For new mobile app integrations, we recommend using the Bolt Mobile SDKs to securely encrypt and tokenize customers' payment card data.

Overview

For integrators that do not require advanced features (like support for EMV, NFC, and PIN-Debit) CardSecure supports a simple integration to MagTek devices (USB or Mobile) for use in third-party applications. 

By following the steps in this guide, you can successfully extract card data from a supported magstripe reader for authorization and/or tokenization.

Supported Devices

CardSecure supports integrations to the following USB and mobile magstripe devices:

Device Type Connection Type
MagnaSafe USB
iDynamo4 30 Pin
iDynamo5 Lightning
uDynamo Auxillary

This guide describes integrations for both encrypted and unencrypted devices. Encrypted devices are injected with the necessary encryption keys and procured by CardPointe Support.

Process Overview

Retrieve Track Data from MSR

Encrypted MagTek USB Devices

When using encrypted MagnaSafe USB card readers, simply retrieve the track data as-is and pass the entire string within the "track" parameter of an authorization request

Unencrypted MagTek USB Devices

When using unencrypted MagnaSafe USB cared readers, only track 2 data (including sentinel characters) is required within the track parameter of an authorization request.

The following string is an example of Track 2 data bring retrieved from an unencrypted USB reader:

;4761739001010010=18122011143878001629?

Track 2 Data Structure

Field Name Length Description
Start Sentinel (SS) 1 character Indicates the beginning of Track 2; set to ";"
Primary Account Number (PAN) up to 19 digits Always numerical; usually set to the credit/debit card number
Field Separator (FS) 1 character Delimits Track 2 fields; set to "="
Expiration Date (ED) 4 digits Always in the format YYMM
Service Code (SC) 3 digits Indicates what types of charges can be accepted
Discretionary Data (DD) Variable* Determined by card issuer--may include Card Code and/or PINs
End Sentinel (ES) 1 character Indicates the end of Track 2; set to "?"
Longitude Redundancy Check (LRC) 1 character Used to verify that Track 2 was read accurately

Track 2 Data cannot exceed 40 characters, including all sentinels, the field separator, and the LRC. The length of discretionary data is restricted as a result and tends to hold fairly short values.

Encrypted MagTek Mobile Devices

MagTek provides documentation, SDKs, and examples on their Support site that will help guide your integration with their Mobile MSR readers.

The following example response illustrates response data retrieved from a Visa card (acquirer's test card) through MagTek’s Android SDK demo:

Response.Length=578
EncryptionStatus=0206
SDK.Version=101.18
Reader.Type=1
Track.Status=000002
KSN=9010010B1C067E000023
Track1.Masked=%B4761730001000036^VISA ACQUIRER TEST CARD 03^1512201000000000000000000000000?
Track2.Masked=;4761730001000036=15122010000000000000?
Track3.Masked=
Track1.Encrypted=7BB0FEC3FE7F0BE5C36829C3DDD05216536E03C4B4357C45DB6BCC4DBDC8FC6862D093B236BBCE552E913442431581E7592C551D0CBB77DF92606D178F4F5C4B8976387EE6A944DD
Track2.Encrypted=695FAB9426A69E126AECEB18D4D7389A7A3B6CFB612FE44A239C930CEB0D2A520E682AEDAAA79B64
Track3.Encrypted=
MagnePrint.Encrypted=
MagnePrint.Status=
Card.IIN=476173
Card.Name=VISA ACQUIRER TEST CARD 03
Card.Last4=0036
Card.ExpDate=1512
Card.SvcCode=201
Card.PANLength=16
Device.Serial=F723A60410003300
SessionID=
Card.Status=00
Firmware.Partnumber=21043017A01
MagTek.SN=
TLV.Version=0002
HashCode=
Response.Raw=C10182011CC30234810902000281030B32313034333031374130318104134D616754656B206144796E616D6F2056312E308140016481410400000010C2010F800102020682610100826203000002C2023E82411A5649534120414351554952455220544553542043415244203033824206343736313733824304303033368244043135313282450332303182460110C203818E810108F723A6041000330083010A9010010B1C067E000023830A487BB0FEC3FE7F0BE5C36829C3DDD05216536E03C4B4357C45DB6BCC4DBDC8FC6862D093B236BBCE552E913442431581E7592C551D0CBB77DF92606D178F4F5C4B8976387EE6A944DD830B28695FAB9426A69E126AECEB18D4D7389A7A3B6CFB612FE44A239C930CEB0D2A520E682AEDAAA79B64

Formatting Response Data Into a String

For mobile MagTek devices using the MagTek SDK, you must retrieve and construct a pipe delimited string in the format we recognize for Magtek. That string format is as follows (without the brackets):

[Track1Masked][Track2Masked]|0600|[Track1Encrypted]|[Track2Encrypted]||||||[KSN]||

Following this format, the pipe delimited string for the data retrieved in the above example is as follows:

%B4761730001000036^VISA ACQUIRER TEST CARD 03^1512201000000000000000000000000? ;4761730001000036=15122010000000000000|0600|7BB0FEC3FE7F0BE5C36829C3DDD05216536E03C4B4357C45DB6BCC4DBDC8FC6862D093B236BBCE552E913442431581E7592C551D0CBB77DF92606D178F4F5C4B8976387EE6A944DD|695FAB9426A69E126AECEB18D4D7389A7A3B6CFB612FE44A239C930CEB0D2A520E682AEDAAA79B64||||||9010010B1C067E000023||

Tokenization Request to CardSecure

The pipe delimited string must be URL Encoded and sent to CardSecure as follows:

https://fts.cardconnect.com:6443/cardsecure/cs?action=CZ&data={string}

A token is returned in response:

action=CZ&data=9373873897361002

Authorization Request to the CardPointe Gateway

You can submit either the encrypted string containing track data or a token from CardSecure in an authorization request to the CardPointe Gateway, as detailed below.

Authorization with Encrypted Track Data

Authorization with Unencrypted Track 2 data

Authorization with a CardSecure Token

When you retrieve a token from a card swipe, the token provided is stored with track data. The track data is sent with the first authorization that uses the token, resulting in a "card-present" qualification and discount rate.

The token should be populated in the "account" field.

Sample Request and Response Authorizations