Verifone XPI
Verifone terminals are PCI 4.x/5.x compliant devices that feature 3DES encryption, Master Key/Session Key and Derived Unique Key per Transaction (DUKPT) key management, incorporate VeriShield file authentication, and tampering safeguards. The devices allow manual card data entry, magnetic card swipes, smart card chip reads, and contactless card data entry. Standard payment applications are available from Verifone to interface with most electronic cash registers (ECRs).
Verifone supports a software development ecosystem for remote application downloads.
This page is for Verifone devices running the XPI Application.
To obtain card data, the POS sends commands to the attached device. Relevant commands are detailed below. [STX], [ETX], [FS] and [LRC] are one byte characters: start of transmission, end of transmission, field separator and LRC check sum.
EMV Payloads
To enable EMV you must send a C30 request.
4333300022C101FFC10100C103150923C103080340C10100C10131C100C10204D2C10100C10100
C31 Response:
433331303000684F07A00000000310109F120B5669736120437265646974500B56495341204352454449545F300202015F200C54455354204341524420303257114761730209670010D151220156448820665A0847617302096700105F24031512315F3401015F2503950701C20132
Getting Encrypted Data
To extract card holder data from the Verifone device, send the E06 command.
Request
[STX]E06[ETX][LRC]
Response
[STX]E07[FS][FS][ETX][LRC]
The response contains the following data elements:
| Data Element | Values |
|---|---|
| A two-character value that maps to the following: 00 – Success 01 – No Encrypted Track (for EMV, MSR) or Card (for Manual) Data 02 – Crypto Error 99 – Command currently not supported | |
| A two-character value that maps to the following: 00 – No Encryption (Clear Data) 01 – Reserved 02 – PKI 03 – Reserved 04 – Reserved 05 – VSD (Verifone Secure Data) | |
| A two-character value that maps to the following: 01 – Track Data 02 – EMV Data * 03 – Manual Entry Data | |
| The base64 encoded encrypted data. The ASCII version of the payload consists of a list of tags in tag length value (TLV) format in no particular order. See the table below for important tags. |
What is a TLV?
Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).
Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.
Verifone Device TLV Tags
| Tag Name | TagID | Tag Value Description | Value Length |
|---|---|---|---|
| Payment Type | DF9001 | Specifies transaction Payment Type:
| Fixed, 2 bytes |
| DF9020 | The 3DES encrypted data. The encrypted content depends on the Payment Type. The content maps as follows:
| Variable length. The device adds a number of zero (0x00) bytes to the end of data string to round the total length to the next 8 bytes length. | |
| DF9021 | Key Sequence Number of the Blob | Fixed, 10 bytes | |
| DF9022 | Initial Vector (IV) of the Blob. The device can be configured to not to use IV. | Fixed, 8 bytes |
Extracting the Decryptx Parameters
After encrypting its payload, the Verifone device base64 encodes it. In order to extract the parameters for use in a Decryptx API call, first convert the data from its base64 encoded format to a hexadecimal encoded string. The following is a sample EMV payload with the payload in base64 format:
E070005[FS]02[FS]35APAkZG35ABAgAC35AJAjA135AgQGGqgM3LE7ShUVUUPSINYy8hGAe3/zdH6vfrho4NTzxay73VavCGAYBlTB9JwuOF16K7xXCNlFLLJOwGSfNEAu3fkCEK//+YdlQyWAAASt+QIgjbHiY4JmUfMA==
After removing the header data 'E070005[FS]02[FS]', convert the payload to hexadecimal. The converted payload contains the following TLV string:
DF900F024646DF9001022002DF9009023035DF9020404061AA80CDCB13B4A15155143D220D632F211807B7FF3747EAF7EB868E0D4F3C5ACBBDD56AF0860180654C1F49C2E385D7A2BBC5708D9452CB24EC0649F34402EDDF90210AFFFF987654325800004ADF902208DB1E263826651F30
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-6 | DF900F | Tag ID: ignored |
| 7-8 | 02 | Tag length (Decimal 2) |
| 9-12 | 4646 | Tag value: ignored |
| 13-18 | DF9001 | Tag ID: Payment Type |
| 19-20 | 02 | Tag length (Decimal 2) |
| 21-24 | 2002 | Payment Type Data |
| 25-30 | DF9009 | Tag ID: ignored |
| 31-32 | 02 | Tag length (Decimal 2) |
| 33-36 | 3035 | Ignored |
| 37-42 | DF9020 | Tag ID: Encrypted Blob |
| 43-44 | 40 | Tag length (Decimal 64) |
| 45-174 | 4061AA...4402ED | Encrypted data |
| 175-180 | DF9021 | Tag ID: Key Sequence Number (KSN) |
| 181-182 | 0A | Tag length (Decimal 10) |
| 183-202 | FFFF98...00004A | Key Sequence Number |
| 203-208 | DF9022 | Tag ID: Initialization Vector (IV) |
| 209-210 | 08 | Tag length (Decimal 8) |
| 211-226 | DB1E26...651F30 | Initial Vector (IV). Used in CBC 3DES Decryption. |
The Decryptx API Call
To make an API call to the Decryptx decrypt endpoint, include the encrypted blob (B7FF37…4402ED), the KSN (FFFF987654325800004A) and IV (DB1E263826651F30) from the payload above. The decrypted value returned by Decryptx will also be a TLV string. The string can be parsed as follows:
5A0847617390010100105F240315123157114761739001010010D151220111438780899F1F10313134333830303738303030303030305F300202010000000000
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-2 | 5A | Tag ID: Primary Account Number (PAN) |
| 3-4 | 08 | Tag length (Decimal 8) |
| 5-20 | 476173...010010 | PAN in ASCII |
| 21-24 | 5F24 | Tag ID: Expiration Date |
| 25-26 | 03 | Tag length (Decimal 3) |
| 27-32 | 151231 | Expiration Date (YYMMDD) |
| 33-34 | 57 | Tag ID: Track 2 Equivalent Data |
| 35-36 | 11 | Tag length (Decimal 17) |
| 37-70 | 476173...878089 | The Track 2 data in PAN D YYMM format. |
| 71-74 | 9F1F | Tag ID: Track 1 Discretionary Data |
| 75-76 | 10 | Tag length (Decimal 16) |
| 77-108 | 313134...303030 | Discretionary Data in Hexadecimal: ASCII value: 1143800780000000 |
| 109-112 | 5F30 | Tag ID: Service Code |
| 113-114 | 02 | Tag length (Decimal 2) |
| 115-118 | 0201 | SVC Code |
| 119-128 | 0000000000 | Padding with zero bytes to round the Encrypted Blob Length to the nearest 8 bytes. |
Swiped Payloads
E070005[FS]02[FS]35APAkZG35ABAgAB35AJAjA135AgUK2TCLRQb++UW97/KfAsYF1Iqk7Qta238MCrkRRxSBl29FWWea04aDfwJOfpUM3J6s3nNTCg80sn5cKa1sPXca/8s72YTsOFSPFEYG+s72ox35AhCv//mHZUMlgAACHfkCIIxAe4Sl3s4DI=
After removing the header data 'E070005[FS]02[FS]', convert the payload to hexadecimal. The converted payload contains the following TLV string:
DF900F024646DF9001020001DF9009023035DF902050AD9308B4506FEF945BDEFF29F02C605D48AA4ED0B5ADB7F0C0AB911471481976F4559679AD386837F024E7E950CDC9EACDE73530A0F34B27E5C29AD6C3D771AFFCB3BD984EC38548F144606FACEF6A31DF90210AFFFF9876543258000021DF902208C407B84A5DECE032
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-6 | DF900F | Tag Id: ignored |
| 7-8 | 02 | Tag length (Decimal 2) |
| 9-12 | 4646 | Tag value: ignored |
| 13-18 | DF9001 | Tag ID: Payment Type |
| 19-20 | 02 | Tag length (Decimal 2) |
| 21-24 | 0001 | Payment Type Data |
| 25-30 | DF9009 | Tag Id: ignored |
| 31-32 | 02 | Tag length (Decimal 2) |
| 33-36 | 3035 | Ignored |
| 37-42 | DF9020 | Tag ID: Encrypted Blob |
| 43-44 | 50 | Tag length (Decimal 64) |
| 45-204 | AD9308...EF6A31 | Encrypted data |
| 205-210 | DF9021 | Tag ID: Key Sequence Number (KSN) |
| 211-212 | 0A | Tag length (Decimal 10) |
| 213-232 | FFFF98...000021 | Key Sequence Number |
| 233-238 | DF9022 | Tag ID: Initialization Vector (IV) |
| 239-240 | 08 | Tag length (Decimal 8) |
| 241-256 | C407B8...ECE032 | Initial Vector (IV). Used in CBC 3DES Decryption. |
After we make the API call to the Decryptx decrypt endpoint with the encrypted data (61AA80...4402ED), the KSN (FFFF987654325800004A) and IV (DB1E263826651F30) from the payload above. The decrypted value returned by Decryptx is a hexadecimal encoded string of length 80. The string can be parsed as follows:
343434363636313233343536373839323d31353132313031303030301d42343434363636313233343536373839325e574f524c445041592f544553545e31353132313031303030301d00000000000000
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-6 | DF900F | Tag ID: ignored |
| 7-8 | 02 | Tag length (Decimal 2) |
| 9-12 | 4646 | Tag value: ignored |
| 13-18 | DF9001 | Tag ID: Payment Type |
| 19-20 | 02 | Tag length (Decimal 2) |
| 21-24 | 0001 | Payment Type Data |
| 25-30 | DF9009 | Tag ID: ignored |
| 31-32 | 02 | Tag length (Decimal 2) |
| 33-36 | 3035 | Ignored |
| 37-42 | DF9020 | Tag ID: Encrypted Blob |
| 43-44 | 50 | Tag length (Decimal 64) |
| 45-204 | AD9308...EF6A31 | Encrypted data |
| 205-210 | DF9021 | Tag ID: Key Sequence Number (KSN) |
| 211-212 | 0A | Tag length (Decimal 10) |
| 213-232 | FFFF98...000021 | Key Sequence Number |
| 233-238 | DF9022 | Tag ID: Initialization Vector (IV) |
| 239-240 | 08 | Tag length (Decimal 8) |
| 241-256 | C407B8...ECE032 | Initial Vector (IV). Used in CBC 3DES Decryption. |
Updated over 1 year ago