POS Integrado

The integrated POS allows transactions with a Credit/Debit/Prepaid card with Transbank using the serial port of a PC or Cashier. Communication with Transbank and the logic of processing a financial transaction is carried out by the POS team, thus facilitating integration with a cash system.

Supported Transactions

• Sale.
• Closing.
• Annulment.
• Last sale.
• Sales detail.
• Totals.
• Loading keys.
• Poll (POS - checkout communication test).
• Change to normal POS mode.
• Multicode sale.
• Last multicode sale
• Multicode sales detail.

Requirements

Local Requirements

• The business must have its own cash system, with the following desirable characteristics:
  • Product reading system (scanner / code).
  • Stock system.
  • Quadrature System.
  • System Support Provider.
  • Remote access.
• The box must have at least one port RS232 or failing that, with an exclusive USB input for the POS Device.
• The business must have exclusive points in each location to connect to the Internet via Lan RJ45 the POS.
• It is recommended to segment the bandwidth with exclusive 300 kb for the use of the POS, since when there are batch processes, security cameras, use of desktop applications, etc. under the same segment can affect a transaction if the contracted bandwidth is not high enough.
• The premises must have an exclusive power point of 220v to plug in the POS.

Trade Requirements

• The business must have one or more areas in charge of the following points:
  • Contingency procedures in the event of Internet signal and electrical power outages.
  • Backup and Recovery Procedure for operations carried out in Transbank's Integrated POS.
  • Homologation in cash system versions.
  • Homologation in Cash Operating System.
  • Management of Supervisory Passwords and users of the Operating System.
  • Security procedures and responsibility in the use of the information provided by Transbank and Clients.
  • Training and dissemination of use of new systems.
  • Systems Manuals.
  • Network Support.

Security

Confidentiality of information

In accordance with current regulations, transactions with Credit and Debit Cards incorporate the following security elements in the system:

• The information read at the point of sale is NOT stored in any system.
• For purposes of balancing and identifying transactions, the OPERATION NUMBER will be used.

Processing of Card Tracks

The information recorded on Track I and Track II is read only by security devices (POS). These devices encrypt the content of Track I and Track II.

Treatment of sensitive data

To ensure the confidentiality of the information, the transaction messages or at least the sensitive data (in addition to the PIN) travel encrypted in the different sections of the connection, both in the request and in the response. As sensitive data are considered: card number, expiration date, account number and transaction amount (data validated in Message Authentication or MAC).

The Master/SessionKEY model

The current key management method is the so-called Master/Session Key, in which the PED (Pin Entry Device) are loaded in a secure environment with a Master Key and the Working Key or Session Key is loaded remotely.

The current procedure to encrypt a PinBlock on the Pin Pads is as follows:

• The Working Key is decrypted using the Master Key that the PED has loaded.
• With the Working Key, the PinBlock is encrypted and sent to the server.

The Working Key is changed periodically (at least at each closure), to prevent it from being discovered by third parties.

This key management model is the one used for MAC keys.

The DUKPT Model – PIN Encryption

The new key management method for PINs that Transbank will use is the so-called ―Unique Key derived by transaction or DUKPT for its initials in English.

Under this method, PEDs are initialized in a secure environment, with identification data specific to each PED (Bypass Key Identifier, Unique PED Identifier, and a transaction counter started at zero), plus an initial key that is calculated using the data of each PED and the base derivation key. With this initial key the next encryption key for PIN is generated. This process is carried out with an asymmetric function (DUKPT of the PinPad), that is, a one-way function, so that the PED is not capable of generating any key prior to the current one.

MAC calculation

To ensure the integrity of the information that travels to and from the Merchant Authorizer, a message authentication code (MAC) is introduced, which is sent in the request message and validated by the Transbank Authorizer upon receipt. In turn, the Transbank Authorizer sends a MAC code for the response message, which must be validated by the box. If the validation made by the MAC code box is negative, it must generate a reversal. The reverse transaction must be the same as the response received but with the RESPONSE CODE field set to 989 and the MESSAGE SUBTYPE field set to R. When the Transbank Authorizer detects an invalid MAC in the request message, it sends a response message with reject code 898 (invalid MAC).

Management of MAC keys (Message Authentication Code)

The cryptographic keys for the generation of MAC (MAC working key) are handled according to the following:

• The working keys are generated by the Transbank system and transmitted online for each of the terminal IDs defined in the client business.
• For the loading and/or changing of the MAC working keys, the CIERRE BATCH and LOAD DE KEY transactions are used (See Administrative Transactions).

The MAC working keys are updated in each new transaction handled by Transbank. So the box must register this new key for use in the next transaction. The keys should be changed automatically every day. This implies that there must be a mandatory initialization or closing procedure in each box (ID terminal) that is executed automatically every day and that as part of this procedure a BATCH CLOSURE or KEY LOAD transaction is sent to Transbank for each box (terminal ID).

The working keys (MAC) are transmitted encrypted using the DES algorithm (data to be encrypted is the working key) with an encryption key called master key, defined by Transbank. Transbank defines a master key for PIN and another master key for MAC.

Transbank initially loads the master keys in each POS, an operation that is carried out prior to their installation in the tills.

To load the PIN and MAC master keys, the POS model used must have a key loading device that will be managed by Transbank and that allows:

Enter the master keys in the device, which cannot be modified, violated or adulterated. Load the master keys connecting one by one the POS to the device

Technical Key Management

To access the Options Menu for Technician, you must be accredited with the RUT and the Password that corresponds to this RUT. This key is dynamically generated, with a maximum expiration of 31 days.

Supervisory Key Management

In the older versions, each store had a supervisory card that allowed them to authenticate themselves to carry out closings, cancellations and other operations. From 2011 onwards, during the self-installation process, the supervisor password will be entered, and it will be stored until the merchant wishes to change it, this being their responsibility. If the merchant forgets this password, there is a master merchant password that allows a new merchant password to be entered. To obtain it, you must call Customer Service, from cell phones 600 638 6380 and from landlines +56 2 2661 2700.

Management of Trade Master Key Activation

The request for this password is made to Customer Service, from cell phones 600 638 6380 and from landlines +56 2 2661 2700.

Do you have any integration questions?

Join the community of integrators on Slack and share good tips helping newcomers or looking for alternative solutions. Our team is there to help you.

If you still have questions send us a message

Send us a message.

If you need to resolve any type of incident on the portal or if there is a problem with your integration that you have not been able to resolve, contact us through our form.