Ingenico RUA Series

Ingenico manufacturers a number of PCI 5.X certified payment terminals. The terminals allows contactless, card insertion, and card swipe entry methods. The device is a firmware based device and the RUA SDK is used to communicate to the machine. The terminal supports DUKPT encryption of track data.

The following guide outlines how to extract the P2PE data from RAA payloads for processing on decryptx. At Bluefin we have integrated and verified the following RUA devices:

• Ingenico Moby5500

Obtaining the Payload

Typically, RUA terminals are connected to host computers that run special software referred to as point of sale (POS) applications. POS applications obtain payment data from a paired terminal and sends the data to a card payment processing gateway. Conveniently, Ingenico's developer portal has a number of RUA software development kits for a wide variety of operating systems and development languages. They make it easy for POS applications to obtain data from payment terminals.

Note the following payload examples are using the PackedEncrypedTrack payload information to highlight all the steps involved in preparing the track information for decryption. The SDK should output the encrypted track data as well and that can be used in place of the PackedEncryptedTrack data to remove extra steps.

Swiped Payloads

Request

EMVStartTransaction

Response

KSN : FFFF9999990000800041

PackedEncryptedTrack :
$77$6JLv/DuvzLo20gXz7Y1sy4y3IUetkKuoskWTBVxtRI7dxsUKtPrpLPdny6/S502748UxPMDjrPfP19jAweO6fDTTsKBkL3oneD06XX7fjpoE0A0X+Vzz81e6Pu5o1nVgNC/tAc7x5BkpuNuW64LrfaIkgTcVBYq6xpdXRm2bTXM=

EncryptedTrack : E892EFFC3BAFCCBA36D205F3ED8D6CCB8CB72147AD90ABA8B24593055C6D448EDDC6C50AB4FAE92CF767CBAFD2E74DBBE3C5313CC0E3ACF7CFD7D8C0C1E3BA7C34D3B0A0642F7A27783D3A5D7EDF8E9A04D00D17F95CF3F357BA3EEE68D67560342FED01CEF1E41929B8DB96EB82EB7DA224813715058ABAC69757466D9B4D73

Processing swiped data

To prepare the encrypted payload for decryption, first remove the $77$ from the PackEncryptedTrack data.

6JLv/DuvzLo20gXz7Y1sy4y3IUetkKuoskWTBVxtRI7dxsUKtPrpLPdny6/S502748UxPMDjrPfP19jAweO6fDTTsKBkL3oneD06XX7fjpoE0A0X+Vzz81e^Pu5o1nVgNC/tAc7x5BkpuNuW64LrfalkgTcVBYq6xpdXRm2bTXM=

Next covert the payload to HEX

E892EFFC3BAFCCBA36D205F3ED8D6CCB8CB72147AD90ABA8B24593055C6D448EDDC6C50AB4FAE92CF767CBAFD2E74DBBE3C5313CC0E3ACF7CFD7D8C0C1E3BA7C34D3B0A0642F7A27783D3A5D7EDF8E9A04D00D17F95CF3F357BA3EEE68D67560342FED01CEF1E41929B8DB96EB82EB7DA224813715058ABAC69757466D9B4D73

Send the payload and KSN to decrypt for decryption

FFFF9999990000800041

And the following is returned.

564e2542343736313733303030303030303031315e554154205553412f5445535420434152442030312020202020205e323431323230313131343338303434303030303030303030303030303030303f57273b343736313733303030303030303031313d32343132323031313330333133303630303030303f58000000000000

Note the decrypted data is in Tag, Length, Value (TLV) format

📘

What is TLV?

Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).

Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.

EMV Payloads

Request

EMVStartTransaction

Response

KSN : FFFF9999990000800043

EncryptedTrack: BFFC8884C89A4BE041A589059A53C20848130B3B70A5EDDFF9B6D998A6752B14C35BEB9D027EFE66

PackedEncryptedTrack : $77$v/yIhMiaS+BBpYkFmlPCCEgTCztwpe3f+bbZmKZ1KxTDW+udAn7+Zg==

Extracting the Decryptx Parameters

The encrypted data is stored in the 57 TLV tag.

The KSN and Encrypted Track data is sent to Decryptx to be decrypted and the following is returned.

"value":"5a08476173000000001157134761730000000011d24122011303130600000f00"