Cayan Genius Smart P2PE Instruction Manual

Genius Smart P2PE™

P2PE Instruction Manual

Public

Doc no: CO-PUB-0101

Version 1.5 – 15

November 2018

Error! No text of specified style in document.

Copyright notice

No part of this publication may be reproduced, copied, manipulated, altered, or transmitted in any form or by any means, electronic or mechanical, including, without limitation, by photocopy, imaging, or recording, without the express prior written consent in each case of the copyright owner. The names, trademarks, logos, and service marks displayed in this publication will be protected by the owner to the fullest extent of the law, and any use without the express prior written permission of the trademark owner is strictly prohibited. The information contained in this publication is current when published; however, the publisher reserves the right to update and modify the specifications or other product information at any time without notice.

Copyright notice ............................................................................................................................................. 2

Contents .......................................................................................................................................................... 3

1. P2PE Solution Information and Solution Provider Contact Details ............................................... 4

2. Approved POI Devices, Applications/Software, and the Merchant Inventory ............................. 5

3. POI Device Installation Instructions ................................................................................................... 8

4. POI Device Transit ............................................................................................................................... 21

5. POI Device Tamper Monitoring and Skimming Prevention .......................................................... 22

6. Device Encryption Issues .................................................................................................................... 31

7. POI Device Troubleshooting .............................................................................................................. 32

8. Additional Solution Provider Information ....................................................................................... 33

9. Appendix: Checklist for Remote Key Injection ................................................................................ 34

1. P2PE Solution Information and Solution Provider Contact Details

1.1 P2PE Solution Information

Solution name: Genius Smart P2PE

Solution reference number per PCI SSC website:

2017.01037.001

1.2 Solution Provider Contact Information

Company name: Cayan LLC

Company address: 1 Federal Street

Second Floor

Boston

MA 02110

Company URL: www.cayan.com

Contact name: Contact Center Services

Contact phone number: (1) (888) 249-3220

Contact e-mail address:

p2pe@cayan.com

P2PE and PCI DSS

Merchants using this P2PE Solution may be required to validate PCI DSS compliance and should be aware of their applicable PCI DSS requirements. Merchants should contact their acquirer or payment brands to determine their PCI DSS validation requirements.

2. Approved POI Devices, Applications/Software, and the Merchant Inventory

2.1 POI Device Details

The following information lists the details of the PCI-approved POI devices approved for use in this P2PE solution.

Note all POI device information can be verified by visiting:

https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_transaction_security.php

POI device vendor: Verifone

POI device model name and number: MX915: P132-40x-xx-xxx

Hardware version #(s): 3.x, Vault: 14.x.x; AppM: 8.x.x; SRED: 7.x.x, Vault: 16.x.x; AppM:

10.x.x

Firmware version #(s): Vault: 1.x.x, 3.x.x, 4.x.x, 11.x.x, 12.x.x, AppM: 1.x.x; 3.x.x; 4.x.x;

5.x.x, 5A.x.x, 6.x.x, SRED: 1.x.x, 3.x.x; 4.x.x; 5.x.x, OP: 1.x.x,

3.x.x; 4.x.x; 7.x.x, SRED 5.x.x.xxx, Vault: 13.x.x, AppM: 7.x.x, Vault: 17.x.x, AppM: 10.x.x, SRED: 7.x.x, OP: 7.x.x

PCI PTS Approval #(s): 4-10110

POI device vendor: Verifone

POI device model name and number: MX925: P132-50x-xx-xxx

Hardware version #(s): 3.x, Vault: 14.x.x; AppM: 8.x.x; SRED: 7.x.x, Vault: 16.x.x; AppM:

10.x.x

Firmware version #(s): Vault: 1.x.x, 3.x.x, 4.x.x, 11.x.x, 12.x.x, AppM: 1.x.x; 3.x.x; 4.x.x;

5.x.x, 5A.x.x, 6.x.x, SRED: 1.x.x, 3.x.x; 4.x.x; 5.x.x, OP: 1.x.x,

3.x.x; 4.x.x; 7.x.x, SRED 5.x.x.xxx, Vault: 13.x.x, AppM: 7.x.x, Vault: 17.x.x, AppM: 10.x.x, SRED: 7.x.x, OP: 7.x.x

PCI PTS Approval #(s): 4-10110

POI device vendor: Verifone

POI device model name and number: MX915: P177-40x-xx-xxx

Hardware version #(s): 4.x

Firmware version #(s): Vault: 12.x.x, AppM: 6.x.x, SRED: 4.x.x, OP: 7.x.x

PCI PTS Approval #(s): 4-10177

POI device vendor: Verifone

POI device model name and number: MX925: P177-50x-xx-xxx

Hardware version #(s): 4.x

Firmware version #(s): Vault: 12.x.x, AppM: 6.x.x, SRED: 4.x.x, OP: 7.x.x

PCI PTS Approval #(s): 4-10177

2.2 POI Software/application Details

The following information lists the details of all software/applications (both P2PE applications and P2PE non-payment software) on POI devices used in this P2PE solution.

Note that all applications with access to clear-text account data must be reviewed according to Domain 2 and are included in the P2PE solution listing. These applications may also be optionally included in the PCI P2PE list of Validated P2PE Applications list at vendor or solution provider discretion.

Does application

Application

vendor,

name and

version #

POI device

vendor

POI device model

name(s) and

number:

POI Device

Hardware &

Firmware Version

application

PCI listed?

(Y/N)

have access to

clear-text

account data

(Y/N)

Cayan, Genius version

5.2.*.*

Verifone MX915 P133-

40x-xx-xxx

MX925 P13250x-xx-xxx

Hardware version: 3.x Vault: 14.x.x; AppM: 8.x.x; SRED: 7.x.x, Vault: 16.x.x; AppM: 10.x.x

Vault: 1.x.x,

3.x.x, 4.x.x,

11.x.x, 12.x.x, AppM: 1.x.x;

3.x.x; 4.x.x;

5.x.x, 5A.x.x,

6.x.x, SRED:

1.x.x, 3.x.x;

4.x.x; 5.x.x, OP:

1.x.x, 3.x.x;

4.x.x; 7.x.x, SRED 5.x.x.xxx, Vault: 13.x.x, AppM: 7.x.x, Vault: 17.x.x, AppM: 10.x.x, SRED: 7.x.x, OP: 7.x.x

Y Y

Cayan, Genius version

5.2.*.*

Verifone MX915 P177-

40x-xx-xxx

MX925 P17750x-xx-xxx

Hardware version: 4.x

Vault: 12.x.x, AppM: 6.x.x,

Y Y

SRED: 4.x.x, OP: 7.x.x

2.3 POI Inventory & Monitoring

 All POI devices, must be documented via inventory control and monitoring procedures,

including device status (deployed, awaiting deployment, undergoing repair or otherwise not in use, or in transit).

 This inventory must be performed annually, at a minimum.

 Any variances in inventory, including missing or substituted POI devices, must be reported

to Cayan via the contact information in Section 1.2.

 Sample inventory table below is for illustrative purposes only. The actual inventory should

be captured and maintained by the merchant in an external document.

You must maintain an inventory of all your P2PE devices, including at least the following information about each device:

• Make and model

• Location

• Status

‒ Awaiting deployment ‒ Deployed ‒ Not in use ‒ Awaiting replacement

• Serial number

Important: You must use only PCI-approved P2PE devices to process transactions. If you process any transactions using devices that are not P2PE validated, you will no longer be considered P2PE compliant.

Sample Inventory Table

Device model

name(s) and

Device vendor

number: Device Location Device Status

Serial Number or

other Unique

Identifier

3. POI Device Installation Instructions

Do not connect non-approved cardholder data capture devices.

The P2PE solution is approved to include specific PCI-approved POI devices. Only these devices denoted above in table 2.1 are allowed for cardholder data capture.

If a merchant’s PCI-approved POI device is connected to a data capture mechanism that is not PCI approved, (for example, if a PCI-approved SCR was connected to a keypad that was not PCIapproved):

 The use of such mechanisms to collect PCI payment-card data could mean that more PCI DSS

requirements are now applicable for the merchant.

 Only P2PE approved capture mechanisms as designated on PCI’s list of Validated P2PE Solutions

and in the PIM can be used.

Do not change or attempt to change device configurations or settings.

Changing or attempting to change device configurations or settings will invalidate the PCIapproved P2PE solution in its entirety. Examples include, but are not limited to:

 Attempting to enable any device interfaces or data-capture mechanisms that were disabled

on the P2PE solution POI device

 Attempting to alter security configurations or authentication controls

 Physically opening the device

 Attempting to install applications onto the device

3.1 Installation and connection instructions

Getting started

To use Genius Smart P2PE, you can either purchase new devices from us or we can remotely inject keys into your existing devices. To use existing devices, they must be versions three or version four of Verifone’s hardware and be listed as PCI approved PTS devices.

Existing devices

To use existing devices:

• Complete “Appendix: Checklist for Remote Key Injection” on page 34 and send it to

P2PERequests@cayan.com

• After we remotely inject keys into your devices, complete “Verifying that the Genius device is ready” on pages 12 to 13 and “Testing a transaction” on page 14.

• All other sections of the PIM apply when using existing devices, except for section 5.3 on pages 28 to 30.

New devices

3.1 Installation and connection instructions

Before you install your Genius device, please complete the following tasks:

• Locate your MerchantWARE credentials. These were sent in an email from Cayan, which contains the words “MerchantWARE Credentials” in the subject line.

• Check that your Internet connection is functioning correctly, and that there is an available network port on your router/switch.

Note: A video tutorial is available at cayan.com/setup

Genius components

Genius device

Ethernet cable Utility cable AC adapter

3.1 Installation and connection instructions

Connecting the communications module

1. Turn the Genius device upside-down and place it on a flat, stable surface. Firmly press the flexible tabs and push up to remove the communications module.

2. Hold the module securely in your hands and slide the metal plate out.

3. Attach the utility cable connector as shown and slide the metal plate back into place.

4. Insert the communications module into the Genius device.

Connecting to the network

3.1 Installation and connection instructions

1. Connect one end of your Ethernet cable to an available port on your router/switch.

2. Connect the other end of the Ethernet cable to the Ethernet port on the utility cable.

Powering the Genius device

1. Check that the communications module is firmly in place on the Genius device.

2. Connect the AC adapter to the +12V connection on the utility cable and plug the adapter into a power socket.

+ 25 hidden pages

Cayan Genius Smart P2PE Instruction Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Copyright notice

Contents

1. P2PE Solution Information and Solution Provider Contact Details

2. Approved POI Devices, Applications/Software, and the Merchant Inventory

3. POI Device Installation Instructions