Verifone VIPA

Verifone terminals are PCI 3.x compliant devices that feature 3DES encryption, Master Key/Session Key and Derived Unique Key per Transaction (DUKPT) key management, incorporate VeriShield file authentication, and tampering safeguards. The devices allow manual card data entry, magnetic card swipes, smart card chip reads, and contactless card data entry. Standard payment applications are available from Verifone to interface with most electronic cash registers (ECRs).

Verifone supports a software development ecosystem for remote application downloads.

This page is for Verifone devices running Verifone Integrated Payment Application (VIPA) v. 6.x. VIPA software handle ensures PCI 2.x compliance.

The client sends a sequence of bytes (message) to the VIPA and gets the sequence of bytes in response. The most common request message structure for VIPA commands is as follows (fields in [square brackets] are not mandatory):

CLA INS P1 P2 [Lc Data…] [Le] LRC

  • CLA is class byte. Values in the range ‘D0’ to ‘FE’ are used for functionality beyond the scope of ISO7816-4
  • INS is instruction byte
  • P1 and P2 are parameter bytes.Some commands can optionally include Data. In this case
  • Lc is one byte length of included data.
  • Le indicates expected length of data in response. This byte is omitted if no response is expected.
  • LRC is a longitudinal redundancy check (LRC) byte.

VIPA responds to the command with the list of tags in tag length value (TLV) format in no particular order. See table below for some important tags.

📘

What is TLV?

Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" or "tag" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Tag can consist one or more bytes.If bites 1-5 of tag are set to 1, it indicates that one more byte is included to the tag. If bit 8 is set to 1, this is the last byte of tag. Length field can be 1 or more bytes in length.

Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.

VIPA uses several "template" tags where a tag value itself is TLV-string of two or more tags

VIPA Tags

Tag Name TagID Tag Value Description Value Length
Template E0

This template (Data Elements) should be used when providing data to the device. The template should contain one or more TLV tags. For example, Transaction Authorized Amount (9F02), Date (9A), Time (9F21), Sequence Counter (9F41), Currency Code (5F2A) etc.

Template E2

Should the device require a decision to be made it will return this template. The template could contain one or more copies of the same data object with different value fields.

Issuing a Continue Transaction [DE, D2] instruction with template E0 containing the data object to be used makes the decision for the device.

Template EE

One EE template is returned for each separate hardware device. It contains 9F1C tag of Device Serial Number, a pair of DF8108 and DF8109 tags, which define system architecture, may contain DF8101 (Tamper Status) tag, several pairs of DF8106 (Name) and DF8107 (Value) for used libraries, tag DF0D (Config File Name) and DF7F (Config File Version), etc.

Template EF

EF template may include series of Name-Value pairs for separate device hardware and software characteristics: Configuration File, Library or Software Module Names and their Versions, release revision, etc.

Template FF7F

Can consist of one or more Verifone Secure Data (VSD) SRED tags via configuration file. By default, this template consists of DFDB0F, DFDF10, DFDF11 and DFDF12 tags.

Template FF7E

If PAN cryptogram generation is enabled by configuration settings, this template can be requested to get encryption information (DFDF13, DFDF14, DFDF15, DFDB16).

Tamper Status DF8101

00 = no tamper detected, 01 = tamper detected.

Fixed, 1 byte
Encryption Status DFDB0F

Last transaction encryption status. 0 = successful encryption; any other value indicates an error.

Fixed, 4 bytes
Encrypted Data DFDF10

For 3DES encryption the length of cipher data is on 8 byte edge. For AES encryption - on 16 byte edge.

Variable, multiple of 8 or 16
KSN DFDF11 DUKPT Key Sequence Number Fixed, 10 bytes
IV DFDF12

For 3DES encryption the length of IV is 8 bytes. For AES encryption - 16 bytes.

Fixed, 8 or 16 bytes
Encrypted PAN DFDF13

For 3DES encryption the length of cipher data is on 8 byte edge. For AES encryption - on 16 byte edge.

Variable, multiple of 8 or 16
Encrypted PAN KSN DFDF14 DUKPT Key Sequence Number Fixed, 10 bytes
Encrypted PAN IV DFDF15

For 3DES encryption the length of IV is 8 bytes. For AES encryption - 16 bytes.

Fixed, 8 or 16 bytes
PAN Encryption Status DFDB16

Last transaction encryption status. 0 = successful encryption; any other value indicates an error.

Fixed, 4 bytes
Terminal ID 9F1C

Designates the unique location of a terminal at a merchant.

Fixed, 8 bytes
Interface Device (IFD) Serial Number 9F1E

Unique and permanent serial number assigned to the IFD by the manufacturer.

Variable

Getting Device Serial Number

To obtain the Device Serial Number, send a Reset Device command to the attached device:

D0 00 00 01

Device responds with the list of tags that includes 9F1C, one or more EE templates, and series of EF templates.

Below is the sample response (truncated for clarity):

9F1C083333353130393938EE7F9F1E09323735313630373233DF81080C417263686974656374757265DF810904562F4F53...

This data is parsed as follows:

CharsValueDescription
1-49F1CTag: Terminal ID
5-608Tag length (Decimal 8)
7-22333335...393938Hex of Text 33510998
23-24EETemplate
25-267FTag length (Decimal 127)|
27-309F1ETag: Device Serial Number
31-3209Tag length (Decimal 9)
33-50323735...373233Hex of Text 275160723
51-56DF8108Tag: Name
57-580CTag length (Decimal 12)
59-82417263...757265Hex of Text Architecture
83-88DF8109Tag: Value|
89-9004Tag Length (Decimal 4)
91-98562F4F53Hex of Text V/OS
99-101...

Getting Encrypted Data

The VIPA device will return encrypted data in response to VSP Manual PAN Entry, Start Transaction, and Continue Transaction request messages. Template tag FF7F includes all tags for decryptx call: KSN, IV, encrypted data. If configured, device response will include template tag FF7E with data to decrypt card number: PAN KSN, PAN IV, PAN encrypted data.

Below is the sample request and device response.

Start Transaction Request:

DED1000032E0309F02060000000050009A030401019C01009F21030101019F410200015F2A020826...

This data is parsed as follows:

CharsValueDescription
1-8DED10000Start Transaction
9-1032Command Data Length
11-12E0Template Tag (Data Elements)
13-1430Tag length (Decimal 48)
15-189F02Tag: Amount, Authorized
19-2006Tag length (Decimal 6)
21-32000000005000Amount in cents
33-349ATag: Transaction Date
35-3603Tag length (Decimal 3)
37-42040101Transaction Date
43-449CTag: Transaction Type
45-4601Tag length
47-4800See ISO8583 for values
49-529F21Tag: Transaction Time
53-5403Tag length
55-60010101
61-649F41Tag: Transaction Sequence Counter
65-6602Tag length
67-700001
71-745F2ATag: Transaction Currency Code
75-7602Tag length
77-800826GB Pound sterling
81-83...

Response:

E282013AFF7F66DFDF12088F97E634600DE405DFDF110AFFFF0002280009800026DFDF1040356BED7D61992CF40F0118B2EB6D17E802336A9B566066E19E06AD82514B6E71A9BB2AC163EB3A94A3B574F82EE9571D2F9D514390E9AF6F428D4514343C2F87DFDB0F0400000000FF7E3EDFDF1508C167A04BA8FD61FFDFDF140AFFFF0002280009800027DFDF131816F849491A06767A66933946E9897F8DF3C1106BFA961D69DFDB160400000000500A4D6173746572436172645713541333AAAAAA4111D2512201AAAAAAAAAAAAAA5A08541333AAAAAA4111...

This data is parsed as follows:

CharsValueDescription
1-2E2Template Tag (Decision Required)
3-882013ATag length (Decimal 314)
9-12FF7FTemplate Tag
13-1466Template tag length
15-20DFDF12Tag: IV
21-2208IV length. 3DES encryption
23-388F97E6...0DE405IV value
39-44DFDF11Tag: KSN
45-460ATag length (Decimal 10)
47-66FFFF00...800026KSN value
67-72DFDF10Tag: Encrypted Data
73-7440Tag length (Decimal 64)
75-202356BED...3C2F87
203-208DFDB0FTag: Encryption Status
209-21004Tag length
211-21800000000Successful encryption
219-222FF7ETemplate Tag: Encrypted PAN
223-2243ETag length (Decimal 62)
225-230DFDF15Tag: Encrypted PAN IV
231-23208Tag length (Decimal 8)
233-248C167A0...FD61FFEncrypted PAN IV value
249-254DFDF14Tag: Encrypted PAN KSN
255-2560ATag length (Decimal 10)
257-276FFFF00...800027Encrypted PAN KSN value
277-282DFDF13Tag: Encrypted PAN
283-28418Tag length (Decimal 24)
285-33216F849...961D69Encrypted PAN
333-338DFDB16Tag: PAN Encryption Status
339-34004Tag length (Decimal 4)
341-34800000000Successful encryption
349-35050Tag: Application Label
351-3520ATag length (Decimal 10)
353-3724D6173...617264Hex of Text MasterCard
373-37457Tag: Track 2 Equivalent Data|
375-37613Tag length (Decimal 19)
377-414541333...AAAAAAMasked Track 2 Equivalent Data
415-4165ATag: PAN
417-41808Tag length (Decimal 8)
419-434541333...AA4111Masked PAN
435-437...

Parsing Decryptx Data

To decrypt data, post the Device Serial Number (tag 9F1E) and FF7F tag's values to: encrypted data (tag DFDF10), KSN (tag DFDF11) and IV (tag DFDF12).

Decrypted data may be padded by zero bytes to align cipher text with proper byte edge: 8 bytes for 3DES encryption and 16 bytes for AES encryption. Those bytes should be removed.

Depending on configuration, decrypted data can include the following TLV tags:

TagID Tag Value Description Value Length
56 Track 1 Data (MasterCard PayPass only) Variable
57 Track 2 Equivalent Data Variable
5A PAN Variable
DFDB01 PAN (entered manually) Variable
DFDB02 CVV2/CID (entered manually) HEX, 3 or 4 bytes
DFDB03 Expiry Date (YYMM, entered manually) Fixed, 2 bytes
DFDB05 Magstripe Track 1 (Swiped, SRED is on) Variable
DFDB06 Magstripe Track 2 (Swiped, SRED is on) Variable
DFDB07 Magstripe Track 3 (Swiped, SRED is on) Variable

Examples

Manually Entered Data

dfdb01085413330089604111dfdb02043938393880000000

This data is parsed as follows:

CharsValueDescription
1-6dfdb01Tag: PAN
7-808Tag length
9-24541333...604111Unencrypted PAN. Can be padded by 'f' to whole byte.
25-30dfdb02Tag: CVV2/CID
31-3204Tag length
33-4039383938HEX for text 9898
41-4880000000Padding. Ignored|

Swiped Card

dfdb05322542353431353234343434343434343434345e544553542f424c554546494e5e323231323130313132333435363738393f3f8000

This data is parsed as follows:

CharsValueDescription
1-6dfdb05Tag: Magstripe Track 1
7-832Tag Length (Decimal 50)
9-108254235...393f3fHEX for text %B5415244444444444^TEST/BLUEFIN^2212101123456789??
109-1128000Padding. Ignored

EMV Contact Data Entry

5a08541333008960411157135413330089604111d25122010123409172029f9f1f18202020202020202020202020202020202020202020202020800000000000

This data is parsed as follows:

CharsValueDescription
1-25aTag:PAN
3-408Tag length
5-20541333...604111Unencrypted PAN. Can be padded by 'f' to whole byte.
21-2257Tag: Track 2 equivalent data
23-2413Tag length (Decimal 19)
25-62541333...72029fNo sentinels. Remove trailing 'f'.
63-669f1fTag: Track 1 equivalent data
67-6818Tag length (Decimal 24)
69-116202020...202020All spaces.
117-128800000000000Padding. Ignored

EMV Contactless Data Entry

5a08541333008960411157135413330089604111d25122010123409172029f80

This data is parsed as follows:

CharsValueDescription
1-25aTag:PAN
3-408Tag length
5-20541333...604111Unencrypted PAN. Can be padded by 'f' to whole byte.
21-2257Tag: Track 2 equivalent data
23-2413Tag length (Decimal 19)
25-62541333...72029fNo centinels. Remove trailing 'f'.
63-6480Padding. Ignored
65-64

Did this page help you?