Verifone VIPA
Verifone terminals are PCI 4.x/5.x compliant devices that feature 3DES encryption, Master Key/Session Key and Derived Unique Key per Transaction (DUKPT) key management, incorporate VeriShield file authentication, and tampering safeguards. The devices allow manual card data entry, magnetic card swipes, smart card chip reads, and contactless card data entry. Standard payment applications are available from Verifone to interface with most electronic cash registers (ECRs).
Verifone supports a software development ecosystem for remote application downloads.
This page is for Verifone devices running Verifone Integrated Payment Application (VIPA) v. 6.x. VIPA software handle ensures PCI 2.x compliance.
The client sends a sequence of bytes (message) to the VIPA and gets the sequence of bytes in response. The most common request message structure for VIPA commands is as follows (fields in [square brackets] are not mandatory):
CLA INS P1 P2 [Lc Data…] [Le] LRC
- CLA is class byte. Values in the range ‘D0’ to ‘FE’ are used for functionality beyond the scope of ISO7816-4
- INS is instruction byte
- P1 and P2 are parameter bytes.Some commands can optionally include Data. In this case
- Lc is one byte length of included data.
- Le indicates expected length of data in response. This byte is omitted if no response is expected.
- LRC is a longitudinal redundancy check (LRC) byte.
VIPA responds to the command with the list of tags in tag length value (TLV) format in no particular order. See table below for some important tags.
What is TLV?
Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" or "tag" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Tag can consist one or more bytes.If bites 1-5 of tag are set to 1, it indicates that one more byte is included to the tag. If bit 8 is set to 1, this is the last byte of tag. Length field can be 1 or more bytes in length.
Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.
VIPA uses several "template" tags where a tag value itself is TLV-string of two or more tags
VIPA Tags
| Tag Name | TagID | Tag Value Description | Value Length |
|---|---|---|---|
| Template | E0 | This template (Data Elements) should be used when providing data to the device. The template should contain one or more TLV tags. For example, Transaction Authorized Amount (9F02), Date (9A), Time (9F21), Sequence Counter (9F41), Currency Code (5F2A) etc. | |
| Template | E2 | Should the device require a decision to be made it will return this template. The template could contain one or more copies of the same data object with different value fields. Issuing a Continue Transaction [DE, D2] instruction with template E0 containing the data object to be used makes the decision for the device. | |
| Template | EE | One EE template is returned for each separate hardware device. It contains 9F1C tag of Device Serial Number, a pair of DF8108 and DF8109 tags, which define system architecture, may contain DF8101 (Tamper Status) tag, several pairs of DF8106 (Name) and DF8107 (Value) for used libraries, tag DF0D (Config File Name) and DF7F (Config File Version), etc. | |
| Template | EF | EF template may include series of Name-Value pairs for separate device hardware and software characteristics: Configuration File, Library or Software Module Names and their Versions, release revision, etc. | |
| Template | FF7F | Can consist of one or more Verifone Secure Data (VSD) SRED tags via configuration file. By default, this template consists of DFDB0F, DFDF10, DFDF11 and DFDF12 tags. | |
| Template | FF7E | If PAN cryptogram generation is enabled by configuration settings, this template can be requested to get encryption information (DFDF13, DFDF14, DFDF15, DFDB16). | |
| Tamper Status | DF8101 | 00 = no tamper detected, 01 = tamper detected. | Fixed, 1 byte |
| Encryption Status | DFDB0F | Last transaction encryption status. 0 = successful encryption; any other value indicates an error. | Fixed, 4 bytes |
| Encrypted Data | DFDF10 | For 3DES encryption the length of cipher data is on 8 byte edge. For AES encryption - on 16 byte edge. | Variable, multiple of 8 or 16 |
| KSN | DFDF11 | DUKPT Key Sequence Number | Fixed, 10 bytes |
| IV | DFDF12 | For 3DES encryption the length of IV is 8 bytes. For AES encryption - 16 bytes. | Fixed, 8 or 16 bytes |
| Encrypted PAN | DFDF13 | For 3DES encryption the length of cipher data is on 8 byte edge. For AES encryption - on 16 byte edge. | Variable, multiple of 8 or 16 |
| Encrypted PAN KSN | DFDF14 | DUKPT Key Sequence Number | Fixed, 10 bytes |
| Encrypted PAN IV | DFDF15 | For 3DES encryption the length of IV is 8 bytes. For AES encryption - 16 bytes. | Fixed, 8 or 16 bytes |
| PAN Encryption Status | DFDB16 | Last transaction encryption status. 0 = successful encryption; any other value indicates an error. | Fixed, 4 bytes |
| Terminal ID | 9F1C | Designates the unique location of a terminal at a merchant. | Fixed, 8 bytes |
| Interface Device (IFD) Serial Number | 9F1E | Unique and permanent serial number assigned to the IFD by the manufacturer. | Variable |
Getting Device Serial Number
To obtain the Device Serial Number, send a Reset Device command to the attached device:
D0 00 00 01
Device responds with the list of tags that includes 9F1C, one or more EE templates, and series of EF templates.
Below is the sample response (truncated for clarity):
9F1C083333353130393938EE7F9F1E09323735313630373233DF81080C417263686974656374757265DF810904562F4F53...
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-4 | 9F1C | Tag: Terminal ID |
| 5-6 | 08 | Tag length (Decimal 8) |
| 7-22 | 333335...393938 | Hex of Text 33510998 |
| 23-24 | EE | Template |
| 25-26 | 7F | Tag length (Decimal 127)| |
| 27-30 | 9F1E | Tag: Device Serial Number |
| 31-32 | 09 | Tag length (Decimal 9) |
| 33-50 | 323735...373233 | Hex of Text 275160723 |
| 51-56 | DF8108 | Tag: Name |
| 57-58 | 0C | Tag length (Decimal 12) |
| 59-82 | 417263...757265 | Hex of Text Architecture |
| 83-88 | DF8109 | Tag: Value| |
| 89-90 | 04 | Tag Length (Decimal 4) |
| 91-98 | 562F4F53 | Hex of Text V/OS |
| 99-101 | ... |
Getting Encrypted Data
The VIPA device will return encrypted data in response to VSP Manual PAN Entry, Start Transaction, and Continue Transaction request messages. Template tag FF7F includes all tags for decryptx call: KSN, IV, encrypted data. If configured, device response will include template tag FF7E with data to decrypt card number: PAN KSN, PAN IV, PAN encrypted data.
Below is the sample request and device response.
Start Transaction Request:
DED1000032E0309F02060000000050009A030401019C01009F21030101019F410200015F2A020826...
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-8 | DED10000 | Start Transaction |
| 9-10 | 32 | Command Data Length |
| 11-12 | E0 | Template Tag (Data Elements) |
| 13-14 | 30 | Tag length (Decimal 48) |
| 15-18 | 9F02 | Tag: Amount, Authorized |
| 19-20 | 06 | Tag length (Decimal 6) |
| 21-32 | 000000005000 | Amount in cents |
| 33-34 | 9A | Tag: Transaction Date |
| 35-36 | 03 | Tag length (Decimal 3) |
| 37-42 | 040101 | Transaction Date |
| 43-44 | 9C | Tag: Transaction Type |
| 45-46 | 01 | Tag length |
| 47-48 | 00 | See ISO8583 for values |
| 49-52 | 9F21 | Tag: Transaction Time |
| 53-54 | 03 | Tag length |
| 55-60 | 010101 | |
| 61-64 | 9F41 | Tag: Transaction Sequence Counter |
| 65-66 | 02 | Tag length |
| 67-70 | 0001 | |
| 71-74 | 5F2A | Tag: Transaction Currency Code |
| 75-76 | 02 | Tag length |
| 77-80 | 0826 | GB Pound sterling |
| 81-83 | ... |
Response:
E282013AFF7F66DFDF12088F97E634600DE405DFDF110AFFFF0002280009800026DFDF1040356BED7D61992CF40F0118B2EB6D17E802336A9B566066E19E06AD82514B6E71A9BB2AC163EB3A94A3B574F82EE9571D2F9D514390E9AF6F428D4514343C2F87DFDB0F0400000000FF7E3EDFDF1508C167A04BA8FD61FFDFDF140AFFFF0002280009800027DFDF131816F849491A06767A66933946E9897F8DF3C1106BFA961D69DFDB160400000000500A4D6173746572436172645713541333AAAAAA4111D2512201AAAAAAAAAAAAAA5A08541333AAAAAA4111...
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-2 | E2 | Template Tag (Decision Required) |
| 3-8 | 82013A | Tag length (Decimal 314) |
| 9-12 | FF7F | Template Tag |
| 13-14 | 66 | Template tag length |
| 15-20 | DFDF12 | Tag: IV |
| 21-22 | 08 | IV length. 3DES encryption |
| 23-38 | 8F97E6...0DE405 | IV value |
| 39-44 | DFDF11 | Tag: KSN |
| 45-46 | 0A | Tag length (Decimal 10) |
| 47-66 | FFFF00...800026 | KSN value |
| 67-72 | DFDF10 | Tag: Encrypted Data |
| 73-74 | 40 | Tag length (Decimal 64) |
| 75-202 | 356BED...3C2F87 | |
| 203-208 | DFDB0F | Tag: Encryption Status |
| 209-210 | 04 | Tag length |
| 211-218 | 00000000 | Successful encryption |
| 219-222 | FF7E | Template Tag: Encrypted PAN |
| 223-224 | 3E | Tag length (Decimal 62) |
| 225-230 | DFDF15 | Tag: Encrypted PAN IV |
| 231-232 | 08 | Tag length (Decimal 8) |
| 233-248 | C167A0...FD61FF | Encrypted PAN IV value |
| 249-254 | DFDF14 | Tag: Encrypted PAN KSN |
| 255-256 | 0A | Tag length (Decimal 10) |
| 257-276 | FFFF00...800027 | Encrypted PAN KSN value |
| 277-282 | DFDF13 | Tag: Encrypted PAN |
| 283-284 | 18 | Tag length (Decimal 24) |
| 285-332 | 16F849...961D69 | Encrypted PAN |
| 333-338 | DFDB16 | Tag: PAN Encryption Status |
| 339-340 | 04 | Tag length (Decimal 4) |
| 341-348 | 00000000 | Successful encryption |
| 349-350 | 50 | Tag: Application Label |
| 351-352 | 0A | Tag length (Decimal 10) |
| 353-372 | 4D6173...617264 | Hex of Text MasterCard |
| 373-374 | 57 | Tag: Track 2 Equivalent Data| |
| 375-376 | 13 | Tag length (Decimal 19) |
| 377-414 | 541333...AAAAAA | Masked Track 2 Equivalent Data |
| 415-416 | 5A | Tag: PAN |
| 417-418 | 08 | Tag length (Decimal 8) |
| 419-434 | 541333...AA4111 | Masked PAN |
| 435-437 | ... |
Parsing Decryptx Data
To decrypt data, post the Device Serial Number (tag 9F1E) and FF7F tag's values to: encrypted data (tag DFDF10), KSN (tag DFDF11) and IV (tag DFDF12).
Decrypted data may be padded by zero bytes to align cipher text with proper byte edge: 8 bytes for 3DES encryption and 16 bytes for AES encryption. Those bytes should be removed.
Depending on configuration, decrypted data can include the following TLV tags:
| TagID | Tag Value Description | Value Length |
|---|---|---|
| 56 | Track 1 Data (MasterCard PayPass only) | Variable |
| 57 | Track 2 Equivalent Data | Variable |
| 5A | PAN | Variable |
| DFDB01 | PAN (entered manually) | Variable |
| DFDB02 | CVV2/CID (entered manually) | HEX, 3 or 4 bytes |
| DFDB03 | Expiry Date (YYMM, entered manually) | Fixed, 2 bytes |
| DFDB05 | Magstripe Track 1 (Swiped, SRED is on) | Variable |
| DFDB06 | Magstripe Track 2 (Swiped, SRED is on) | Variable |
| DFDB07 | Magstripe Track 3 (Swiped, SRED is on) | Variable |
Examples
Manually Entered Data
dfdb01085413330089604111dfdb02043938393880000000
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-6 | dfdb01 | Tag: PAN |
| 7-8 | 08 | Tag length |
| 9-24 | 541333...604111 | Unencrypted PAN. Can be padded by 'f' to whole byte. |
| 25-30 | dfdb02 | Tag: CVV2/CID |
| 31-32 | 04 | Tag length |
| 33-40 | 39383938 | HEX for text 9898 |
| 41-48 | 80000000 | Padding. Ignored| |
Swiped Card
dfdb05322542353431353234343434343434343434345e544553542f424c554546494e5e323231323130313132333435363738393f3f8000
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-6 | dfdb05 | Tag: Magstripe Track 1 |
| 7-8 | 32 | Tag Length (Decimal 50) |
| 9-108 | 254235...393f3f | HEX for text %B5415244444444444^TEST/BLUEFIN^2212101123456789?? |
| 109-112 | 8000 | Padding. Ignored |
EMV Contact Data Entry
5a08541333008960411157135413330089604111d25122010123409172029f9f1f18202020202020202020202020202020202020202020202020800000000000
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-2 | 5a | Tag:PAN |
| 3-4 | 08 | Tag length |
| 5-20 | 541333...604111 | Unencrypted PAN. Can be padded by 'f' to whole byte. |
| 21-22 | 57 | Tag: Track 2 equivalent data |
| 23-24 | 13 | Tag length (Decimal 19) |
| 25-62 | 541333...72029f | No sentinels. Remove trailing 'f'. |
| 63-66 | 9f1f | Tag: Track 1 equivalent data |
| 67-68 | 18 | Tag length (Decimal 24) |
| 69-116 | 202020...202020 | All spaces. |
| 117-128 | 800000000000 | Padding. Ignored |
EMV Contactless Data Entry
5a08541333008960411157135413330089604111d25122010123409172029f80
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-2 | 5a | Tag:PAN |
| 3-4 | 08 | Tag length |
| 5-20 | 541333...604111 | Unencrypted PAN. Can be padded by 'f' to whole byte. |
| 21-22 | 57 | Tag: Track 2 equivalent data |
| 23-24 | 13 | Tag length (Decimal 19) |
| 25-62 | 541333...72029f | No centinels. Remove trailing 'f'. |
| 63-64 | 80 | Padding. Ignored |
| 65-64 |
Updated about 1 year ago