Optimum T4210 User manual
© Hypercom EMEA Ltd. 2011
Optimum T/M4200 Family
UKCA Standard 70
User Manual
2© Hypercom EMEA Ltd. 2011
Accessories available
S9-PCI PIN Pad
(Available for T4200 only)
D4200 Charging Dock
(Available for M4200 only)
Replacement Battery Module
(Available for M4200 only)
To find out more information about these accessories and how to obtain
them, please contact your leasing company. Additional accessories such as
mounting poles may also be available from third party suppliers.
R3210 Contactless Reader
(Available for T4200 only)
Privacy Shield
© Hypercom EMEA Ltd. 2011 3
Introduction
Thank you for choosing your new Hypercom terminal, which combines a
small footprint and the ability to perform fast payment transactions.
Please read through this guide, which contains important information you
will need in order to install, use, and maintain your payment terminal.
This User Manual is for use with Hypercom Optimum T/M4200 payment
terminals that incorporate the UK Cards Association (UKCA) Standard 70
protocols for the real-time authorisation and capture of payment
transactions. This standard if often referred to by its former “APACS40”
name.
If you requested any additional services such as Mobile Top-Up with your
terminal, then there will be additional documentation supplied with your
terminal containing the user instructions for these additional services.
Copyright © by Hypercom EMEA Ltd. 2011
This publication is proprietary to Hypercom EMEA Ltd. and is intended solely for
contractual use of the Hypercom customers.
This publication may not be reproduced or distributed for any purpose without the
written permission of Hypercom EMEA Ltd.
PLEASE NOTE: Hypercom EMEA Ltd. reserves the right to make changes to
specifications at any time and without notice. The information furnished by
Hypercom EMEA Ltd. in this publication is accurate at the time of print; however, no
responsibility is assumed by Hypercom EMEA Ltd. for its use. No licence is granted
under any patents or patent rights owned by Hypercom EMEA Ltd.
4© Hypercom EMEA Ltd. 2011
Optimum T/M4200 family models
The T4210, T4220 and T4230 countertop terminals are designed to
be placed on a desk or countertop and are powered by a supplied
mains Power Supply. These terminal models can be used with the
S9-PCI separate Pin-Pad or the R3210 Contactless card reader
device.
The M4230 and M4240 mobile terminals are designed as portable
terminals and are powered by a battery module. The battery
module is charged using a supplied mains Power Supply, or via an
optional Charging Dock station.
Power supply:
Battery module with mains
Power Supply
(optional Docking Station
available)
Communication method: Wireless (GPRS)
Power supply:
Battery module with mains
Power Supply
(optional Docking Station
available)
Communication method:
Dial (with AP100)
Network (with AP110 )
Network & Dial (with
AP210 )
Communication with
Access Point: Bluetooth
Power supply: Mains Power Supply
Communication method: Dial
Power supply: Mains Power Supply
Communication method: Network & Dial
Power supply: Mains Power Supply
Communication method: Wireless (GPRS)
© Hypercom EMEA Ltd. 2011 5
Safety information
Do not use if visibly damaged.
Do not apply power/operate below 0°C and above 40°C.
Do not store in an unpowered state below –20°C and above 60°C.
Do not expose to moisture and do not store or operate in high
humidity environments
Do not disassemble.
Do not incinerate or crush.
This product is not suitable for use in hazardous environments such
as petrol stations, chemical depots etc.
Keep out of reach of children and pets
Battery Module safety for the M4200
Recharge the battery module only with the Hypercom supplied
Power Supply or Charging Dock
Do not short circuit battery module contacts
Use only batteries supplied by Hypercom as a replacement.
Do not drop or impact
Do not disassemble, puncture or breach
Do not leave in direct sunlight
Do not moisten or throw into water
Keep any spare batteries in a cool, dark, dry place such as a
refrigerator.
Do not expose to fire or incinerate
Never expose to temperatures less than –20°C or greater than 60°C
You must dispose used or faulty batteries using either your local
battery disposal facility in accordance with local laws, or by return to
Hypercom. Do not discard with general waste and do not incinerate.
Insulate the battery module contacts with electrical tape prior to
disposal. This battery module is a lithium-ion battery.
Battery Module Guarantee
Unless the terms & conditions of your terminal supply differ, the
battery module is excluded from the any Hypercom terminal warranty
and is guaranteed for one year. If your battery module fails after this
period, you must purchase a replacement battery module from
Hypercom
Battery module performance does degrade over time and you will need
to purchase a replacement when the battery module performance
becomes unacceptable.
6© Hypercom EMEA Ltd. 2011
How to clean your terminal
WARNING: DO NOT USE UNDILUTED AMMONIA OR ABRASIVE CLEANERS
Switch off and unplug the mains Power Supply units from the Terminal and
AP100/110/210 Access Point and D4200 Charging Dock station if applica-
ble. Carefully note how all the cables are connected and then disconnect
all cables before cleaning.
Apply denatured alcohol (methylated spirits) to a clean, soft, non-abrasive,
low-lint cloth. Carefully wipe the entire Terminal and Access Point.
Use an air duster (compressed air) to clean in and around the printer
mechanism.
© Hypercom EMEA Ltd. 2011 7
Additional services available for your terminal
Card types accepted
The terminal is configured as standard to Support Visa and Mastercard
scheme credit and debit cards. For some merchant categories, credit card
support may not be allowable.
The terminal can support American Express, Diners Club, JCB, and Duet
scheme cards depending upon your merchant bank agreements with these
schemes.
Sale (Purchase) with Cashback
The terminal can be configured to offer Sale with Cashback.
Tipping
The terminal can be configured for a Tipping service.
Note that Cashback and Tipping may not be available on the same terminal. Please contact your
helpdesk or leasing company for advice on availability of a combined facility.
Hotel & Rental
The terminal can be configured for Pre-Authorisations and Completion
transaction types that are used in the Hotel and Rental business sectors.
Force Authorisations
The terminal can be configured to accept Force Authorisations. This feature
is used to capture any paper based transactions for submission. This fea-
ture is only available if permitted by your merchant bank.
Invoice numbers
This feature adds „Invoice Numbers‟ to your receipts. It is used to keep
track of your orders and accounts.
Mobile phone Top Up
Your terminal can be upgraded to include a Mobile Phone Top Up service
that offers your customers a valuable service and generates revenue for
your business.
Please contact your leasing company if you require any of the above addi-
tional services.
8© Hypercom EMEA Ltd. 2011
© Hypercom EMEA Ltd. 2011 9
Table of Contents
Important information .......................................................
Understanding your equipment......................................
Communications infomation
Dial-Up Connections...................................... 23
Network Connections .................................... 24
GPRS Connections ........................................ 24
Installation .............................................................................
Using your Terminal
Terminal Operating Concepts ......................... 27
Training Mode .............................................. 32
Setting the Merchant Password....................... 34
Transactions ................................................ 35
Sale.......................................................... 38
Sale + Cash............................................... 45
Tipping ..................................................... 47
Hotel Operations ........................................ 50
Refund...................................................... 54
Force Authorisation .................................... 57
Settlement................................................... 58
Reports ....................................................... 60
Reviewing transactions/Reprinting a receipt ..... 62
Troubleshooting
Error messages ............................................ 63
Terminal problems ........................................ 65
Communication problems .............................. 68
Appendices ...................................................................
Glossary.........................................................................
10 © Hypercom EMEA Ltd. 2011 Important information
Important information
Please take note of the following before using your terminal:
Terminal Identification Number (TID)
Each terminal contains an electronically programmed eight digit Terminal
Identification (TID) Number. This number is printed in full on the Merchant
Copy of all transaction receipts.
Merchant Number (MID)
Your merchant bank will have issued you with a Merchant Number, which
will have been supplied to you in a separate documentation pack received
direct from your bank. If you don‟t know this number, please contact your
bank.
Before taking transactions, you should confirm that the Merchant Number
printed on your Terminal Parameters Report
(see page 25)
matches the
Merchant Number issued by your bank. If not, please contact your
terminal helpdesk.
Please write your TID and MID on the cover or sleeve of this User Manual
for ease of reference. You may be asked to identify yourself by quoting
these numbers when you call the helpdesk; you may not receive certain
services if you do not have these numbers ready.
MIDs vary in length so may not fill all the boxes. There may also be
leading zero/s that you must include.
You may have separate Merchant Numbers for American Express, Diners
Club, JCB, and Duet card schemes and the Top-up service, if you have
requested these.
Merchant Password
Your terminal contains a merchant password that you are encouraged to
change from the default value
(see page 34 for more information)
Settlement
At the end of each business day, the Settlement procedure must be
performed on the terminal. For the totals to display correctly, this must be
done during the „Banking Window‟ time set by your Acquirer. If you do not
know your window, please contact your bank (the terminal helpdesk will
not know your banking window).
If you do not complete this procedure you may experience delays in funds
being transferred into your bank account.
(See page 58 for more information)
Important information © Hypercom EMEA Ltd. 2011 11
Important information (continued)
Cash Register Interface
If you have a T4200 integrated with your cash register/till system, then
many of the functions of the terminal will be carried out by cash register
functions.
Certain functions described in this user manual may not be available via
the Cash Register interface.
You should have been provided with separate instructions provided by
your head office or cash register supplier regarding how to operate the
terminal from the cash register.
Updates
Once a month, your terminal will connect to the Hypercom Terminal
Management System to download any new software and any important
configuration changes. This update will typically occur during the night. For
this reason, Hypercom suggests you leave your terminal powered on at all
times.
In the event of it being switched off when the update tried to take place,
your terminal will notify you that it has failed to update. Please leave your
terminal on the following night to ensure that an upgrade takes place, or
call the helpdesk for assistance.
If your terminal is using a dial-up connection method, these calls will be
charged; refer to the Quick Reference Guide for tariff.
12 © Hypercom EMEA Ltd. 2011 Important information
Important information (continued)
Payment Council Industry
Data Security Standard (PCI DSS) advice
The Hypercom Optimum T/M4200 terminal contains a Payment Application
that stores, processes, and transmits cardholder data. It therefore falls
within the scope of the Payment Card Industry Data Security Standards
(PCI DSS), specifically a compliance program known as Payment Applica-
tion Data Security Standard or PA-DSS.
The objective of PA-DSS is to help terminal software vendors such as Hy-
percom to develop secure payment applications that do not store prohibit-
ed data, such as full magnetic stripe, CVV2 or PIN data, and ensure their
payment applications support compliance with the PCI DSS.
It is important to note that PA-DSS validated payment applications alone
do not guarantee PCI DSS compliance and that the validated payment ap-
plication must be implemented in a PCI DSS compliant environment.
Who is mandating the security review and approval of payment applica-
tions?
The PCI Security Standards Council (PCI SSC) has established the guide-
lines and the Card Schemes (Visa Europe and MasterCard) serve as the
source of enforcement. Processors, Acquirers and manufacturers are the
mechanisms by which the regulations will be implemented.
What protection does a PA-DSS application provide?
Applications that have successfully completed a PA-DSS audit are certified
to not retain or compromise what is considered to be secure elements of
the card‟s track data (full magnetic stripe data), card validation codes and
values, PINs and PIN blocks. A PA-DSS certified application also facilitates
your own PCI DSS needs:
Benefits of using PA-DSS software include:
Prevents storage of sensitive cardholder data
Reduces opportunities for compromise and misuse
Ensures payment solutions meet the highest levels of security
Important information © Hypercom EMEA Ltd. 2011 13
Storing merchant receipts and reports
Please note that it is the responsibility of the merchant to ensure the Mer-
chant Copies of receipts and reports showing cardholder details are se-
curely stored for the period of time specified by your Acquirer. Also please
ensure they are disposed of in a secure manner. Failing to do so may re-
sult in charge-backs or fraudulent activity.
What does PA-DSS Compliance involve?
PA-DSS ensures that the payment software is compliant with specific re-
quirements (similar to PCI DSS). You should read though this section care-
fully, taking note of your responsibilities to protect cardholder data. The PA
-DSS requirements are:
1. Do not retain full magnetic stripe, card validation code or PIN block data
The payment application within the Hypercom Optimum T/M4200 fami-
ly terminal does not retain such data. You need take no further action
to ensure your PCI DSS compliant environment meet this specific re-
quirement.
2. Protect stored cardholder data
The payment application within the Hypercom Optimum T/M4200 fami-
ly terminal protects stored cardholder data in a secure manner.
You must ensure that you give the correct copy of the receipt to the
Cardholder (clearly marked CARDHOLDER COPY) and retain the mer-
chant receipts in a secure area with limited access to authorised staff.
The merchant receipts must be destroyed by incineration or by cross
shredding when they become obsolete. Your merchant bank will advise
on the period necessary for retention of receipts.
You should perform a settlement every day, and must settle at least
one a week to purge the payment application of cardholder data. Your
terminal may be configured to automatically settle every day; if you
are unsure how your terminal is configured, please contact helpdesk.
3. Provide secure authentication features
The payment application operates in the T/M4200 hardware environ-
ment and does not require username or password access. You need
take no further action to ensure your PCI DSS compliant environment
meet this specific requirement.
continued...
14 © Hypercom EMEA Ltd. 2011 Important information
4. Develop secure payment applications
The Hypercom terminal and its software applications have been de-
signed in line with PCI DSS and Industry best practices. You need take
no further action to ensure your PCI DSS compliant environment meet
this specific requirement.
5. Protect wireless transmissions
The Hypercom T/M4200 range does not use Wi-Fi wireless transmis-
sions. If you use Wi-Fi technology in your own network installation,
you must implement it in accordance with PCI DSS and industry best
practices.
6. Test payment applications to address vulnerabilities
Hypercom have a process to identify newly discovered security vulner-
abilities and have timely development and deployment of security
patches and upgrades. You need take no further action to ensure your
PCI DSS compliant environment meet this specific requirement.
8. Facilitate secure network implementation
The payment application operates in the T/M4200 hardware environ-
ment and does not need to log application activity.
9. Cardholder data must never be stored on a server connected to the In-
ternet
If you are using the Hypercom T/M4200 device on a Local Area Net-
work for the payment transaction interface, and you are using a local
server to store and forward the transaction data, then you must take
steps to protect the transaction data in accordance with DSS require-
ments.
10. Facilitate secure remote software updates
When your terminal needs a software update, this will be carried out
by the Hypercom software downloading system; this system ensures
that only authenticated payment software is loaded onto your termi-
nal.
11. Facilitate secure remote access to payment application
There is no remote access to the payment application.
continued...
Important information © Hypercom EMEA Ltd. 2011 15
12. Encrypt sensitive traffic over public networks
Transactions sent over network connections are always encrypted by
the payment application using Secure Socket Layer (SSL) technology.
You may engage your business with 3rd party agents that provide
services that are part of your overall payment process e.g. shopping
cart providers, web design firms (often referred to as Common Points
of Service or CPS). Agents acting as a CPS must be compliant with PCI
DSS and must be registered with the Card Schemes. Refer to
www.cpsregistration.org for more information about CPS registration.
You must never communicate sensitive cardholder data by any means
unless it is encrypted. Hypercom will never request such data from
you. Sensitive cardholder data means:
the Card Number (often known as Primary Account Number or
PAN),
the Cardholder Name, the card Expiration Date,
the card CV2 number (the last three digits printed on the card
signature strip, or for American Express, the four digit value
printed on the front of the card),
The Hypercom helpdesk may request the first six digits of a card num-
ber from you to assist with troubleshooting a problem, and you should
provide the first six digits and the card issuer when requested; this
allows the Hypercom helpdesk to assist troubleshooting any problem.
13. Encrypt all non-console administrative access
This is not applicable to the Hypercom payment application
14. Maintain instructional documentation/training programs for customers,
resellers, and integrators
As well as the information in this user manual, Hypercom will make
available to you via its website www.hypercom.com further infor-
mation regarding PCI DSS compliance.
16 © Hypercom EMEA Ltd. 2011 Understanding your equipment
Understanding your equipment
Terminal overview
Paper roll compartment
More information about your
printer and how to load a paper
roll can be found in the Setup
Guide
Chip Card reader
Use when the cardholder presents a
Chip Card.
Swipe card reader
Use when the cardholder
presents a debit or credit card
without a chip on the front or if
prompted by the terminal.
Understanding your equipment © Hypercom EMEA Ltd. 2011 17
Pin-Pad model S9-PCI
The S9-PCI external Pin-Pad can be used with the T4200 models and is
useful is you prefer the cardholder to insert their card and enter their PIN
on a separate device, e.g. this can ease operations if you wish to avoid
handover of the T4200 to the cardholder for card insertion and PIN entry.
Contactless Reader model R3210
The R3210 is a clip on device that replaces the printer lid cover on the
T4200 products and allows the terminal to accept contactless card transac-
tions. Please contact your leasing company for availability. Installation in-
structions are supplied on a separate leaflet supplied with the R3210.
18 © Hypercom EMEA Ltd. 2011 Understanding your equipment
Privacy Shield
The PCI Security Standards Council specifies International Standard
ISO9564 for protection against fraudulent observation of the PIN during
PIN entry.
To comply with this standard, your terminal may be supplied with either a
pre-fitted Privacy Shield, or as an optional accessory for you to choose to
fit yourself.
You must have a Privacy Shield fitted to the terminal unless one of the
statements below is true:
You only perform keyed transactions, e.g. in a mail-order business
Cardholders enter their PIN into the separate S9-PCI PIN Pad
Cardholders can enter their PIN while holding the terminal in their hand
(as with the M4200; a privacy shield is not supplied as standard with
the M4200)
Understanding your equipment © Hypercom EMEA Ltd. 2011 19
Battery Module (applicable to M
4200
)
If you have a mobile terminal, it will come pre-fitted
with a removable, rechargeable Li-Ion battery
module. The battery module will need to be charged
when you receive a new complete terminal or
replacement battery module. Charging instructions
are contained in the Quick Reference Guide supplied
with the terminal.
See page 5 for battery module safety instructions
Replacing the Battery Module
Step 1
Turn the terminal over to find the battery
module. Remove the existing battery module by
pressing in the release clip on the right side of
the battery module, and then pulling out the
battery module. See page 5 for disposal
instructions.
Step 2
Place the left side of the replacement battery
module into the battery module compartment.
Step 3
Lower the right end of battery module into the
terminal and push firmly until the latch on the
right hand side clicks in place. Ensure that the
battery module is firmly in place and flush with
the main terminal body.
20 © Hypercom EMEA Ltd. 2011 Understanding your equipment
Charging Dock model D4200 (M
4230
& M
4240
only)
Mobile terminals may come with an optional D4200 Charging Dock station
(this depends on the product configuration agreed with the leasing
company).
When the terminal is placed on a powered Charging Dock, it will charge
the terminal‟s battery module.
The Charging Dock also allows an M4240 Bluetooth terminal to be paired
with an Access Point (see page 82 for details of the M4240 to Access point
pairing procedure).
Always ensure that the M4200 is replaced properly onto the Charging
Dock.
This manual suits for next models
4
Table of contents
