WisePad

The BBPOS WisePad is a PCI 3.x SRED compliant mobile payment card reading device. It is capable of 3DES DUKPT encryption and supports manual card data entry, magnetic card swipes and smart card chip reads of Europay, MasterCard and Visa (EMV) chip cards. The WisePad must be connected to a host device; it communicates with its host device through Bluetooth 2.0 or a USB port. The device vendor, BBPOS, provides a number of software development kits (SDK)s (.NET, Android and iOS) to support the development of point of sale (POS) applications.

The Serial Number

Before processing a WisePad payload with Decryptx, first identify the device's serial number by calling the SDK's getDeviceInfo() method, which retrieves the device's parameters. The following is a sample output:

Bootloader Version: 3.3
Firmware Version: 3.16.031111
USB Connected: True
Charging: True
Battery Level: 4.161
Battery Percentage: 
Hardware Version: 6.0
Track 1 Supported: 
Track 2 Supported: 
Track 3 Supported: 
Product ID: 1000
PIN KSN: 02840620140175E00004
EMV KSN: 02830620140175E00012
Track KSN: 02820620140175E0001D

The device serial number (DSN) is the leading part of the Track Key Sequence Number (KSN). In this example the serial number is 02820620140175. Be careful not to confuse the Track KSN with the similar but different PIN KSN and EMV KSN.

Swiped Payloads

To capture a swiped payload use the SDK's startSwipe() method to initiate a magnetic stripe read. The card data will be passed into the callback listener onReturnCheckCardResult(). The following is a sample output:

Format ID: 60
Masked PAN: 476173XXXXXX0119
PAN: 
Expiry Date: 2212
Cardholder Name: DI TEST/CARD 01           
KSN: 02820620140175E0001D
Service Code: 201
Track 1 Length: 79
Track 2 Length: 40
Track 3 Length: 
Encrypted Tracks: 
Encrypted Track 1: 8E82CE1710B9692341933738C709E1142F66A3BD734329E6BC25694AD02F05E75906DBB8EE6DAE61D8A966242600823E050FA6D69266BD359282520443279FF3D2DD6CBCCDC17DC095C2884FB06BC38F
Encrypted Track 2: E5D332318BED5C981F7B54E32D6E35B7A5525D067655A0577D986E42AE4AB584DEDBC73CB32E5EF9
Encrypted Track 3: 
Partial Track: 
Track 1 Status: 
Track 2 Status: 
Track 3 Status: 
Product Type: 3
Track Encoding: ASCII

The Decryptx API Call

To make an API call to the Decryptx decrypt endpoint we need to include the encrypted blobs (8E82CE...6BC38F and E5D332...2E5EF9) and the KSN (02820620140175E0001D) from the payload above. The following is the decrypted values are returned by Decryptx:

Track 1

2542343736313733393030313031303131395e444920544553542f4341524420303120202020202020202020205e323231323230313131373538393030353430303030303030343032363332383f4200

Track 2

3b343736313733393030313031303131393d32323132323031313735383935343038393632393f36

These values are hexadecimal encoded, to obtain the Track 1 and Track 2 data they must be converted to ASCII:

Track 1 (ASCII)

%B4761739001010119^DI TEST/CARD 01 ^2212201117589005400000004026328?B

Track 2 (ASCII)

;4761739001010119=22122011758954089629?6

EMV Payloads

To capture EMV data, use the SDK's getEmvCardData method to initiate EMV card data read. The card data will be passed into the callback listener onReturnEmvCardDataResult(). The data will be output in tag length value (TLV) format.

📘

What is TLV?

Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).

Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.

The WisePad device outputs a number of standard EMV TLV values, including:

• 5F20: the cardholder name.
• 5F24: expiration date.

It also outputs a number of custom TLV values, including:

• C4: the masked PAN.
• C5: encrypted data.
• C3: KSN for encryption data.

The following is a sample of EMV card data:

5F201A444920546573742F4361726420303120202020202020202020205F2403221231C5400A394F797BEA32971C9A14316A3A9020609BB6C41D33A90FBA69124696F1F0F61AE47A3247ADC39F2A0DB891219A4FF28E1FB1333F2C2DD850531662C3D5DBE2CD0848C2150987F7C265CE0A02850620140175E00034C30A02830620140175E00013C408476173FFFFFF0119

This data is parsed as follows:

To make an API call to the Decryptx decrypt endpoint, include the encrypted data from the C5 tag (0A394F...D5DBE2) and the KSN (02830620140175E00013) from the TLV string. The decrypted value that Decryptx outputs is a TLV string containing the following standard EMV TLVs:

• 9F1F - Track 1 Discretionary Data
• 5A - Application Primary Account Number (PAN)
• 57 - Track 2 Equivalent Data

The string can be parsed as follows:

9f1f183137353839303038393330303030303030303030303030305a08476173900101011957134761739001010119d22122011175898938900f6000000000000

This data is parsed as follows: