again?

The ECRRefNum is a mandatory field but the value can be any value. This number is used to identify the POS and will be echoed back to your POS. For example: You can use it as a POS domain when you are using multiple POS’s to communicate with one terminal. You can just hard code it as 1 if you don’t need it. 

In EMV mode (with a card inserted, that is), we sometimes – intermittently – get a message that says “No App” on the device, and it eventually says “Fallback – Swipe Card”.

“No App” refers to the AID matching, or lack thereof, between card and terminal. When there is not an Application Identifier (AID) that both the terminal and card have, it will resort to MSR Fallback.