Page 1
MX 800 Series
Installation Guide
Page 2
MX 800 SERIES INSTALLATION GUIDE
Page 3
MX 800 Series Installation Guide
Revision 1.2
November 23, 2009
®
VeriFone
2099 Gateway Place
Suite 600
San Jose, CA 95110
Telephone: 408-232-7800
http://www.verifone.com
Printed in the United States of America.
© 2009 by VeriFone, Inc.
No part of this publication covered by the copyrights herein may be reproduced or copied in any form or by
any means — graphic, electronic, or mechanical, including photocopying, taping, or information storage and
retrieval systems — without written permission of the publisher.
The content of this document and all features and specifications are subject to change without notice. The
information contained herein does not represent a commitment on the part of VeriFone, Inc.
Publications are not stocked at the address given above. Requests for VeriFone publications should be
made to your VeriFone representative.
VeriFone, the VeriFone logo, and Ruby SuperSystem are registered trademarks of VeriFone, Inc. Sapphire,
Topaz, HPV-20, Ruby Manager, Everest, E
MX850, MX830, Omni, Verix, ZONTALK, VeriTalk, VeriShield, TXO, and VisualPayments Suite are
trademarks of VeriFone, Inc. in the U.S. and/or other countries. All other trademarks or brand names are the
properties of their respective holders.
, Inc.
ASY ID, Electronic Journal On-site, Ruby Card, MX870, MX860,
MX 800 SERIES INSTALLATION GUIDE
Page 4
MX 800 SERIES INSTALLATION GUIDE
Page 5
CONTENTS
PREFACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Document Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Conventions Used in This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
CHAPTER 1
Features Overview of the MX 800 Series Terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Modular Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Display Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Factory Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Speakers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Optional Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Total Cost of Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
CHAPTER 2
Installation Installing the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Unpacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Selecting a Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Stand Mount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
PIN Protection Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing Optional Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing Countertop Wedge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing I/O Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Installing MSAM Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing the Trimplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Installing the Stylus and Holster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Installing the Privacy Shield . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Connecting the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Multiport Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Connecting ECR in Tailgate Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Connecting to a Host PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Connecting to the Ethernet LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Connecting to USB Host or Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Power Up with the Multiport Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Calibrate Touch Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
CHAPTER 3
Maintenance Cleaning the Terminal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Cleaning the Display Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Magnetic Stripe Reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Smart Card Reader. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
MX 800 SERIES INSTALLATION GUIDE I
Page 6
CHAPTER 4
Specifications Terminal Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
PINpad Security
Best Practices
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Security Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Administrative Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Physical Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Technical Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Reference Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
ii MX 800 SERIES INSTALLATION GUIDE
Page 7
PREFACE
This guide is your primary source of information for setting up and installing the
MX 800 Series terminals, the MX 880
™
830
.
™
, MX 870™, MX 860™, MX 850™, and MX
Intended
Audience
Document
Organization
This guide is useful for anyone installing and configuring the MX 800 Series
terminals. A basic description of terminal features is also provided.
The following chapters are included:
Chapter 1, Features, explains the features of and factory options for the MX 800
Series terminals.
Chapter 2, Installation, explains how to install the MX 800 Series terminals.
Chapter 3, Maintenance, explains how to maintain your MX 800 Series terminals.
Chapter 4, Specifications, provides information on power, environment, and
dimensions of the hardware.
MX 800 SERIES INSTALLATION GUIDE 1
Page 8
Conventions
NOTE
CAUTION
WARNING
Used in This
Document
The following table describes the conventions used:
Table 1 Document Conventions
Convention Meaning
Blue
Courier Courier font is used when specifying text that you would enter at
Italic Italic font style indicates book titles or emphasis.
SCREENTEXT
Text in blue indicates terms that are cross referenced.
a command prompt.
Used when specifying on-screen text that is tapped or selected,
and for keys to be pressed.
The pencil symbol is used to highlight important information.
The caution symbol indicates possible hardware or software
failure, or loss of data.
The lightning symbol is used as a warning when bodily injury
might occur.
Acronyms
The following table describes the acronyms used:
Table 2 Acronyms
Convention Meaning
ECR Electronic Cash Register
EMI Electromagnetic Interference
DUKPT Derived Unique Key Per Transaction
MRA Merchandise Return Authorization
LAN Local Area Network
PED PIN Entry Device
RFID Radio Frequency Identification
SAM Security Access Module
MSAM Micromodule-Size Security Access Module
TIFF Tagged Image File Format
USB Universal Serial Bus
VGA Video Graphics Array
2 MX 800 SERIES INSTALLATION GUIDE
Page 9
Features
CHAPTER 1
This chapter presents an overview and feature list for the MX 800 Series
terminals.
MX 800 Series terminals are designed to offer customers outstanding flexibility
with the help of the terminals' unique modular design that supports a full line of
payment and value-added applications such as loyalty or prepaid cards. In
addition, they are easy to use, secure, and highly reliable–backed by two decades
of VeriFone leadership in electronic payment.
Overview of the
MX 800 Series
Terminal
Modular Design
The MX 800 Series offers customers the opportunity to efficiently mix terminals
within the same store or chain of stores–saving time and money on
implementation, maintenance, and training. The MX 880, MX 870, MX 860,
MX 850, and MX 830 share the following:
• Architecture — Linux, similar printed circuit boards, many of the same
applications.
• Upgrade modules — Terminals in different locations can be equipped with
different modules, as needed. Built-in upgradability protects investment,
allowing stores to adapt to changing trends.
• Multifunction connector — Accepts all available cables, reduces cost by
simplifying implementation and allowing cable upgrades.
• Mounting stands and wedges — Share the same keyhole pattern for secure
mounting.
• Footprint and “look and feel” — Offers consistency and simplifies training.
(Note that the footprint of the MX 880 is larger than the other models.)
MX 800 Series terminals offer outstanding flexibility due to their modular design.
Modules that can be added include contactless smart cards that use radio
frequency identification (RFID) based on ISO 14443 standards.
Display Features
MX 880
The MX 880 is a color 1/4 VGA payment device with a 5.7-inch display, touch
screen, and tactile keypad. Its chemically hardened glass screen resists scratches
and can be cleaned with normal glass cleaner.
MX 870
The MX 870 is a color 1/4 VGA payment device with a 5.6-inch display, and is
operated exclusively by touch screen.
MX 800 SERIES INSTALLATION GUIDE 3
Page 10
MX 860
The MX 860 has a 4.3-inch color display, touch screen, and numeric keypad.
MX 850
The MX 850 has a 3.5-inch color 1/4 VGA display, touch screen, and ATM-style
screen-addressable keys.
MX 830
The MX 830 has a 3.5-inch backlit, 16-shade grayscale display with optional touch
screen and ATM-style screen-addressable keys.
Stylus
The signature capture stylus is available for any MX 800 Series terminal with a
touch screen. Signature capture capability allows capture of virtual signatures,
which can be stored as tagged image file format (TIFF) files using capacitive
touch technology.
Features and
Benefits
Following are the features and benefits of the MX 800 Series terminals:
Table 3 Features and Benefits
Features Benefit
Optional upgradable modules Lets customers economically address today's needs,
while adding capabilities as desired; protects
investment.
Ethernet/USB (Universal Serial
Bus) connectivity
Safety glass touch screen The capacitive and electrostatic technology is highly
Signature capture capability Speeds customers through lanes; allows digital
Allows LAN connections for high-speed data
transfer, back-end clearing, and settlement.
Supports connections to electronic cash registers
(ECRs) and PCs using USB or Ethernet. USB Host
functionality supports other USB devices such as
USB memory drives.
Note: Ethernet is optional on the MX 830 terminal.
effective; provides better response with fingertip and
stylus; scratch-resistant.
Note: Touch screen is optional on the MX 830
terminal.
storage and retrieval,
lowers costs.
Triple-track magnetic card
reader
Smart card reader/writer Accepts chip cards conforming to the latest global
4 MX 800 SERIES INSTALLATION GUIDE
Logically oriented for improved read rates; handles
magnetic stripe cards, including drivers’ licenses.
standards.
Page 11
Table 3 Features and Benefits (Continued)
Features Benefit
PCI PED-compliant PINpad Virtual PINpad complies with PCI regulations for
improved security.
High Resolution Display Supports sophisticated applications with full-motion
video.
Privacy Filter (Optional) PED-compliant privacy screen, protecting the
consumer's PIN entry.
Sophisticated security Includes 3DES encryption, Master Key/Session Key
and Derived Unique Key Per Transaction (DUKPT)
key management; also incorporates VeriShield file
authentication and tampering safeguards.
32-bit microprocessor Streamlines processing, even on complex
transactions.
Flash and RAM Ample memory to support multiple payment and
value-added applications simultaneously.
RS-232/RS-485 ports Provides connectivity for ECRs in tailgate mode
using RS-485, and for peripherals using RS-232.
Audio MX 870 — Internal speakers. Includes output jacks
for external speakers.
Factory
Options
Speakers
Optional Modules
MX 860 and MX 850 — Audio is optional.
MX 830 — No audio.
Factory options are available for the MX 800 Series terminals, depending on your
needs.
The MX 870 terminal is the only terminal with built-in speakers for tones and
prompts. A line-out port is available to drive externally powered speakers for some
models of the MX 860 and MX 850, but not for the MX 830.
The MX 800 Series offers upgradable modules that can be installed in the factory
or upgraded after distribution to the field. All modules can be installed easily and
efficiently. Complete installation instructions are found in the Installing Optional
Components section.
Contactless Reader Module
The optional contactless smart card module incorporates RFID technology based
on the ISO 14443 standard. The “tap-and-go” design conforms to industry
specifications. A smart card is read when it is placed in close proximity
(1 in. to 3.9 in. or 2.5 to 10 cm) to the reader, reducing wear and tear on card
readers and cards. Contactless readers can be used to support any number of
payment and value-added applications. See Installing Optonal Components for
more information.
MX 800 SERIES INSTALLATION GUIDE 5
Page 12
Applications Standard payment applications are available from VeriFone to interface with most
ECRs. Applications for the terminals are written using a C-based programming
language. These programs can be downloaded directly from an ECR or a
development PC using the MX 800 Series terminal System Mode.
Terminal System Mode can also be used for diagnostics, changing the password,
and Master Key injection. For further information on System Mode, see the
MX 800 Series Reference Manual.
Total Cost of
Ownership
The MX 800 Series terminals have been designed to be flexible and future proof,
delivering a low total cost of ownership.
The modular terminals can be configured at the factory or in the field by a trained
technician. The flexibility and versatility of the terminals allow use of the terminals
with different capabilities in different stores or locations. The terminals can be
purchased with the modules that meet today's requirements, and other
capabilities can be added as and when needed.
6 MX 800 SERIES INSTALLATION GUIDE
Page 13
Installation
WARNING
Cable Tie-down
Strap and Screw
Power Pack
Multiport Cable
Stylus and Tether
(Optional)
Privacy Shield
Stylus Mounting
Holster (Optional)
CHAPTER 2
This chapter describes the MX 800 Series installation procedures and includes
connection examples.
Installing the
Device
Unpacking
This section presents installation guidelines for the MX 800 Series terminal.
Open the shipping carton and carefully inspect the contents for possible
tampering or shipping damage.
Do not use a damaged terminal.
Figure 1 Example of Terminal Product Components
MX 800 SERIES INSTALLATION GUIDE 7
Page 14
To unpack the
shipping carton
1 With the shipping carton right side up, open the top and remove all items from
the carton:
• Terminal unit
• Cable tie-down strap and screw
• Power pack (power supply)
• Multiport cable
• Stylus and tether (optional)
• Mounting holster (optional)
• Privacy Shield
2 Remove the protective plastic wrap from the display and other components.
3 Place the components on a table or countertop.
4 Save the shipping carton and packing material for repacking or moving in the
future.
8 MX 800 SERIES INSTALLATION GUIDE
Page 15
Selecting a
WARNING
WARNING
Location
Use the following guidelines to select a location for the MX 800 Series terminal.
1 Select a location for the terminal that offers adequate ventilation and
protection and is convenient for the user and merchant.
The MX 800 Series terminal is designed for indoor use only.
2 Place the MX 800 Series terminal on a flat surface, such as a table or
countertop, or mount it on a mounting stand supplied by VeriFone.
Avoid areas with:
• Excessive heat or dust
• Oil or moisture
• Devices that cause excessive voltage fluctuations or electrical noise, such
as air conditioners, fans, electric motors, neon signs, or high-frequency
security devices must be no closer than 24 inches
• Direct sunlight or objects that radiate heat
3 For sites that use deactivator pads (for example, the Senormatic) used to
deactivate magnetic labels, position the MX800 Series terminal at least 12 to
18 inches away from the pad. The EMI field from the pad is normally directed
upward and radiates outward at an angle. Therefore, keeping the MX 800
Series terminal low and away from the pad usually reduces interference. For
information about detecting excessive EMI fields, see the MX 800 Series
Troubleshooting Guide.
4 Position the terminal conveniently in relation to power and ECR or LAN
connections.
Do not use the MX 800 Series terminal near water, including a bathtub, wash
bowl, kitchen sink, or laundry tub. Do not use in a wet basement or near a
swimming pool.
5 Before connecting the terminal to the power pack, complete the installation
by connecting all the cables (see Connecting the Device and Power Up with
the Multiport Cable).
Stand Mount
In most retail spaces, the terminal is positioned on a stand mount. To install the
terminal on the stand mount:
1 Install the stand mount on the countertop in the desired lane over an
appropriate hole through which the wiring connections can be threaded.
2 Thread all wiring connections through the center of the stand mount.
3 Make all wiring connections.
MX 800 SERIES INSTALLATION GUIDE 9
Page 16
4 Attach the cable tie-down strap with the supplied screw.
5 Align and seat the three pins on the top plate of the stand mount platform with
the three key-hole slots on the bottom of the terminal (Figure 2).
6 Slide the terminal down until the unit seats securely.
Figure 2 Aligning MX 800 Series Terminal with the Typical Mounting
Plate
7 Position the stand so that it is protected from being bumped by shopping
carts or other items. Being bumped and potentially trigger the system into
“thinking” a breach attempt has occurred, causing the encryption keys to be
cleared.
PIN Protection
Measures
The following techniques can be employed to provide for effective screening of
the PIN-entry keypad during the PIN entry process. These methods would
typically be used in combination, though in some cases a method might be used
singly.
• Positioning of terminal on the check-stand in such a way as to make visual
observation of the PIN-entry process infeasible. Examples include:
• Visual shields designed into the check-stand. The shields may be solely
for shielding purposes, or may be part of the general check-stand design.
• Position the PED so that it is angled in such a way that PIN spying is
difficult.
• Installing PED on an adjustable stand that allows consumers to swivel the
terminal sideways and/or tilt it forwards/backwards to a position that makes
visual observation of the PIN-entry process difficult.
• Positioning of in-store security cameras so that the PIN-entry keypad is not
visible.
The following table describes the two preferred mounting methods and the
recommended measure to protect from PIN capture in four observation corridors:
10 MX 800 SERIES INSTALLATION GUIDE
Page 17
Table 4 Mounting Methods and Protection Measures
NOTE
Method Cashier Customer In Queue Customers Elsewhere
Countertop
without stand
Countertop
with stand
Use signage
behind the
PED
No action
needed
Install so that customer
is between PED and
next in queue
Install so that customer
is between PED and
next in queue
No action needed
No action needed
VeriFone also recommends instruction of the cardholder regarding safe PIN-entry.
This can be done with a combination of:
• Signage on the PED
• Prompts on the display, possibly with a “click-through” screen
• Literature at the point of sale
• A logo for safe PIN-entry process
For a detailed discussion of PINpad Security Best Practices, see Appendix A.
Installing
Optional
Components
Installing
Countertop Wedge
To install the
countertop wedge
This section discusses the installation procedures for the optional components
available for the MX 800 Series terminal. Your terminal may already have some of
these options, as modules can be installed at the factory or in the field.
The countertop wedge raises the rear section of the MX 800 Series terminal by an
angle of 10 degrees to facilitate use of the screen (Figure 3).
Figure 3 Countertop Wedge: Rear View of the MX 800 Series Terminal
1 Align the pins in the countertop wedge with the two key holes on the bottom
of the MX 800 Series terminal (Figure 4).
2 Slide the countertop wedge firmly into position.
MX 800 SERIES INSTALLATION GUIDE 11
Page 18
3 Route the multiport cable through the races in the countertop wedge or
NOTE
through the races underneath the wedge.
Figure 4 Installing the Countertop Wedge
.
Installing I/O
Modules
Use the following steps to install optional I/O modules:
The retaining screws are captive, which means they do not actually separate
from their seats, but only from the mounting hole.
1 Loosen the module retaining screw on the bottom of the terminal (Figure 5)
until the old module can slide out.
Figure 5 Removing the old I/O Module
12 MX 800 SERIES INSTALLATION GUIDE
Page 19
2 Slide the module into place (Figure 6) and secure the retaining screw.
Figure 6 Installing the Module
Installing MSAM
Cards
Follow the steps below to install smart cards (MSAM cards).
Often merchants are issued MSAM cards to run small applications, such as loyalty
programs. MSAM cards are used only with MX 800 Series terminal smart card
configurations.
1 Unplug the power pack from the multiport cable.
2 Place the terminal upside down on a soft, clean surface to protect the lens
from scratches.
3 Remove the MSAM compartment door screw and rotate the door up and
back to access the MSAM cardholders.
Figure 7 Removing the MSAM Compartment Screw and Door
MX 800 SERIES INSTALLATION GUIDE 13
Page 20
4 Remove any previously installed MSAM card by sliding the card from the
NOTE
MSAM cardholder.
Figure 8 Removing Installed MSAM Card
Before inserting the MSAM card, position it with the card’s gold contacts facing the
smart card reader end of the terminal. The cardholder connector base has a set of
contacts and a notch on one corner to ensure the MSAM card is positioned
correctly. The MSAM card has a notch on one corner to ensure that it fits into the
connector base in only one way. The MSAM compartment door will not close
properly if the MSAM cards are installed incorrectly.
5 Install an MSAM card by aligning the card and carefully sliding it within the
guides on the cover until it is fully inserted.
Figure 9 Inserting the MSAM Card
14 MX 800 SERIES INSTALLATION GUIDE
Page 21
6 Reinstall the compartment cover and door screw.
Figure 10 Reinstalling the Compartment Door and Screw
Installing the
Trimplate
Installing the
Stylus and Holster
The MX 800 Series terminal can be fitted with interchangeable trimplates to
customize the appearance of the terminal. Trimplate installation for the MX 880
and MX 870 is explained below. Trimplates for the MX 860, MX 850, and MX 830
are snapped straight down and are not rocked into place.
1 Insert the trimplate by lining up the three notches of the face plate into the
unit.
2 Firmly snap the top part of the trimplate to secure it.
Figure 11 Installing the Trimplate
There are two types of styluses, wide and thin, and each has its own holster. Use
the following steps to install the stylus its holster.
1 Turn the MX 800 Series terminal over and locate the two screw holes for
attaching the holster. Do one of the following:
• For the thin stylus holster, route the stylus cable through a channel in the
holster and then attach the holster using the two screws. The cable should
be in the channel between the holster and the terminal.
MX 800 SERIES INSTALLATION GUIDE 15
Page 22
• For the wide stylus holster, attach the holster to the terminal using two
NOTE
screws as shown in Figure 12.
Figure 12 Attaching the Holster
2 Plug the stylus cable into the top of the terminal.
Figure 13 Plug in the Stylus Cable
3 For the wide stylus, secure the cable into the two strain relief tabs on the
underside of the holster.
Check the stylus cable on a regular basis to make sure it is securely attached to
the strain relief tabs on the holster. This will prevent the stylus from being pulled
out of, and possibly damaging, the terminal.
16 MX 800 SERIES INSTALLATION GUIDE
Page 23
Installing the
WARNING
NOTE
Privacy Shield
To install the privacy shield, insert one of the tabs on the shield into one of the
slots on the side of the keypad and snap into place.
Figure 14 Installing the Privacy Shield
Connecting the
Device
Multiport Cable
This section provides brief descriptions of possible MX 800 Series terminal device
connections and the power pack connection. For complete information about
installing and using an optional device, see the user documentation supplied with
that device.
Ensure that the multiport cable is not connected to a power pack before attaching
the multiport cable to the MX 800 Series terminal.
The MX 800 Series terminals use a multiport cable (Figure 15) to make most
connections, including connections to:
• ECR
• Ethernet LAN
• Development/host PC
• Serial cable
• USB
• USB device
• Power input
• Audio output
Some multiport cables require additional cabling to work; for example a pigtail for
certain ports or Ethernet cable.
MX 800 SERIES INSTALLATION GUIDE 17
Page 24
Figure 15 Sample Multiport Cable: Front and Rear
CAUTION
Improper installation or removal of the terminal connector may permanently
damage the MX 800 Series terminal.
The following precautions must be taken with multiport cables:
• Do not force the terminal connector into place.
• Always make sure that all of the pins are lined up in correct parallel fashion
before applying light pressure to snap the terminal connector into place.
• Do not attempt to remove the terminal connector by pulling directly on the
cable. Instead, firmly grasp the sides of the terminal connector with thumb
and forefinger, then pull out at the same angle the connector on the
terminal is facing.
• Disconnecting the power source during transaction processing may cause
loss of transaction data.
18 MX 800 SERIES INSTALLATION GUIDE
Page 25
Connecting ECR in
CAUTION
TIE-DOWN STRAP
Tailgate Mode
To connect an ECR to the MX 800 Series terminal, insert the multiport cable plug
into the bottom socket on the terminal and install the tie-down strap as shown in
Figure 16. Then connect the RS485 tailgate connector to the desired 12-volt port
on th back of the IBM register, such as 9A or 9B.
Use caution because the various ports on the back of the register have different
voltages. Plugging into the wrong port may damage the register or the MX 800
Series terminal.
Figure 16 Example ECR Connection
MX 800 SERIES INSTALLATION GUIDE 19
Page 26
Connecting to a
HOST COMPUTER FOR
USB PORT
MX 800
TERMINAL
MULTIPORT
CONNECTOR
DOWNLOADS OR DEBUGGING
TIE-DOWN STRAP
Host PC
To connect the MX 800 Series terminal to a development PC, see Figure 17,
which shows a USB connection with the 23741-02-R multiport cable. Note that
USB drivers are required to support this configuration..
Connecting to the
Ethernet LAN
Connecting to
USB Host or Hub
Figure 17 Host PC Connection
To connect the MX 800 Series terminal to an Ethernet LAN through the Ethernet
port using a standard Ethernet cable, insert the LAN cable from the LAN router or
hub into the Ethernet port on the multiport cable.
Connecting to a USB host or hub requires VeriFone USB cable (P/N 23741-02-R).
To connect to a USB host or hub:
1 Insert the multiport cable plug into the bottom socket on the terminal, secure
with the tie-down strap, and route the cable through the slots to the desired
exit side.
2 Plug the USB connector of the multiport cable into the USB host or hub.
20 MX 800 SERIES INSTALLATION GUIDE
Page 27
Power Up with
NOTE
WARNING
NOTE
the Multiport
Cable
The power outlet
This section describes how to connect the MX 800 Series terminal to a power
source using the multiport cable.
If connected to an ECR, the MX 800 Series terminal can receive power from the
ECR.
Do not plug the power pack into an outdoor outlet or operate the terminal
outdoors.
The power outlet should be on a dedicated circuit or on an uninterruptible power
supply (UPS). If other devices are plugged into the same circuit, the MX 800
Series device can potentially experience power fluctuations that might cause it to
malfunction.
1 Make all other connections before connecting the power pack.
2 Insert the multiport cable connector into the port on the back of the terminal
and secure with the tie-down strap (see Figure 18).
3 Route the cable through the slots to the desired exit side.
4 Insert the plug from the power pack into the +12V receptacle on the multiport
cable.
MX 800 SERIES INSTALLATION GUIDE 21
Page 28
5 Plug the power pack into an indoor electrical power outlet (Figure 18).
TIE-DOWN STRAP
Figure 18 Power Pack Connection
Calibrate
Touch Screen
The MX 800 Series terminal requires a touch screen calibration at the time of
installation. The terminal should be powered on and allowed to stabilize at normal
operating temperature; usually this takes no longer than 30 minutes, even if the
terminal was previously in a cooler or warmer location. The touch screen
calibration procedure (below) should then be performed.
To perform a touch screen (panel) calibration, follow this procedure:
1 Press the recessed button near the top of the Magnetic Stripe Reader with a
straightened paper clip and hold while three LEDs in the MSR track turn on.
Release the button when the middle LED turns off. Keep hands away from
the display until the prompt appears for password entry.
2 Enter the System Mode password.
3 In System Mode, perform a manual touch screen compensation. Tap
CONFIGURE > right blue arrow > CALIBRATE > CALIBRATE. Follow the directions
on the display.
4 Important: Also, while in System Mode, verify the time on the unit is correct.
22 MX 800 SERIES INSTALLATION GUIDE
Page 29
Maintenance
CAUTION
CHAPTER 3
The MX 800 Series terminal has no user-maintainable parts.
The smart card implementation is a proprietary hardware solution that has no
serviceable parts.
Cleaning the
Terminal
Cleaning the
Display Screen
Magnetic Stripe
Reader
Smart Card Reader
To clean the terminal, use a clean cloth slightly dampened with water and a drop
or two of mild soap. For stubborn stains, use alcohol or an alcohol-based cleaner.
For best results, use the VeriFone Cleaning Kit (P/N 02746-01).
Never use thinner, trichloroethylene, or ketone-based solvents as they may
deteriorate plastic or rubber parts. Do not spray cleaners or other solutions
directly onto the display. Spray a non-scrubbing cleaner onto a cloth or paper
towel and then clean the screen with it.
Spray a non-scrubbing cleaner onto a cloth or paper towel and then clean the
screen with it. Do not spray cleaners or other solutions directly onto the display.
Dirt can lead to magnetic stripe card reading problems. The magnetic stripe
reader (MSR) should be cleaned on a regular basis using commercially available
card reader cleaning cards.
Do not attempt to clean the smart card reader. Doing so may void the warranty.
For smart card reader service, contact your VeriFone distributor or service
provider.
MX 800 SERIES INSTALLATION GUIDE 23
Page 30
24 MX 800 SERIES INSTALLATION GUIDE
Page 31
Specifications
CHAPTER 4
Terminal
Specifications
This chapter discusses power requirements, dimensions, and other specifications
of the MX 800 Series terminals.
Table 5 MX 800 Series Terminal Specifications
Power • Peripheral power requirements: DC power pack: 12 V DC at
1.0 A
• Power pack requirements:120 V AC at 60 Hz (U.S.)
Environmental • Operating temperature: 0° to 40° C (32° to 104° F)
• Storage temperature: – 18° to + 66° C (0° to 150° F)
• Humidity: 15% to 95% relative humidity; no condensation
Dimensions MX 880
• Height: 192 mm (7.5 inches)
• Width: 186 mm (7.32 inches)
• Depth: 64 mm (2.5 inches)
MX 870
• Height: 153 mm (6.0 inches)
• Width: 192 mm (7.5 inches)
• Depth: 57 mm (2.24 inches)
MX 860
• Height: 153 mm (6.0 inches)
• Width: 192 mm (7.5 inches)
• Depth: 71 mm (2.8 inches)
MX 850
• Height: 153 mm (6.0 inches)
• Width: 192 mm (7.5 inches)
• Depth: 71 mm (2.8 inches)
MX 830
• Height: 153 mm (6.0 inches)
• Width: 192 mm (7.5 inches)
• Depth: 71 mm (2.8 inches)
Weight MX 880: 2.17 lbs. (.98 kg)
MX 870: 1.68 lbs. (.77 kg)
MX 860: 1.62 lbs. (.74 kg)
MX 850: 1.62 lbs. (.74 kg)
MX 830: 1.62 lbs. (.74 kg)
MX 800 SERIES INSTALLATION GUIDE 25
Page 32
Shipping weight: 1.08 kg (2.38 lb); includes terminal, cable tie-down strap and
screw, and the MX 800 Series Quick Installation Guide.
26 MX 800 SERIES INSTALLATION GUIDE
Page 33
PINpad Security Best Practices
APPENDIX 1
Introduction
The payment industry and card associations adopted PED and PCI PED
requirements because of concerns that sophisticated criminal organizations may
have the resources to tamper with PED terminals to install a bug and collect
private card data. In pre-PED devices, security features were left to each vendor
to determine. The more recently adopted Visa PED and PCI PED requirements
provide standardized security features that make tampering progressively more
difficult.
We are seeing an increase in criminal organizations targeting the less secure prePED terminals by installing bugs to collect private credit card and debit
information. In these cases, the criminal organizations are inserting a bug into an
in-place device or obtaining the same terminal model that a retailer uses, installing
a bug, and then substituting the tampered device for the retailer's terminals. They
then either come back to retrieve these terminals to obtain the stolen information,
or in some cases, the tampered terminals send the information to another
computer via wireless communications.
Due to repeated targeting of pre-PED PINpads and payment terminals, VeriFone
has developed the following PINpad Security Best Practices. These best practices
first enable a retailer to determine if any existing terminals have been tampered
with, and second make tampering much more difficult by implementing a
comprehensive set of security controls to prevent tampering and more quickly
become aware if tampering has occurred.
This appendix details the PINpad Security Best Practices from a sound security
perspective to minimize fraud through education, routine inspection, vendor
management, and prompt action. Each of the Best Practices are organized into
the following categories:
Administrative Activities – This category covers items that include employee
education on data security theft, and common prevention activities.
Physical Activities – This category includes items involving physical inspection
of payment system components.
Technical Activities – This category addressed data encryption and serial
number validation with the POS.
VeriFone recommends all retailers implement the following PINpad Security Best
Practices immediately. If a retailer does not enact a complete PINpad security
program, including PINpad Security Best Practices, then they will remain
vulnerable to this kind of tampering.
MX 800 SERIES INSTALLATION GUIDE 27
Page 34
Security
Activities
The following table summarizes the PINpad Security Best Practices.
PINpad Security Best Practices Quick Reference Table
Prevent Deter
Prevention Detection Correction
Administrative Activities
Educate store employees
about the techniques
criminals use
Update new employee
training curriculum to include
security awareness
Instruct all employees to be
vigilant in looking for
suspicious activity around
pumps
Change default PINpad
passwords.
Monitor PINpad payment
problems
Check the accreditations /
references of any service
technicians. Require they
show ID and sign a service
log
Use and retain accurate shift
schedules so that a staff
audit trail is available
Check repair technician
verification and service log
Store PINpad and payment
terminals in a secure location
Track terminal assets as they
move in and out of inventory
Only purchase payment
terminals from authorized
sources
Use only authorized repair
centers
Periodically audit the
service log
28 MX 800 SERIES INSTALLATION GUIDE
Securely dispose of retired
terminal inventory
Page 35
Develop a response plan in
advance in case a breach
occurs
Mount PINpads securely to
counter
Visually inspect terminals
weekly
Encrypt data from the PINpad
Validate all serial numbers
manually with the serial
number printed on the bottom
of the terminal
Physical Activities
Focus security
cameras on terminals;
maintain CCTV data
logs for use later
Call Law Enforcement
if device tampering is
found
Technical Activities
Administrative
Activities
Validate all terminal serial
numbers electronically with
the POS
Authenticate all payment
applications
1 Educate your store employees and managers about the techniques criminals
use to breach PINpads and payment terminals.
Data thieves have sophisticated equipment that can be installed in minutes.
Store employees should be educated as to the type of equipment data
thieves install, where they typically install it, and what information they can
gain once it is installed.
2 Update new employee training curriculum to include the techniques criminals
use to breach PINpads and payment terminals.
New employees should be trained to be on the lookout for suspicious activity
around the PINpad or payment terminal and who to call should such activity
be cause for concern.
MX 800 SERIES INSTALLATION GUIDE 29
Page 36
3 Change the default PINpad password.
Make sure the password for device access is not the original default
password. If it is, have it changed, as default passwords become widely
known. Contact your account executive if you need help changing this
password.
4 Monitor PINpad payment problems.
Develop a process to monitor devices that consistently do not work properly
such as high mag-stripe read failures or debit card declines. These can be
indicators of tampered terminals. Contact the security officer at the terminal
manufacturer to determine the next steps.
5 Check the accreditation/ references of any service technicians. Require they
show a photo ID and sign a service log.
Social engineering is sometimes employed to commit fraud; a fraudster acts
as a service technician or consultant to allow them to gain unauthorized
access. All service technicians should be required to show a photo ID and
sign a service log. The details of the visit should be communicated in
advance to the manager or cashier by management.
6 Use and retain accurate shift schedules so that a staff audit trail is available.
Schedules of “what staff worked when” should be maintained to help with any
investigations or enquiries that may arise at a future date. This will also act as
a deterrent to staff to commit fraud as they are accountable for their actions.
7 Periodically audit the service log.
Establish and maintain a service log that records the who/what/where/when/
why of a technician visit should be periodically audited by management to
ensure that all servicing was approved.
8 Check repair technician verification and log service activities.
Implement a procedure to require all repair technicians who visit your stores
sign in, verify their identity with photo identification, and remain accompanied
by store personnel during any work on PINpads.
9 Store PINpad and payment terminals in a secure location.
Store all spare devices under lock and key to prevent unauthorized removal.
Incorporate a procedure to validate the devices inventory at every shift and
make sure none have disappeared.
10 Track terminal assets as they move in and out of Inventory.
Institute a procedure to track every time a terminal is replaced within the
store, whether from the in-store inventory, by a repair technician, or units
shipped into the store
30 MX 800 SERIES INSTALLATION GUIDE
Page 37
11 Purchase from authorized sources.
Obtain PINpads only from a manufacturer or manufacturer’s authorized
partner. Unauthorized resellers, such as those that may be found online at
sites such as eBay, may potentially sell devices that are already
compromised, whether intentionally or unwittingly.
12 Use authorized repair centers.
For similar reasons, have your PINpads repaired at the manufacturer or an
authorized manufacturer’s repair center which has completed a TG3 Key
Injection audit.
13 Securely dispose of retired terminal inventory.
To properly dispose of retired terminal inventory, only use firms that destroy
the encryption keys during the retirement and recycling process. Select
environmentally friendly destruction facilities that recycle all metal and plastic
components, and follow proper hazardous material destruction procedures
for PCB components. For PCI compliance verification, consider firms that
issue an inventory disposal report that lists all terminals being retired by their
serial number.
14 Develop a response plan in advance.
Develop methods and procedures on how to handle subsequent activities
should a breach occur. Determine who in you company will be the go-to
person or coordinator of all breach-related activity. How do you respond?
Who do you need to call first? Can you respond internally or should a third
party be involved? Who is the third party? How do you manage external
communications? What internal systems are involved in the breach? Do you
keep accurate records of all system change activities for all of your sites?
Physical Activities 1 Mount PINpads securely to counter.
Review the installation of your PINpads. They should be mounted on the
counter; unplugging cables should require more than turning the unit over;
and you may want to consider installing locking stands to prevent
unauthorized removal.
2 Perform weekly visual terminal inspections.
Immediately have a visual inspection performed on every device to look for
potential signs of tampering. These include anything that does not look
normal such as lack of tamper seals, damaged or altered tamper seals,
mismatched keys, missing screws, incorrect keyboard overlays, external
wires, holes in the terminal or anything else unusual. Look for hidden
cameras in the ceiling and inspect non-secured wiring. If anything out of the
ordinary is noticed, stop using the device, disconnect it from the POS
terminal or network, but do not power it down. Contact the security officer at
MX 800 SERIES INSTALLATION GUIDE 31
Page 38
the terminal manufacturer to determine the next steps. Continue to perform
visual inspections weekly.
3 Focus security camera’s on PINpads.
Ensure security cameras have a clear line of sight to the PINpad terminals to
aid investigators in the event of a security compromise. Images of data
thieves and the methods they are using is invaluable information. Front
orientation cameras provide the best evidence without interfering with
customer’s actual PIN entry on the payment devices.
4 Contact law enforcement if evidence of tampering or device substitution is
found.
Law enforcement needs to be involved if there is any suspicion of data theft
crime. They will engage experts who need to respond quickly in order to
apprehend the criminals.
Technical
Activities
1 Encrypt data from the PINpad.
As terminal physical security has Increased, criminals have turned to tapping
the connection between the PINpad and the POS Terminal, or from the POS
terminal to the communications equipment. All sensitive customer data
should be encrypted before it leaves the PINpad.
2 Validate the serial number.
If your terminal contains an electronic serial number, have the electronic
serial number compared to the serial number printed on the bottom of the
terminal. If these do not match stop using the device, disconnect it from the
POS terminal or network, but do not power it down. Contact the security
officer at the terminal manufacturer to determine the next steps.
3 Validate the electronic serial number.
If the PINpad supports electronic serial numbers, implement a scheme to
validate the PINad serial number every time the POS starts up to insure the
device has not been replaced, and if it has, automatically send an alert. If the
device supports Ethernet connectivity, consider implementing a device
management solution to track all in service devices.
4 Authenticate applications
To ensure rogue applications are not installed on the PINpad and access to
ports controlled, all applications should utilize the vendor’s method of
authentication. Ensure the default certificates are changed prior to
deployment.
32 MX 800 SERIES INSTALLATION GUIDE
Page 39
Reference
Documents
1. POS/POI Terminal Security Best practices to application developers, system
integrators, and end users, MasterCard, February 2006, Draft V02
2. Visa Fraud Prevention for merchants (http://merchants.visa.com/prevention/
main.jsp)
3. Payment Card Industry (PCI) Data Security Standard (https://
www.pcisecuritystandards.org)
4. Fuel Dispenser Payment Security Best Practices V1, VeriFone Inc, October
2008
5. VeriFone’s Retail Payment Security website (www.secureretailpayments.com).
MX 800 SERIES INSTALLATION GUIDE 33
Page 40
34 MX 800 SERIES INSTALLATION GUIDE
Page 41
INDEX
A
acronyms, Installation Guide 2
applications 6
audience, Installation Guide 1
C
connecting
ECR Tailgate
Ethernet LAN 20
multiport cables 17
to Host PC 20
to USB host or hub 20
contactless smart cards 5
conventions, documentation 2
countertop wedge, installing 11
19
D
Display
features
3
E
ECR connection, tailgate mode 19
Ethernet LAN connection 20
F
factory options 5
speakers 5
features 3, 27
and benefits 4
Display 3
overview 3
total cost of ownership 6
H
Host PC 20
I
installation
I/O modules
MSAM cards 13
MX 800 Series 7
12
optional components 11
selecting a location 9
stand mount 9
trimplate 15
I/O modules 12
L
location for MX 800 Series 9
M
maintenance
cleaning a terminal
magnetic stripe reader 23
smart card reader 23
MSAM cards, installing 13
multiport cables
connecting
disconnecting 17
power up with 21
MX 800 Series
applications
factory options 5
features and benefits 4
installation 7
specifications 25
trimplate, installing 15
17
6
23
O
optional components
contactless reader
countertop wedge 11
installation 11
I/O modules 12
MSAM cards 13
trimplate 15
optional modules 5
overview
features
3
5
P
PC connection 20
MX 800 SERIES INSTALLATION GUIDE 35
Page 42
PIN protection measures 10
power up with multiport cable 21
S
smart cards, contactless 5
specifications, MX 800 Series 25
stand mount for MX 800 Series 9
T
trimplate, installing 15
U
USB connection 20
36 MX 800 SERIES INSTALLATION GUIDE
Page 43
MX800 SERIES INSTALLATION GUIDE 37
Page 44
VeriFone, Inc.
2099 Gateway Place, Suite 600
San Jose, CA, 95110 USA
Tel: 408-232-7800
www.verifone.com
MX 800 Series
Installation Guide
Loading...