Elo Payloads

Elo has a number of PCI 6.X certified payment terminals. The terminals allow multiple entry methods (manual, swipe, contactless, and insert). The devices are android based and can run either Elo's application (Elo Pay) or an application can be created for the device to communicate to its Castles 1000 firmware.

The following guide outlines how to pull track information from the Elo devices for processing with the Decryptx Service.

Bluefin have integrated and verified the following Elo device:

  • Elo M60

Obtaining the Payload

In this example we will be sending JSON requests to the machine using the Payconnect SDK to process a payment and get a payload back. In order to get the payload data from the machine a "readcard" command is posted to the machines IP Address and Port number. An example of this is 6000.

Payload Request and Response

The body of the request is below.

    "request" : {
        "command" : "readcard",
        "tenderType" : "credit",
        "transactionType" : "sale",
        "amount" : 1234,
        "entryMethods" : ["manual", "msr", "contact", "contactless"],
        "encryption" : {
            "method" : 1,
            "cipherMode" : 1,
            "keySet" : "001A",
            "paddingMethod" : 0,  

        "msrConfig" : {
            "includeTrackSentinels" : true,
            "includeTrackLRC" : false, 
        "emvConfig" : {
            "tags" : ["5F20", "5F24", "5F28", "5F2A", "5F2D", "9F26"],
            "automaticAidSelection" : true,
            "preferUSCommonDebitAID" : true
        "pinConfig" : {
            "pinKeySet" : "C100",
            "pinKeyIndex" : "001B",
            "allowPinBypass" : true,
            "pinBlockCipherMode" : 0,
            "pinBlockType" : 0,
        "allowOnscreenCancel" : false,
        "timeout" : 30

Once the device has taken payment it will respond with the following:

    "response": {
        "command": "readcard",
        "response": "OK",
        "responseCode": "00000",
        "entryMethod": "contact",
        "bin": "476173",
        "last4": "0011",
        "maskedPan": "476173******0011",
        "serviceCode": "201",
        "expirationDate": "2412",
        "cardholderName": "UAT USA\/Test Card 01",
        "emvData": "5F201A554154205553412F5465737420436172642030312020202020205F2A0208405F24032412315F2D02656E9F2608C14869C26427BBC45F28020840",
        "encryption": {
            "track1": "",
            "track1Ksn": "",
            "track2": "2DB7008DD3EF63276E34A879E33B7BA60BD20D3154A9777EA386EB26E398BF52F6F57FF13FE9BC42CEB908D55407772A",
            "track2Ksn": "FFFF9876543210E00009",
            "pan": "F32D9B00E8CD1467",
            "panKsn": "FFFF9876543210E00008"
        "contactData": {
            "aid": "A0000000031010",
            "appLabel": "VISA CREDIT",
            "cardAuthResult": "2",
            "isSignatureRequired": false
        "pin": {
            "pinBlock": "B358CBD9D21F3996",
            "pinKsn": "FFFF9876543210E00013",
            "isPinBypassed": false
        "proceed": true

The track data, KSN, and device serial can then be sent to Decryptx to be decrypted.