cancel
Showing results for 
Search instead for 
Did you mean: 

Does Authorize.net Support Other Readers with Key Injection?

I see that Authorize.net says that it only supports the IDTech reader.  Those are pre-injected readers and it's unclear whether or not that's just for the Authorize.net mobile app.  If you are building a custom app, have the manufacturer's card reader SDK, and the manufacturer supports key injection, can the Production and Sandbox keys be obtained from Authorize.net and injected into outside purchased readers?  What exactly is not supported if the encryption is handled with an Authorize.net key, the encrypted data is obtained using the manufacturer's SDK, and then the AIM API is used to forward the transaction to Authorize.net where Authorize.net can decrypt with the appropriate key?  The IDTech readers are larger and twice as expensive compared to most magstripe readers, not to mention the lack of support for dual/triple capable mobile readers with EMV or NFC.

 

I chatted with a basic support rep who said it wasn't supported but she wasn't very technical.  This post seems to indicate that it is:  

 

http://community.developer.authorize.net/t5/Integration-and-Testing/Need-Encrypt-KEY-for-MSR/m-p/506...

 

 

 

bradbohn
Member
10 REPLIES 10

This is the reply that I received after raising a ticket:

 

Unfortunately we don't support third party manufacturers injecting a key injection. The key injection is only supported with either this reader by Anywhere Commerce, which is EMV compatible: http://anywherecommerce.com/products/hardware/

or by Hardware POS Portal:
https://partner.posportal.com/authorizenet/auth/

Come on, Authorize.net, surely you understand that you are losing business by not supporting the overwhelming majority of credit card readers on the market?

bradbohn
Member

Hello @bradbohn

 

We are working with many encrypted reader manufacturers to support their devices.  Is there a particular make/model you wish to use?

 

Richard

Hello bradbohn,

 

That's a very interesting response that you received from your ticket inquiry. I'm also interetested in EMV readers that will work with Auth.Net.

 

My understanding is that Auth.Net can't simply dole out their keys to various vendors... Maybe it's quite complicated to get keys to vendors in a secure way.

 

Auth.Net seems to only officially list the device vendors "POSPortal" and "nClose":

https://partner.posportal.com/authorizenet/auth/

http://posenclosures.com/anetreader/

 

My group was able to get a different piece of hardware injected with Auth.Net's key through "nClose". Our customer requirement was that the device be connected NOT through the iPad audio port, but instead through 30 pin or Lightning.

This is a link to the vendor ("nClose") and the item (IDTech iMag Pro):

http://posenclosures.com/idtech-imag-pro-mobile-magstripe-reader-apple-iphone-itouch-and-ipad/

I believe that each time one of the devices is ordered, we have to contact nClose and specifically ask that the device get key-injected with Auth.Net's key.

 

PosPortal seems to have EMV devices, too, but not devices for iOS as far as I can tell. Theoretically they could key-inject a EMV bluetooth reader with Auth.Net's key.

 

If it's true that Anywhere Commerce can do the P2PE injection of Auth.Net's key on an EMV device, then great, because they have some great hardware listed there. But I wonder if it'll be usable with the Auth.net SDK... or if Anywhere Commerce would end up being another Gateway on top of Auth.Net. If anyone makes progress with them, please post here and let us know!

 

-Brian

 

 


@RichardH wrote:

Hello @bradbohn

 

We are working with many encrypted reader manufacturers to support their devices.  Is there a particular make/model you wish to use?

 

Richard


 

The ones provided by RoamData, or Ingenico Mobile Solutions as they are now called.  The G5x (basic magstripe) or the RP170c (magstripe plus EMV/NFC).  Thanks.


@blalond wrote:

Hello bradbohn,

 

That's a very interesting response that you received from your ticket inquiry. I'm also interetested in EMV readers that will work with Auth.Net.

 

My understanding is that Auth.Net can't simply dole out their keys to various vendors... Maybe it's quite complicated to get keys to vendors in a secure way.

 

Auth.Net seems to only officially list the device vendors "POSPortal" and "nClose":

https://partner.posportal.com/authorizenet/auth/

http://posenclosures.com/anetreader/

 

My group was able to get a different piece of hardware injected with Auth.Net's key through "nClose". Our customer requirement was that the device be connected NOT through the iPad audio port, but instead through 30 pin or Lightning.

This is a link to the vendor ("nClose") and the item (IDTech iMag Pro):

http://posenclosures.com/idtech-imag-pro-mobile-magstripe-reader-apple-iphone-itouch-and-ipad/

I believe that each time one of the devices is ordered, we have to contact nClose and specifically ask that the device get key-injected with Auth.Net's key.

 

PosPortal seems to have EMV devices, too, but not devices for iOS as far as I can tell. Theoretically they could key-inject a EMV bluetooth reader with Auth.Net's key.

 

If it's true that Anywhere Commerce can do the P2PE injection of Auth.Net's key on an EMV device, then great, because they have some great hardware listed there. But I wonder if it'll be usable with the Auth.net SDK... or if Anywhere Commerce would end up being another Gateway on top of Auth.Net. If anyone makes progress with them, please post here and let us know!

 

-Brian

 

 


Thanks for the reply.  In our scenario with the IMS readers, similar to yours, IMS would create a new part number in their system for the reader because it has a custom key injected.  They charge a one time fee for the injection setup.  Each re-order is as simple as placing an order for that part number.  A dual gateway scenario is obviously a no-go.  It has to be direct to Auth.net to be cost effective.  Auth.net seems to indicate that's possible in their mobile processing videos, by using the manufacturer's reader SDK/API combined with the gateway's transaction SDK/API.

You're mixing multiple topics.

 

Regarding readers with key injection for P2PE, only key injection facilities (KIF) are authorized to do the injection. If anyone could do it, the key wouldn't be very secure.  The hardware encrypts the data at the card head and only the gateway with the key can decrypt.

 

EMV relates to rules to accept chip cards, a completely different certification than P2PE. The acquirer has to certify each platform for EMV with each card brand. The hardware manufacturer has to certify EMV.  The gateway has to certify each terminal to each acquirer, which has to be approved by each card brand. There have been bottlenecks at all points.

 

Two gateways cannot be used in a transaction.

 

It's interesting that the processors, but not the terminals, to be supported are listed here:  http://www.authorize.net/support/emvfaqs/#devices

 

- Christine

 

 

 

Christine
Payment Gateway and Merchant Services Consultant

Can you sopport an Incenico IPP350

We have made an application that utilizes the affirmation page worked with by diverting to the Autorize.net page. All that functions admirably; They can make portions and the trade rates are profitable. The solitary thing I need presently is to plan the application so that at whatever point a cut happens, it sends the complexities of the trade back to my laborer.

pemij58071
Member

We have created an app that uses the confirmation page facilitated by redirecting to the Autorize.net page. Everything works very well; They can make installments and the exchange rates are advantageous. The only thing I need now is to design the app so that whenever a slice occurs, it sends the intricacies of the exchange back to my worker camzap. chatiw nirvam