IDTECH SecureHead SPI User Manual page 27

5. Encryption Management
The Encrypted swipe read supports TDES and AES encryption standards for data encryption.
Encryption can be turned on via a command. TDES is the default.
If the reader is at or above security Level 3, for the encrypted fields, the original data is encrypted
using the TDES/AES CBC mode with an Initialization Vector of all binary zeroes and the Encryption
Key associated with the current DUKPT KSN.
5.1. Check Card Format
5.1.1. ISO/ABA (American Banking Association) Card Encoding method
Track1 is 7 bits encoding.
Track1 is 7 bits encoding.
Track2 is 5 bits encoding.
Track3 is 5 bits encoding.
Track1 is 7 bits encoding.
Track2 is 5 bits encoding.
Track2 is 5 bits encoding.
Additional check
Track1 second byte is 'B'.
There is only one '=' in Track2 and the position of '=' is between 13th ~ 20th character.
Total length of Track2 should above 21 characters.
5.1.2. AAMVA (American Association of Motor Vehicle Administration) Card Encoding
method
Track1 is 7 bits encoding.
Track2 is 5 bits encoding.
Track3 is 7 bits encoding.
6. Others (Customer card)
6.1. MSR Data Masking
For cards that need to be encrypted, a combination of encrypted data and masked clear text data are
sent.
6.1.1. Masked Area
The data format of each masked track is ASCII.
The clear data include start and end sentinels, separators, first N, last M digits of the PAN, card holder
name (for Track1).
The rest of the characters should be masked using mask character.
Set PrePANClrData (N), PostPANClrData (M), MaskChar (Mask Character)
ID TECH SecureHead SPI with TMIV User Manual
Page | 27