Verifone

How to extract P2PE data from Verifone payloads for processing on the Decryptx Parser.

Verifone XPI & VIPA terminals are PCI 4.x and 5.x compliant. They feature 3DES encryption, Master Key/Session Key and Derived Unique Key per Transaction (DUKPT) key management; they also incorporate VeriShield file authentication and tampering safeguards. The devices allow manual card data entry, magnetic card swipes, smart card chip reads and contactless card data entry. Standard payment applications are available from VeriFone to interface with most electronics cash registers (ECRs).

Verifone supports a software development ecosystem for remote application downloads.

In order to obtain card data POS sends commands to the attached device. The syntax and output of relevant commands are detailed below. [STX], [ETX], [FS] and [LRC] are one byte characters: start of transmission, end of transmission, field separator and LRC check sum.

📘

Need more help?

See the Verifone Payloads section for more details on how this payload can be processed.

EMV Payloads

To enable EMV you must send a C30 request.

4333300022C101FFC10100C103150923C103080340C10100C10131C100C10204D2C10100C10100

C31 Response

433331303000684F07A00000000310109F120B5669736120437265646974500B56495341204352454449545F300202015F200C54455354204341524420303257114761730209670010D151220156448820665A0847617302096700105F24031512315F3401015F2503950701C20132

Getting Encrypted Data

To extract card holder data from the Verifone device you must send the E06 command.

Request

[STX]E06[ETX][LRC]

Response

[STX]E07[FS][FS][ETX][LRC]

The Verifone device base64 encodes payloads after it encrypts them. The following is a sample EMV payload with the payload in base64 format:

E070005[FS]02[FS]35APAkZG35ABAgAC35AJAjA135AgQGGqgM3LE7ShUVUUPSINYy8hGAe3/zdH6vfrho4NTzxay73VavCGAYBlTB9JwuOF16K7xXCNlFLLJOwGSfNEAu3fkCEK//+YdlQyWAAASt+QIgjbHiY4JmUfMA==

To process the output on the Decryptx Parser we must first remove the header data 'E070005[FS]02[FS]'.

curl 'https://cert-parser.decryptx.com/api/decrypt/parser' \
     -X POST \
     --header 'Content-Type: application/json' \
     --header 'Accept: application/json' \
     -d '{
         	"partnerId"     : "WATERFORD",
         	"partnerKey"    : "ef1ad938150fb15a1384b883a104ce70",
            "deviceType"    : "verifone",
         	"deviceSerial"  : "111111111",
         	"devicePayload" : "35APAkZG35ABAgAC35AJAjA135AgQGGqgM3LE7ShUVUUPSINYy8hGAe3/zdH6vfrho4NTzxay73VavCGAYBlTB9JwuOF16K7xXCNlFLLJOwGSfNEAu3fkCEK//+YdlQyWAAASt+QIgjbHiY4JmUfMA=="
         }'

Response body from the cURL request:

{
    "success": true,
    "messageId": "1201804241457151001061847",
    "meta": {
        "device" : "Verifone",
        "serial" : "111111111",
        "mode"   : "emv"
    },
    "tlv": {
        "decrypted" : "5a0847617390010100105f240315123157114761739001010010d151220111438780899f1f10313134333830303738303030303030305f300202010000000000"
    },
    "track2equivalent" : {
        "decrypted" : "4761739001010010D15122011143878089",
        "encoding"  : "ascii",
        "length"    : 34,
        "ascii"     : "4761739001010010D15122011143878089",
        "masked"    : "476173******0010D1512*************"
    },
    "track2": {
        "decrypted" : ";4761739001010010=15122011143878089?",
        "encoding"  : "ascii",
        "length"    : 36,
        "ascii"     : ";4761739001010010=15122011143878089?",
        "masked"    : ";476173******0010=1512*************?"
    },
    "extracted": {
        "PAN"           : "4761739001010010",
        "EXPY"          : "1215",
        "ServiceCode"   : "201",
        "Discretionary" : "114387808"
    }
}

The TLV string in the decrypted response contain the decrypted EMV data. For convenience we've extracted the track2 equivalent data from the TLV and translated that to standard track2 data. The TLV contains the following data elements:

5A0847617390010100105F240315123157114761739001010010D151220111438780899F1F10313134333830303738303030303030305F300202010000000000

This data is parsed as follows:

CharsValueDescription
1-25ATag ID: Primary Account Number (PAN)
3-408Tag length (Decimal 8)
5-20476173...010010PAN in ASCII
21-245F24Tag ID: Expiration Date
25-2603Tag length (Decimal 3)
27-32151231Expiration Date (YYMMDD)
33-3457Tag ID: Track 2 Equivalent Data
35-3611Tag length (Decimal 17)
37-70476173...878089The track2 data in PAN D YYMM format.
71-749F1FTag ID: Track 1 Discretionary Data
75-7610Tag length (Decimal 16)
77-108313134...303030Discretionary Data in Hexadecimal: ASCII value: 1143800780000000
109-1125F30Tag ID: Service Code
113-11402Tag length (Decimal 2)
115-1180201SVC Code
119-1280000000000Padding with zero bytes to round the Encrypted Blob Length to the nearest 8 bytes.

Swiped Payloads

To retrieve a swiped payload send an E06 command to the terminal. The following is a sample response:

[STX]E070005[FS]02[FS]35APAkZG35ABAgAB35AJAjA135AgUK2TCLRQb++UW97/KfAsYF1Iqk7Qta238MCrkRRxSBl29FWWea04aDfwJOfpUM3J6s3nNTCg80sn5cKa1sPXca/8s72YTsOFSPFEYG+s72ox35AhCv//mHZUMlgAACHfkCIIxAe4Sl3s4DI=[ETX]

After we extract the base64 data from the payload we can make an API call to the Decryptx Parser:

curl 'https://cert-parser.decryptx.com/api/decrypt/parser' \
     -X POST \
     --header 'Content-Type: application/json' \
     --header 'Accept: application/json' \
     -d '{
            "partnerId"     : "WATERFORD",
            "partnerKey"    : "ef1ad938150fb15a1384b883a104ce70",
            "deviceType"    : "verifone",
            "deviceSerial"  : "111111111",
            "devicePayload" : "35APAkZG35ABAgAD35AJAjA135AgIDMKn3tAc56AwhrUOgO1rxoTKTJSdDT3DIfkuFDLQqSF35AhCv//mHZUMlvAACA="
         }'

Response body from the cURL request:

{
    "success"   : true,
    "messageId" : "1201804241524081001226048",
    "meta": {
        "device" : "Verifone",
        "serial" : "111111111",
        "mode"   : "swiped"
    },
    "track1" : {
        "decrypted" : "42343434363636313233343536373839325e574f524c445041592f544553545e3135313231303130303030",
        "encoding"  : "hex",
        "length"    : 43,
        "ascii"     : "B4446661234567892^WORLDPAY/TEST^15121010000",
        "masked"    : "*444666******7892^WORLDPAY/TEST^1512*******"
    },
    "track2": {
        "decrypted" : "343434363636313233343536373839323d3135313231303130303030",
        "encoding"  : "hex",
        "length"    : 28,
        "ascii"     : "4446661234567892=15121010000",
        "masked"    : "444666******7892=1512*******"
    },
    "extracted": {
        "PAN"           : "4446661234567892",
        "EXPY"          : "1215",
        "ServiceCode"   : "101",
        "Discretionary" : "0000",
        "Surname"       : "BLUEFIN",
        "FirstName"     : "TEST"
    }
}

Keyed Payloads

To retrieve a keyed payload send an E06 command to the terminal. The following is a sample response:

[STX]E070005[FS]03[FS]35APAkZG35ABAgAD35AJAjA135AgIDMKn3tAc56AwhrUOgO1rxoTKTJSdDT3DIfkuFDLQqSF35AhCv//mHZUMlvAACA=[ETX]

After we extract the base64 data from the payload we can make a call to the Decryptx Parser API:

curl 'https://cert-parser.decryptx.com/api/decrypt/parser' \
     -X POST \
     --header 'Content-Type: application/json' \
     --header 'Accept: application/json' \
     -d '{
            "partnerId"     : "WATERFORD",
            "partnerKey"    : "ef1ad938150fb15a1384b883a104ce70",
            "deviceType"    : "verifone",
            "deviceSerial"  : "111111111",
            "devicePayload" : "35APAkZG35ABAgAD35AJAjA135AgIDMKn3tAc56AwhrUOgO1rxoTKTJSdDT3DIfkuFDLQqSF35AhCv//mHZUMlvAACA="
         }'

Response body from the cURL request:

{
    "success" : true,
    "messageId" : "1201804241523091001520822",
    "meta" : {
        "device": "Verifone",
        "serial": "111111111",
        "mode": "keyed"
    },
    "keyed" : {
        "decrypted" : "353431333333303038393630343131313d323531323d34333135000000000000",
        "encoding"  : "hex",
        "length"    : 64,
        "ascii"     : "5413330089604111=2512=4315",
        "masked"    : "541333******4111=2512=****"
    },
    "extracted" : {
        "PAN"  : "5413330089604111",
        "EXPY" : "2512",
        "CVV"  : "4315"
    }
}