Yes. CardConnect provides a Desktop Tokenizer application that can be used to operate the device to prompt a user to swipe or manually key in a card.

The Desktop Tokenizer is a CardConnect application that enables the activation and operation of a CardConnect terminal device. The Desktop Tokenizer application comes in two versions: an executable application .exe file or a web page. The Desktop Tokenizer is available when direct device integration is not an option.

Note: Using the Desktop Tokenizer with terminal devices requires at least .NET 4.0 of the Microsoft .NET framework.

No. CardConnect terminal devices are encrypted with a CardConnect encryption key. The terminal devices communicate with the CardConnect Hardware Security Module (HSM) to decrypt the device encryption keys. The CardConnect terminal device also requires activation within the CardConnect Terminal Management System (TMS). Tokens generated with the use of the CardConnect hardware are only usable within the CardConnect gateway.

Terminal devices can be integrated directly with the use of the Desktop Tokenizer CCPanPad.DLL (with or without the use of TokenMux) or can be integrated to operate with the CardConnect Desktop Tokenizer. 

Yes. Upon request, CardConnect will provide documentation that can help ease the device integration process and sample application code to test device integration.

Additional requests for support can be submitted to ISVIntegrations@cardconnect.com

CardConnect currently supports the following terminal devices: 

• Ingenico 
  • iSMP4
    • Wi-Fi
    • Color Screen
  • iSC250
    • Signature Capture
    • Color Screen
  • iPP320
    • PinPad
• IDTech
  • SRED Key
    • Keyboard Emulation

CardConnect currently supports the following mobile devices: 

• Magtek: 
  • iDynamo(30-pin)
  • iDynamo 5(lightning)
  • uDynamo (auxilary)
• BBPOS
  • Chipper Mini (auxilary)

Yes. The Bolt Mobile SDKs for iOS and Android allow you to seamlessly integrate your mobile applications with the Bolt Mobile solution. See the Bolt Mobile SDKs Developer Guide for more information.

Yes. CardConnect supports the following

• Magtek Dynamag, 
• IDTech
  • SecuRED 
  • SREDKey

• Lane/3000
• Lane/5000
• Lane/7000
• Lane/8000
• Clover Mini
• Clover Flex
• VP3300
• Link 2500 (coming soon)

No. Integration of the P2PE terminal devices only produce tokens to replace card numbers.

No. You will be required to use the CardConnect assigned terminal devices. CardConnect P2PE enabled devices require injection of an encrypted key and need to be configured to communicate with the CardConnect Terminal Management System (TMS) for authentication.

No. You will be required to use the CardConnect assigned terminal devices. In order to remain P2PE compliant, CardConnect P2PE enabled devices require injection of an encrypted key and need to be configured to communicate with the CardConnect Terminal Management System (TMS) for authentication. For PCI compliance, CardConnect does not share any of its encryption device keys.

You can call IngenicoBase.cancel() to cancel the current command running on the Ingenico, but you will need to call that from another thread in your application. The Desktop Tokenizer does this by listening for the ESC key (via a background worker task) and then calling cancel(). Once initialized (via the initialize() method), there is no need to re-initialize during the application instance's lifetime.

The DLL does spawn a new thread when sending commands to the PanPad. However, there is not a timeout specified for Thread.Join() so it should wait indefinitely.

When a card is swiped on a terminal device, track data is submitted to CardConnect. CardConnect will generate a token and store the track data associated with the token. CardConnect stores track data with the generated token every time a card present transaction occurs. Track data is then released with the first transaction submitted for the generated token. Track data is released within 24 hours if unused.

Yes. A card with no chip will still be processed as a normal mag stripe transaction.

Yes. If a card with a chip is swiped, the terminal prompts the user to insert the card to force an EMV transaction.

Yes. The CardConnect Ingenico iSC250 device supports signature capture. Captured signatures are stored with a token. The signature acquired is used with the first authorization submitted with the generated token. A signature can then be extracted to be printed on a receipt.

Yes. The signature can be extracted, decoded, and printed on a receipt.

To retrieve a signature, a POST method is used with the following url:

(sample: https://fts.prinpay.com:6443/cardconnect/signature?retref=166850151142&merchid=496160873888)

What is then returned is a base64 encoded image string. The signature can be decoded using the returned string to get a .bmp image file. 

The format of the signature data is a Base64 encoded, GZipped BMP. (Base64(GZip(BMP signature data)) ). By using a terminal device with signature capture capabilities (like the Ingenico iSC250), the signature can be captured and sent to CardSecure for tokenization. The generated token is stored with the mime encoded signature bitmap and the token is returned to the merchant. When a merchant submits the authorization with the token, the signature is saved with the authorization record. 

Yes. With the exception of the IDTech SREDKey device, P2PE terminal devices connecting to a local machine require drivers to be installed locally. 

Note: Direct integration with terminal devices requires at least .NET 4.0 of the Microsoft .NET framework.

No. The SREDKey device operates with standard USB drivers and does not require device driver installation.

By integrating a CardConnect P2PE solution within a vendor software application, the vendor software application is removed from PCI scope because all card data is managed between the terminal device and a decryption device at the CardConnect data center. Clear text card data does not pass through the vendor application. The vendor application can store any of the returned CardConnect tokens as the tokens are not raw card data.

CardConnect P2PE terminal devices are preconfigured and registered within the CardConnect Terminal Management System (TMS). A terminal device cannot be used unless it authenticates and is enabled within TMS.

It is recommended that a merchant follows the CardConnect recommended inspection routines to determine if a terminal has been tampered with. 

For more information regarding terminal inspection, please see the CardConnect Integrated-Terminal Security Inspection Guide.

A terminal that you have identified as lost can be disabled by contacting the CardConnect support team. A terminal that produces over 20 errors is automatically disabled by CardConnect and the support team will be notified to contact you to inquire about it. 

CardConnect manages its terminals with its Terminal Management System (TMS). TMS is a module of the CardConnect payment gateway. The TMS has knowledge of all terminals ordered, including its serial number, encryption key, software version, and ship to location among other information.  The TMS can instruct a terminal to update its software version or remotely disable devices.

Terminal firmware upgrades are done through a remote push/pull transmission. CardConnect maintains the ability to push new firmware to devices. Upgrades are performed upon terminal device initialization. The CardConnect Integration Support Team will be able to communicate new versions/features and coordinate these updates through TMS. 

Please contact your CardConnect Sales Representative to inquire about terminal devices. 

P2PE terminals are preconfigured by a P2PE-certified vendor with a unique CardConnect assigned terminal ID. The assigned terminal ID and/or HSN is registered with the CardConnect Terminal Management System (TMS) for terminal ID authentication. When a device has been registered via TMS and is enabled, the terminal device will be able to submit encrypted card data and generate tokens.

Depending on the terminal device ordered and its configuration, integration can take up to 6 weeks. 

Note: Ingenico device orders require an extended period of time based on configurations, so you should coordinate with your sales engineer in advance. 

CardConnect takes a consultative approach to device integration and requires an approved projected scope for execution. 

The SREDKey devices works in USB Keyboard mode. Once a card is swiped or keyed, the encrypted data is available in the machine's clipboard and can be passed to the CardConnect gateway for processing a transaction.

The SREDKey device is encrypted with a key that keeps the data secure. The device decryption key is configured within the CardConnect Hardware Security Module (HSM) hardware. As a result, no clear card data traverses through your system when using the terminal device.

The extracted encrypted data from the SREDKey can be submitted directly to the CardSecure tokenization solution to request a token. The data can also be passed as part of a transaction.

CardConnect provides a tokenization solution called CardSecure. CardSecure uses a patented tokenization algorithm to convert card data into 16-digit number tokens or alpha-numeric tokens. These tokens can only be used within the CardConnnect gateway for transaction processing. Using/storing the CardSecure tokens releases a software application from PCI scope because the card data is replaced with tokens.

CardConnect can generate 16-digit numeric tokens or alpha-numeric tokens that can be used instead of card numbers. The token can be submitted within a transaction instead of the card number. The token is translated by CardConnect and submitted to the payment processor as part of the transaction.

Yes. The generated token reflects the last 4 digits of the card. The first digit of the token is always ‘9’ and the second digit reflects the first digit of the card. By looking at the second digit of the token, you can determine the card type:

• 3X= Amex
• 4X= Visa 
• 5X= Mastercard 
• 6X= Discover

No. A CardConnect token generated for a card does not expire. In the event a card is re-swiped or manually keyed within a device, the same token is generated for that card.