Cayan Genius Smart P2PE User manual
Error! No text of specified style in document.
Genius Smart P2PE™
P2PE Instruction Manual
Public
Doc no: CO-PUB-0101
Version 1.5 – 15th November 2018
Copyright notice
Copyright © 2018 Cayan LLC. All rights reserved.
No part of this publication may be reproduced, copied, manipulated, altered, or transmitted in any
form or by any means, electronic or mechanical, including, without limitation, by photocopy,
imaging, or recording, without the express prior written consent in each case of the copyright
owner. The names, trademarks, logos, and service marks displayed in this publication will be
protected by the owner to the fullest extent of the law, and any use without the express prior
written permission of the trademark owner is strictly prohibited. The information contained in this
publication is current when published; however, the publisher reserves the right to update and
modify the specifications or other product information at any time without notice.
Contents
Copyright notice .............................................................................................................................................2
Contents ..........................................................................................................................................................3
1. P2PE Solution Information and Solution Provider Contact Details ...............................................4
2. Approved POI Devices, Applications/Software, and the Merchant Inventory .............................5
3. POI Device Installation Instructions ...................................................................................................8
4. POI Device Transit ...............................................................................................................................21
5. POI Device Tamper Monitoring and Skimming Prevention..........................................................22
6. Device Encryption Issues....................................................................................................................31
7. POI Device Troubleshooting ..............................................................................................................32
8. Additional Solution Provider Information .......................................................................................33
9. Appendix: Checklist for Remote Key Injection ................................................................................34
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 4© 2018 Cayan LLC
1. P2PE Solution Information and Solution Provider Contact Details
1.1 P2PE Solution Information
Solution name: Genius Smart P2PE
Solution reference number per PCI SSC
website: 2017.01037.001
1.2 Solution Provider Contact Information
Company name: Cayan LLC
Company address: 1 Federal Street
Second Floor
Boston
MA 02110
Company URL: www.cayan.com
Contact name: Contact Center Services
Contact phone number: (1) (888) 249-3220
Contact e-mail address: [email protected]
P2PE and PCI DSS
Merchants using this P2PE Solution may be required to validate PCI DSS compliance and should be
aware of their applicable PCI DSS requirements. Merchants should contact their acquirer or
payment brands to determine their PCI DSS validation requirements.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 5
2. Approved POI Devices, Applications/Software, and the Merchant Inventory
2.1 POI Device Details
The following information lists the details of the PCI-approved POI devices approved for use in this
P2PE solution.
Note all POI device information can be verified by visiting:
https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_transaction_security.php
POI device vendor: Verifone
POI device model name and number: MX915: P132-40x-xx-xxx
Hardware version #(s): 3.x, Vault: 14.x.x; AppM: 8.x.x; SRED: 7.x.x, Vault: 16.x.x; AppM:
10.x.x
Firmware version #(s): Vault: 1.x.x, 3.x.x, 4.x.x, 11.x.x, 12.x.x, AppM: 1.x.x; 3.x.x; 4.x.x;
5.x.x, 5A.x.x, 6.x.x, SRED: 1.x.x, 3.x.x; 4.x.x; 5.x.x, OP: 1.x.x,
3.x.x; 4.x.x; 7.x.x, SRED 5.x.x.xxx, Vault: 13.x.x, AppM: 7.x.x,
Vault: 17.x.x, AppM: 10.x.x, SRED: 7.x.x, OP: 7.x.x
PCI PTS Approval #(s): 4-10110
POI device vendor: Verifone
POI device model name and number: MX925: P132-50x-xx-xxx
Hardware version #(s): 3.x, Vault: 14.x.x; AppM: 8.x.x; SRED: 7.x.x, Vault: 16.x.x; AppM:
10.x.x
Firmware version #(s): Vault: 1.x.x, 3.x.x, 4.x.x, 11.x.x, 12.x.x, AppM: 1.x.x; 3.x.x; 4.x.x;
5.x.x, 5A.x.x, 6.x.x, SRED: 1.x.x, 3.x.x; 4.x.x; 5.x.x, OP: 1.x.x,
3.x.x; 4.x.x; 7.x.x, SRED 5.x.x.xxx, Vault: 13.x.x, AppM: 7.x.x,
Vault: 17.x.x, AppM: 10.x.x, SRED: 7.x.x, OP: 7.x.x
PCI PTS Approval #(s): 4-10110
POI device vendor: Verifone
POI device model name and number: MX915: P177-40x-xx-xxx
Hardware version #(s): 4.x
Firmware version #(s): Vault: 12.x.x, AppM: 6.x.x, SRED: 4.x.x, OP: 7.x.x
PCI PTS Approval #(s): 4-10177
POI device vendor: Verifone
POI device model name and number: MX925: P177-50x-xx-xxx
Hardware version #(s): 4.x
Firmware version #(s): Vault: 12.x.x, AppM: 6.x.x, SRED: 4.x.x, OP: 7.x.x
PCI PTS Approval #(s): 4-10177
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 6© 2018 Cayan LLC
2.2 POI Software/application Details
The following information lists the details of all software/applications (both P2PE applications and
P2PE non-payment software) on POI devices used in this P2PE solution.
Note that all applications with access to clear-text account data must be reviewed according to Domain 2
and are included in the P2PE solution listing. These applications may also be optionally included in the
PCI P2PE list of Validated P2PE Applications list at vendor or solution provider discretion.
Application
vendor,
name and
version #
POI device
vendor
POI device model
name(s) and
number:
POI Device
Hardware &
Firmware Version
#
Is
application
PCI listed?
(Y/N)
Does application
have access to
clear-text
account data
(Y/N)
Cayan,
Genius
version
5.2.*.*
Verifone MX915 P133-
40x-xx-xxx
MX925 P132-
50x-xx-xxx
Hardware
version: 3.x
Vault: 14.x.x;
AppM: 8.x.x;
SRED: 7.x.x,
Vault: 16.x.x;
AppM: 10.x.x
Vault: 1.x.x,
3.x.x, 4.x.x,
11.x.x, 12.x.x,
AppM: 1.x.x;
3.x.x; 4.x.x;
5.x.x, 5A.x.x,
6.x.x, SRED:
1.x.x, 3.x.x;
4.x.x; 5.x.x, OP:
1.x.x, 3.x.x;
4.x.x; 7.x.x,
SRED 5.x.x.xxx,
Vault: 13.x.x,
AppM: 7.x.x,
Vault: 17.x.x,
AppM: 10.x.x,
SRED: 7.x.x,
OP: 7.x.x
Y Y
Cayan,
Genius
version
5.2.*.*
Verifone MX915 P177-
40x-xx-xxx
MX925 P177-
50x-xx-xxx
Hardware
version: 4.x
Vault: 12.x.x,
AppM: 6.x.x,
SRED: 4.x.x,
OP: 7.x.x
Y Y
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 7
2.3 POI Inventory & Monitoring
All POI devices, must be documented via inventory control and monitoring procedures,
including device status (deployed, awaiting deployment, undergoing repair or otherwise not
in use, or in transit).
This inventory must be performed annually, at a minimum.
Any variances in inventory, including missing or substituted POI devices, must be reported
to Cayan via the contact information in Section 1.2.
Sample inventory table below is for illustrative purposes only. The actual inventory should
be captured and maintained by the merchant in an external document.
You must maintain an inventory of all your P2PE devices, including at least the following
information about each device:
•Make and model
•Location
•Status
‒Awaiting deployment
‒Deployed
‒Not in use
‒Awaiting replacement
•Serial number
Important: You must use only PCI-approved P2PE devices to process transactions. If you
process any transactions using devices that are not P2PE validated, you will no longer be
considered P2PE compliant.
Sample Inventory Table
Device vendor
Device model
name(s) and
number: Device Location Device Status
Serial Number or
other Unique
Identifier
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 8© 2018 Cayan LLC
3. POI Device Installation Instructions
Do not connect non-approved cardholder data capture devices.
The P2PE solution is approved to include specific PCI-approved POI devices. Only these devices
denoted above in table 2.1 are allowed for cardholder data capture.
If a merchant’s PCI-approved POI device is connected to a data capture mechanism that is not
PCI approved, (for example, if a PCI-approved SCR was connected to a keypad that was not PCI-
approved):
The use of such mechanisms to collect PCI payment-card data could mean that more PCI DSS
requirements are now applicable for the merchant.
Only P2PE approved capture mechanisms as designated on PCI’s list of Validated P2PE Solutions
and in the PIM can be used.
Do not change or attempt to change device configurations or settings.
Changing or attempting to change device configurations or settings will invalidate the PCI-
approved P2PE solution in its entirety. Examples include, but are not limited to:
Attempting to enable any device interfaces or data-capture mechanisms that were disabled
on the P2PE solution POI device
Attempting to alter security configurations or authentication controls
Physically opening the device
Attempting to install applications onto the device
3.1 Installation and connection instructions
Getting started
To use Genius Smart P2PE, you can either purchase new devices from us or we can remotely
inject keys into your existing devices. To use existing devices, they must be versions three or
version four of Verifone’s hardware and be listed as PCI approved PTS devices.
Existing devices
To use existing devices:
•Complete “Appendix: Checklist for Remote Key Injection” on page 34 and send it to
P2PERequests@cayan.com
•After we remotely inject keys into your devices, complete “Verifying that the Genius device
is ready” on pages 12 to 13 and “Testing a transaction” on page 14.
•All other sections of the PIM apply when using existing devices, except for section 5.3 on
pages 28 to 30.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 9
3.1 Installation and connection instructions
New devices
Before you install your Genius device, please complete the following tasks:
•Locate your MerchantWARE credentials. These were sent in an email from Cayan, which
contains the words “MerchantWARE Credentials” in the subject line.
•Check that your Internet connection is functioning correctly, and that there is an available
network port on your router/switch.
Note: A video tutorial is available at cayan.com/setup
Genius components
Genius device
Ethernet cable Utility cable AC adapter
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 10 © 2018 Cayan LLC
3.1 Installation and connection instructions
Connecting the communications module
1. Turn the Genius device upside-down and place it on a flat, stable surface. Firmly press
the flexible tabs and push up to remove the communications module.
2. Hold the module securely in your hands and slide the metal plate out.
3. Attach the utility cable connector as shown and slide the metal plate back into place.
4. Insert the communications module into the Genius device.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 11
3.1 Installation and connection instructions
Connecting to the network
1. Connect one end of your Ethernet cable to an available port on your router/switch.
2. Connect the other end of the Ethernet cable to the Ethernet port on the utility cable.
Powering the Genius device
1. Check that the communications module is firmly in place on the Genius device.
2. Connect the AC adapter to the +12V connection on the utility cable and plug the adapter
into a power socket.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 12 © 2018 Cayan LLC
3.1 Installation and connection instructions
Verifying that the Genius device is ready
Important: The Genius device is configured to receive an IP Address from a Dynamic
Host Configuration Protocol (DHCP) server by default. If you need to configure a Static IP
address, please see “Setting a static IP address” on page 15.
1. Ensure that the Genius is displaying the Splash screen
2. On the keypad, press 0three times on the keypad to access the Admin menu.
3. Use the keypad to type the password 9416557, and press Enter.
4. Confirm that the IP Address field is populated. Take a note of the address for use with
your POS System.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 13
3.1 Installation and connection instructions
5. Confirm that Secure Reading and Exchange of Data (SRED) is enabled on your device by
checking that the App version shows SRED.
Important: If your device does not show SRED, do NOT use the device. Contact our
Support Team at (1) (888) 249-3220.
6. Tap Network, then tap Test.
7. Confirm that the Gateway Connection Test passed.
8. Tap Done.
9. On the keypad, press the Xbutton to exit and return to the Splash screen.
Note: If the Gateway connection tests fail, check your Internet connection, or contact
our Support Team at (1) (888) 249-3220.
Configuring your POS
1. Find your MerchantWARE credentials.
2. Consult with your POS provider for help with configuring your POS system with the
Genius device.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 14 © 2018 Cayan LLC
3.1 Installation and connection instructions
3. Configure your POS with the IP Address of your Genius device, your MerchantWARE
Name, SiteID, and Key.
Note: If you do not have access to a free port on your router/switch, you can plug the
Ethernet cable from your POS directly into one of the Ethernet ports on the Genius utility
cable.
Testing a transaction
We recommend that you run a test transaction on your POS system to check that you have
correctly configured it with the Genius device.
•If the test transaction transfers successfully to the Genius device, you do not need to
configure anything else. Cancel the transaction on your POS and start processing live sales.
•If the test transaction is unsuccessful, please call our Support Team at (1) (888) 249-3220.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 15
3.1 Installation and connection instructions
Setting a static IP address (optional)
This is an optional procedure that you should complete only if your network requires that you set
a static IP address on your device.
You can set a static IP address on your Genius device using the Admin menu.
1. Ensure that the Genius is displaying the Splash screen.
2. On the keypad, press 0three times to access the Admin menu.
3. Use the keypad to type the password 9416557, and press Enter.
4. Tap Network, then tap Configure.
5. Select Static.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 16 © 2018 Cayan LLC
3.1 Installation and connection instructions
6. To change any of the network settings:
a. Tap the information field of the setting that you want to change. For example, to
change the IP Address, tap the IP Address field as shown.
b. On the keypad, press the Backspace key to remove the current information.
c. Using the keypad, type the static IP settings provided by your network
administrator.
d. To change the other network settings, repeat steps a to c.
7. Tap Save.
8. On the keypad, press the Xbutton to exit and return to the Splash screen.
Note: Only PCI-approved POI devices listed in the PIM are allowed for use in the P2PE solution for account
data capture.
Physically secure POI devices in your possession, including devices:
Awaiting deployment
Undergoing repair or otherwise not in use
Waiting transport between sites/locations
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 17
3.2 Guidance for selecting appropriate locations for deployed devices
You must install your device in a secure location to reduce the risk of criminals targeting the
device for skimming. We recommend that you consider the following when selecting installation
locations:
•Control public access to the device, so that people have access only to the parts of the
device that they need to complete a transaction. For example, PIN pad and card reader.
•Locate the device where authorized personnel can easily observe and monitor it, for
example during daily checks by store or security staff.
•Locate the device in a secure environment that deters compromise attempts, including, but
not limited to:
‒Visible security measures
‒Video surveillance
‒Adequate lighting
‒Access paths
•Physically secure the device so that criminals cannot easily remove it. For example, install it
on the stand that we provide.
•Enforce operational security processes to make sure that members of staff or security
regularly inspect the device.
3.3 Guidance for physically securing deployed devices to prevent unauthorized removal or
substitution
You must physically secure a deployed device to prevent unauthorized removal or substitution.
For example, install the device securely on the stand that we provide.
This includes devices that you use for attended and unattended services, as applicable to the
P2PE solution. For example, kiosks, pay-at-the-pump, etc.
You must prevent unauthorized access to devices awaiting replacement, while in your
possession.
Important: If your device develops a fault, we will arrange for you to return the device
to us, and we will ship a replacement device to you. We do not repair deployed devices;
therefore, you should not grant access to any person that claims to be repair personnel.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 18 © 2018 Cayan LLC
3.3 Guidance for physically securing deployed devices to prevent unauthorized removal or
substitution
Genius stand assembly parts
There are three options for setting up the stand:
•Attached to the counter with screws
•Attached to the counter with adhesive label
•Resting on the counter with rubber pads
Note: We recommend attaching your stand to the counter with screws as the most
secure solution.
Attaching a stand to the counter with screws
1. Use the three self-tapping wood screws to secure the base to the counter.
2. Align the holes on the stand with the holes on the base and use the machine screws to
attach the stand to the base.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
© 2018 Cayan LLC Page 19
3.3 Guidance for physically securing deployed devices to prevent unauthorized removal or
substitution
Attaching a stand to the counter with the adhesive sheet
1. Remove the backing from one side of the adhesive sheet, and stick is to the bottom of
the base.
2. Remove the backing from the other side of the adhesive sheet and secure the base to the
counter.
3. Align the holes on the stand with the holes on the base and use the machine screws to
attach the stand to the base.
Resting the stand on the counter with rubber pads
1. Remove the backing from the rubber pads and stick the pads to the four corners of the
bottom of the base.
2. Align the holes on the stand with the holes on the base and use the machine screws to
attach the stand to the base.
P2PE Instruction Manual for PCI P2PE v2.0 Version 1.5 – 15th November 2018
Page 20 © 2018 Cayan LLC
3.3 Guidance for physically securing deployed devices to prevent unauthorized removal or
substitution
Attaching your Genius device to the stand
1. Align the mounting holes on the bottom of the device with the pins on the stand.
2. Press the terminal firmly onto the stand and slide it down until you hear a click.
3. Use the Allen wrench to secure the terminal to the stand with the set screw.
Other manuals for Genius Smart P2PE
1
Table of contents
Other Cayan Payment Terminal manuals
