Ingenico RUA Series

Ingenico manufacturers a number of PCI 5.X certified payment terminals. The terminals allows contactless, card insertion, and card swipe entry methods. The device is a firmware based device and the RUA SDK is used to communicate to the machine. The terminal supports DUKPT encryption of track data.

The following guide outlines how to extract the P2PE data from RAA payloads for processing on decryptx. At Bluefin we have integrated and verified the following RUA devices:

  • Ingenico Moby5500

Obtaining the Payload

Typically, RUA terminals are connected to host computers that run special software referred to as point of sale (POS) applications. POS applications obtain payment data from a paired terminal and sends the data to a card payment processing gateway. Conveniently, Ingenico's developer portal has a number of RUA software development kits for a wide variety of operating systems and development languages. They make it easy for POS applications to obtain data from payment terminals.

Note the following payload examples are using the PackedEncrypedTrack payload information to highlight all the steps involved in preparing the track information for decryption. The SDK should output the encrypted track data as well and that can be used in place of the PackedEncryptedTrack data to remove extra steps.

Swiped Payloads




KSN : FFFF9999990000800041

PackedEncryptedTrack :

EncryptedTrack : E892EFFC3BAFCCBA36D205F3ED8D6CCB8CB72147AD90ABA8B24593055C6D448EDDC6C50AB4FAE92CF767CBAFD2E74DBBE3C5313CC0E3ACF7CFD7D8C0C1E3BA7C34D3B0A0642F7A27783D3A5D7EDF8E9A04D00D17F95CF3F357BA3EEE68D67560342FED01CEF1E41929B8DB96EB82EB7DA224813715058ABAC69757466D9B4D73

Processing swiped data

To prepare the encrypted payload for decryption, first remove the $77$ from the PackEncryptedTrack data.


Next covert the payload to HEX


Send the payload and KSN to decrypt for decryption


And the following is returned.


Note the decrypted data is in Tag, Length, Value (TLV) format


What is TLV?

Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).

Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.

1-256This is the Track 1 Tag
3-54eThis is the length of the track 1 data in HEX
6 - 162 25423437......30303fTrack 1 Data
163-16457This is the Track 2 Tag
165-16627This is the length of track 2 data in HEX
167-1643b3437......3030303fTrack 2 Data
163-16458This is the Track 3 Tag
165-16600This is the length of track 3 data in HEX
167-1640000000000Track 3 Data

EMV Payloads




KSN : FFFF9999990000800043

EncryptedTrack: BFFC8884C89A4BE041A589059A53C20848130B3B70A5EDDFF9B6D998A6752B14C35BEB9D027EFE66

PackedEncryptedTrack : $77$v/yIhMiaS+BBpYkFmlPCCEgTCztwpe3f+bbZmKZ1KxTDW+udAn7+Zg==

Extracting the Decryptx Parameters

The encrypted data is stored in the 57 TLV tag.

The KSN and Encrypted Track data is sent to Decryptx to be decrypted and the following is returned.