The Green Sheet Online Edition
May 14, 2007 • Issue 07:05:01
Holy grail in a Bluetooth card reader
Mobile merchants err when they accept cards on the road and process them later back at the castle. Many already have Bluetooth-enabled cell phones, but they still need swipe capability to get real-time card authorization - the holy grail of electronic payments.
MagTek Inc.'s MagneSafe P55 is the first card reader to incorporate Bluetooth wireless capability. Small enough to fit into a pocket or the palm of a hand, the P55 gives mobile merchants a secure method for accepting payments on the road. The reader establishes bidirectional communications with a PC or mobile phone that uses Bluetooth.
The wireless interface and security features offer convenience and card data protection at the same time. The unit's battery supports hundreds of card swipes and can be recharged from a USB port or five-volt source.
Like other Bluetooth devices, the P55 provides a range up to 10 meters (approximately 33 feet) and is approved by the Federal Communications Commission.
The P55 uses 3DES encryption and derived unique key per transaction (DUKPT) key management. Data from tracks 1, 2 and 3 are encrypted so no sensitive information is available to the user or the local application.
The reader provides abbreviated clear text data, conveying the partial personal account number, name and expiration date for the local application and for visual verification by the user.
Multiple formats support legacy POS applications. The reader reports its status and the status of track data. A counter value that cannot be reset reports the number of transactions.
The device also receives and encrypts a session ID, which can be used for bilateral authentication of the client/host and to validate time-bound transactions. Clear text readouts permit local verification of message integrity.
The enclosure is designed to reveal if it has been opened or otherwise tampered with; even if opened, encryption keys reportedly cannot be extracted.
The P55 may also be used to enable strong, secure multifactor authentication for Web sites engaged in online banking and e-commerce, as well as provide data security for retail POS transactions.
Adding real-time authorization to mobile payments isn't chivalry; it's just good business sense.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.