PayConex™ and Decryptx®

Introduction

📘

What is Decryptx®?

Decryptx® is Bluefin’s payment card industry (PCI)-validated point-to-point encryption (P2PE) solution. It enables processors, payment gateways and software platforms to universally connect to Bluefin and thus offer our P2PE solution directly to your clients.

PayConex™ employs Decryptx® as the key security component for extracting and decrypting P2PE data.

BluePOS relies on this decryption workflow to securely process transactions from POS all the way to the Payment Processor for authorization. This is illustrated in the diagram below.

ShieldConex® Auto-Tokenization plays a role in this workflow as a PayConex™ token is returned for reissuing transactions.

📘

Did you know?

Even though Decryptx® is the primary decryption solution for P2PE MOTO, P2PE MOTO transactions are essentially considered to be card not present as the SREDKey devices perform the encryption on hardware-level as the merchant inputs the sensitive data over a phone call. For more details, see MOTO Transactions.

Card Present Transaction Flow

1. Encryption: PAN data is encrypted inside the point of sale device on hardware-level using SRED. The ECR then makes a request with the encrypted payload data via the PayConex™ V4 API. The API communicates with the PayConex™ services to process the transaction.
2. Decryption: Decryptx® translates encrypted PIN block and decrypts or translates PAN. After decryption, the data is processed into ASCII, HEX, or TLV format as needed. (P2PE is complete at this point).
3. Forwarding: Decryptx® forwards the decrypted elements to the PayConex™ Services, in this case the PayConex™ Gateway with the PCI-compliant environment in place.
4. Processor Authorization: These then proceed to the Payment Processor for authorization.
5. Auto-Tokenization: If successful, the Processor responds to the PayConex™ API with an async process to auto-tokenize and generate a PayConex™ token for reissuing or recurring payments.
   • If reused, this workflow follows the ShieldConex® Transaction Flow.
6. Vaulting: The PayConex™ Services vault the token on its way back for reissuing payments with savePayment set to true.
7. Response: The V4 API sends the response back to the client. In this case, the client is the POS systems.

More Guides and Tutorials

If you are interested in studying Decryptx® and devices in more detail, consider reading the following material:

• Decryptx®
• Decryptx® Parser
• Point to Point Encryption
• P2PE Manager®
• Device Management
• Processing Payloads

🚧

EMV Certification Requirement

Since the merchant must go through EMV certification process, the main focus of this documentation is the BluePOS Application that is fully EMV certified by Bluefin and ready for integration right away.

If you are an ISV and do not require integration with PAX devices supporting BluePOS (or other Bluefin certified devices) but want to do your own device integration and use the specific V4 API endpoints for processing CP/device transactions that require independent EMV certification, please contact our Bluefin Integrations Team. These REST API endpoints accept P2PE encrypted data on hardware-level as essential part of their requests so further knowledge of EMV payloads, tags, etc. is also required.

For the comprehensive list of Bluefin P2PE certified devices, check out:

• P2PE Devices
• Decryptx®: Bluefin Supported PCI-Validated P2PE Devices