The BBPOS WisePad is a PCI 3.x SRED compliant mobile payment card reading device. It is capable of 3DES DUKPT encryption and supports manual card data entry, magnetic card swipes and smart card chip reads of Europay, MasterCard and Visa (EMV) chip cards. The WisePad must be connected to a host device; it communicates with its host device through Bluetooth 2.0 or a USB port. The device vendor, BBPOS, provides a number of software development kits (SDK)s (.NET, Android and iOS) to support the development of point of sale (POS) applications.

The Serial Number

Before processing a WisePad payload with Decryptx, first identify the device's serial number by calling the SDK's getDeviceInfo() method, which retrieves the device's parameters. The following is a sample output:

Bootloader Version: 3.3
Firmware Version: 3.16.031111
USB Connected: True
Charging: True
Battery Level: 4.161
Battery Percentage: 
Hardware Version: 6.0
Track 1 Supported: 
Track 2 Supported: 
Track 3 Supported: 
Product ID: 1000
PIN KSN: 02840620140175E00004
EMV KSN: 02830620140175E00012
Track KSN: 02820620140175E0001D

The device serial number (DSN) is the leading part of the Track Key Sequence Number (KSN). In this example the serial number is 02820620140175. Be careful not to confuse the Track KSN with the similar but different PIN KSN and EMV KSN.

Swiped Payloads

To capture a swiped payload use the SDK's startSwipe() method to initiate a magnetic stripe read. The card data will be passed into the callback listener onReturnCheckCardResult(). The following is a sample output:

Format ID: 60
Masked PAN: 476173XXXXXX0119
Expiry Date: 2212
Cardholder Name: DI TEST/CARD 01           
KSN: 02820620140175E0001D
Service Code: 201
Track 1 Length: 79
Track 2 Length: 40
Track 3 Length: 
Encrypted Tracks: 
Encrypted Track 1: 8E82CE1710B9692341933738C709E1142F66A3BD734329E6BC25694AD02F05E75906DBB8EE6DAE61D8A966242600823E050FA6D69266BD359282520443279FF3D2DD6CBCCDC17DC095C2884FB06BC38F
Encrypted Track 2: E5D332318BED5C981F7B54E32D6E35B7A5525D067655A0577D986E42AE4AB584DEDBC73CB32E5EF9
Encrypted Track 3: 
Partial Track: 
Track 1 Status: 
Track 2 Status: 
Track 3 Status: 
Product Type: 3
Track Encoding: ASCII

The Decryptx API Call

To make an API call to the Decryptx decrypt endpoint we need to include the encrypted blobs (8E82CE...6BC38F and E5D332...2E5EF9) and the KSN (02820620140175E0001D) from the payload above. The following is the decrypted values are returned by Decryptx:

Track 1


Track 2


These values are hexadecimal encoded, to obtain the Track 1 and Track 2 data they must be converted to ASCII:

Track 1 (ASCII)

%B4761739001010119^DI TEST/CARD 01 ^2212201117589005400000004026328?B

Track 2 (ASCII)


EMV Payloads

To capture EMV data, use the SDK's getEmvCardData method to initiate EMV card data read. The card data will be passed into the callback listener onReturnEmvCardDataResult(). The data will be output in tag length value (TLV) format.


What is TLV?

Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).

Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.

The WisePad device outputs a number of standard EMV TLV values, including:

  • 5F20: the cardholder name.
  • 5F24: expiration date.

It also outputs a number of custom TLV values, including:

  • C4: the masked PAN.
  • C5: encrypted data.
  • C3: KSN for encryption data.

The following is a sample of EMV card data:


This data is parsed as follows:

1-45F20Tag ID: Cardholder Name
5-61ACardholder Name Length in bytes (hex, 26 in decimal)
7-58444920...202020Cardholder Name in hexadecimal. The ASCII value is: "DI Test/Card 01 "
59-625F24Tag ID: Expiration Date
63-6403Tag Length (Decimal 3)
65-70221231Expiration Date (YYMMDD)
71-72C5Tag ID: C5 Custom Tag
73-7440Tag Length (Decimal 64)
75-2020A394F...D5DBE2C5 Custom Tag Value: encrypted data
203-246CD0848...E00034 These TLVs are ignored
247-248C3Tag ID: Key Sequence Number (KSN)
249-2500ATag Length (Decimal 10)
251-270028306...E00013EMV Key Sequence Number (KSN)
271-272C4Tag ID: Masked PAN
273-27408Tag Length (Decimal )
275-290476173...FF0119Masked PAN

To make an API call to the Decryptx decrypt endpoint, include the encrypted data from the C5 tag (0A394F...D5DBE2) and the KSN (02830620140175E00013) from the TLV string. The decrypted value that Decryptx outputs is a TLV string containing the following standard EMV TLVs:

  • 9F1F - Track 1 Discretionary Data
  • 5A - Application Primary Account Number (PAN)
  • 57 - Track 2 Equivalent Data

The string can be parsed as follows:


This data is parsed as follows:

1-49f1fTag ID: Track 1 Discretionary Data
5-618Tag length
7-54313735...303030 Discretionary Data in hexadecimal.
55-565aTag ID: Application primary account number (PAN)
57-5808Tag length (Decimal 8)
59-74476173...010119 The PAN
75-7657Tag ID: Track 2 Equivalent Data
77-7813Tag length (Decimal 19)
79-116476173...38900f EMV Track 2 equivalent.