Verifone XPI

Verifone terminals are PCI 3.x compliant. They feature capable of 3DES encryption, Master Key/Session Key and Derived Unique Key per Transaction (DUKPT) key management; they also incorporate VeriShield file authentication and tampering safeguards. The device allows manual card data entry, magnetic card swipes, smart card chip reads and contactless card data entry. Standard payment applications are available from VeriFone to interface with most electronics cash registers (ECRs).

The device vendor supports software development ecosystem for remote application downloads.

This page is for Verifone devices running XPI Application.

In order to obtain card data POS sends commands to the attached device. The syntax and output of relevant commands are detailed below. [STX], [ETX], [FS] and [LRC] are one byte characters: start of transmission, end of transmission, field separator and LRC check sum.

EMV Payloads

To enable EMV you must send a C30 request.

4333300022C101FFC10100C103150923C103080340C10100C10131C100C10204D2C10100C10100

C31 Response:

433331303000684F07A00000000310109F120B5669736120437265646974500B56495341204352454449545F300202015F200C54455354204341524420303257114761730209670010D151220156448820665A0847617302096700105F24031512315F3401015F2503950701C20132

Getting Encrypted Data

To extract card holder data from the Verifone device you must send the E06 command.

Request

[STX]E06[ETX][LRC]

Response

[STX]E07[FS][FS][ETX][LRC]

The response contains the following data elements:

Data Element

Values

A two characters value that maps to the following:

  • 00 – Success
  • 01 – No Encrypted Track (for EMV, MSR) or Card (for Manual) Data
  • 02 – Crypto Error
  • 99 – Command currently not supported

A two characters value that maps to the following:

  • 00 – No Encryption (Clear Data)
  • 01 – Reserved
  • 02 – PKI
  • 03 – Reserved
  • 04 – Reserved
  • 05 – VSD (Verifone Secure Data)

A two characters value that maps to the following:

  • 01 – Track Data
  • 02 – EMV Data
  • 03 – Manual Entry Data

The base64 encoded encrypted data. The ASCII version of the payload consists of list of tags in TLV (Tag-Length-Value) format in no particular order. See below for important tags.

📘

What is a TLV?

Tag-length-value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).

Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.

Verifone Device TLV Tags

Tag Name TagID Tag Value Description Value Length
Payment Type DF9001

Specifies transaction Payment Type:

  • 0x0001 – Track Data
  • 0x0002 – EMV data
  • 0x0003 – Manual Entry
Fixed, 2 bytes
DF9020

The 3DES encrypted data. The encrypted content depends on the Payment Type. The content maps as follows:

  • MSR: track2 1d track1 1d padding.
  • EMV: TLV list of EMV tags.
  • Manual: PAN=EXP1dCVV
Variable length. The device adds a number of zero (0x00) bytes to the end of data string to round the total length to the next 8 bytes length.
DF9021 Key Sequence Number of the Blob Fixed, 10 bytes
DF9022 Initial Vector (IV) of the Blob. The device can be configured to not to use IV. Fixed, 8 bytes

Extracting the Decryptx Parameters

After encrypting its payloads, the Verifone device base64 encodes it. In order to extract the parameters for use in a Decryptx API call, we must first convert the data from its base64 encoded format to a hexadecimal encoded string. The following is a sample EMV payload with the payload in base64 format:

E070005[FS]02[FS]35APAkZG35ABAgAC35AJAjA135AgQGGqgM3LE7ShUVUUPSINYy8hGAe3/zdH6vfrho4NTzxay73VavCGAYBlTB9JwuOF16K7xXCNlFLLJOwGSfNEAu3fkCEK//+YdlQyWAAASt+QIgjbHiY4JmUfMA==

After we remove the header data 'E070005[FS]02[FS]', we convert the payload to hexadecimal. The converted payload contains the following TLV string:

DF900F024646DF9001022002DF9009023035DF9020404061AA80CDCB13B4A15155143D220D632F211807B7FF3747EAF7EB868E0D4F3C5ACBBDD56AF0860180654C1F49C2E385D7A2BBC5708D9452CB24EC0649F34402EDDF90210AFFFF987654325800004ADF902208DB1E263826651F30

This data is parsed as follows:

CharsValueDescription
1-6DF900FTag id: ignored
7-802Tag length (Decimal 2)
9-124646Tag value: ignored
13-18DF9001Tag ID: Payment Type
19-2002Tag length (Decimal 2)
21-242002Payment Type Data
25-30DF9009Tag id: ignored
31-3202Tag length (Decimal 2)
33-363035Ignored
37-42DF9020Tag ID: Encrypted Blob
43-4440Tag length. (Decimal 64)
45-1744061AA...4402EDEncrypted data
175-180DF9021Tag ID: Key Sequence Number (KSN)
181-1820ATag length (Decimal 10)
183-202FFFF98...00004AKey Sequence Number
203-208DF9022Tag ID: Initialization Vector (IV)
209-21008Tag length (Decimal 8)
211-226DB1E26...651F30Initial Vector (IV). Used in CBC 3DES Decryption.

The Decryptx API Call

To make an API call to the Decryptx decrypt endpoint we need to include the encrypted blob (B7FF37…4402ED), the KSN (FFFF987654325800004A) and IV (DB1E263826651F30) from the payload above. The decrypted value returned by Decryptx will also be a TLV string. The string can be parsed as follows:

5A0847617390010100105F240315123157114761739001010010D151220111438780899F1F10313134333830303738303030303030305F300202010000000000

This data is parsed as follows:

CharsValueDescription
1-25ATag ID: Primary Account Number (PAN)
3-408Tag length (Decimal 8)
5-20476173...010010PAN in ASCII
21-245F24Tag ID: Expiration Date
25-2603Tag length (Decimal 3)
27-32151231Expiration Date (YYMMDD)
33-3457Tag ID: Track 2 Equivalent Data
35-3611Tag length (Decimal 17)
37-70476173...878089The track2 data in PAN D YYMM format.
71-749F1FTag ID: Track 1 Discretionary Data
75-7610Tag length (Decimal 16)
77-108313134...303030Discretionary Data in Hexadecimal: ASCII value: 1143800780000000
109-1125F30Tag ID: Service Code
113-11402Tag length (Decimal 2)
115-1180201SVC Code
119-1280000000000Padding with zero bytes to round the Encrypted Blob Length to the nearest 8 bytes.

Swiped Payloads

E070005[FS]02[FS]35APAkZG35ABAgAB35AJAjA135AgUK2TCLRQb++UW97/KfAsYF1Iqk7Qta238MCrkRRxSBl29FWWea04aDfwJOfpUM3J6s3nNTCg80sn5cKa1sPXca/8s72YTsOFSPFEYG+s72ox35AhCv//mHZUMlgAACHfkCIIxAe4Sl3s4DI=

After we remove the header data 'E070005[FS]02[FS]', we convert the payload to hexadecimal. The converted payload contains the following TLV string:

DF900F024646DF9001020001DF9009023035DF902050AD9308B4506FEF945BDEFF29F02C605D48AA4ED0B5ADB7F0C0AB911471481976F4559679AD386837F024E7E950CDC9EACDE73530A0F34B27E5C29AD6C3D771AFFCB3BD984EC38548F144606FACEF6A31DF90210AFFFF9876543258000021DF902208C407B84A5DECE032

This data is parsed as follows:

CharsValueDescription
1-6DF900FTag id: ignored
7-802Tag length (Decimal 2)
9-124646Tag value: ignored
13-18DF9001Tag ID: Payment Type
19-2002Tag length (Decimal 2)
21-240001Payment Type Data
25-30DF9009Tag id: ignored
31-3202Tag length (Decimal 2)
33-363035Ignored
37-42DF9020Tag ID: Encrypted Blob
43-4450Tag length (Decimal 64)
45-204AD9308...EF6A31Encrypted data
205-210DF9021Tag ID: Key Sequence Number (KSN)
211-2120ATag length (Decimal 10)
213-232FFFF98...000021Key Sequence Number
233-238DF9022Tag ID: Initialization Vector (IV)
239-24008Tag length (Decimal 8)
241-256C407B8...ECE032Initial Vector (IV). Used in CBC 3DES Decryption.

After we make the API call to the Decryptx decrypt endpoint with the encrypted data (61AA80...4402ED), the KSN (FFFF987654325800004A) and IV (DB1E263826651F30) from the payload above. The decrypted value returned by Decryptx is a hexadecimal encoded string of length 80. The string can be parsed as follows:

343434363636313233343536373839323d31353132313031303030301d42343434363636313233343536373839325e574f524c445041592f544553545e31353132313031303030301d00000000000000

This data is parsed as follows:

CharsValueDescription
1-6DF900FTag id: ignored
7-802Tag length (Decimal 2)
9-124646Tag value: ignored
13-18DF9001Tag ID: Payment Type
19-2002Tag length (Decimal 2)
21-240001Payment Type Data
25-30DF9009Tag id: ignored
31-3202Tag length (Decimal 2)
33-363035Ignored
37-42DF9020Tag ID: Encrypted Blob
43-4450Tag length (Decimal 64)
45-204AD9308...EF6A31Encrypted data
205-210DF9021Tag ID: Key Sequence Number (KSN)
211-2120ATag length (Decimal 10)
213-232FFFF98...000021Key Sequence Number
233-238DF9022Tag ID: Initialization Vector (IV)
239-24008Tag length (Decimal 8)
241-256C407B8...ECE032Initial Vector (IV). Used in CBC 3DES Decryption.

Did this page help you?