Related Manuals for Ingenico Desk 3500
Summary of Contents for Ingenico Desk 3500
- Page 1 Payment Card Industry (PCI) SecureConnect Point-to-Point Encryption Instruction Manual (PIM) Version 2.0 January 2021...
-
Page 2: Table Of Contents
Contents P2PE Solution Information and Solution Provider Contact Details 1.1 P2PE Solution Information 1.2 Solution Provider Contact Information Approved POI Devices, Applications/Software, and the Merchant Inventory 2.1 POI Device Details 2.2 POI Software/application Details 2.3 POI Inventory & Monitoring POI Device Installation Instructions 3.1 Installation and connection instructions 3.2 Guidance for selecting appropriate locations for deployed devices 3.3 Guidance for physically securing deployed devices to prevent unauthorized removal or substitution... -
Page 3: P2Pe Solution Information And Solution Provider Contact Details
The following information lists the details of the PCI-approved POI devices approved for use in this P2PE solution. Note all POI device information can be verified by visiting: https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_transaction_security.php POI device vendor: Ingenico POI device model name and number: IPP315 Hardware version #(s): IPP315-31T3685A Firmware version #(s): M1: 820180v01.02... - Page 4 POI device vendor: Ingenico POI device model name and number: Desk 3500 Hardware version #(s): DES35BB Firmware version #(s): M1: 820547v01.04 M3: 820548v02.05 M4: 820556v01.01 PCI PTS Approval #(s): 4-20283 POI device vendor: Ingenico POI device model name and number:...
-
Page 5: Poi Software/Application Details
POI Device Hardware & PCI listed? account version # vendor and number Firmware Version # (Y/N) data (Y/N) EPX, Ingenico Desk 3500, Desk 3500: EPXPay Desk 5000, Hardware: (2021-013 Lane 3000, DES35BB 37.003) A2.2.1.**.** Lane 5000, Firmware: Move 5000 820556v01.01... -
Page 6: Poi Inventory & Monitoring
Firmware: 820556v01.01 Lane 5000: Hardware: LAN51BA Firmware: 820556v01.01 Move 5000: Hardware: MOV50BB Firmware: 820556v01.01 2.3 POI Inventory & Monitoring ▪ All POI devices must be documented via inventory control and monitoring procedures, including device status (deployed, awaiting deployment, undergoing repair or otherwise not in use, or in transit). - Page 7 ● POI device model name and number: This is located on a sticker affixed to the device or is printed directly on the device itself. ● POI device location: This is the name and address of the merchant facility where the device is currently located.
-
Page 8: Poi Device Installation Instructions
3. POI Device Installation Instructions Do not connect non-approved cardholder data capture devices. The P2PE solution is approved to include specific PCI-approved POI devices. Only these devices denoted above in table 2.1 are allowed for cardholder data capture. If a merchant’s PCI-approved POI device is connected to a data capture mechanism that is not PCI approved, (for example, if a PCI-approved SCR was connected to a keypad that was not PCI-approved): ▪... - Page 9 Merchant Inventory Log when finished. Device-specific installation and connection instructions This section includes device installation and connection instructions that must be followed to begin processing. All requirements included in the user guides provided by Ingenico for each device must also be followed. IPP315 PIN-pad: The IPP315 is a customer-facing PIN-pad that allows customers to input their method of payment.
- Page 10 Locate the PIN-pad’s USB port and plug the PIN-pad’s cable into the USB port. Ensure the cable connection to the PIN-pad is secure. Connect the other end to the terminal’s USB port located on the back. Replace the back cover on the terminal. To securely close the cover, you may need to safely use a sharp tool to remove one of the rubber strips highlighted in the image below: Reconnect the power cable to the terminal.
- Page 11 Once completed, the terminal is ready to use. Lane 3000: The Lane 3000 is a Semi-Integrated (SI) device that must be connected to an Ingenico Point of Sale (POS) system: Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is not compromised.
-
Page 12: Guidance For Selecting Appropriate Locations For Deployed Devices
The terminal is ready for use. Move 5000: Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is not compromised. Review the placement guidance and security recommendations in Section 3.3 of this document. Unpack the terminal and other components. - Page 13 ● Public access must be limited to only parts of the device a customer is expected to use to complete a transaction (for example, PIN-pad and card reader). ● Place devices in an environment that deters compromise attempts. ● Use appropriate lighting, access paths, and visible security measures. ●...
-
Page 14: Guidance For Physically Securing Deployed Devices To Prevent Unauthorized Removal Or Substitution
For more information, contact SpacePole Inc. at https://www.spacepole.com/contact/ ● Tailwind’s PEDpack attaches to Ingenico devices and locks into the stand. This comes with a glue-pad desk- or counter-mounting application. For more information, contact Tailwind at https://tailwind-solutions.com/contact ●... - Page 15 ● Secure devices in a locked storage area anytime they are not in use. For additional information, refer to “Securing POI devices in storage” in this section. Outside of business hours, always place the devices in secure storage. ● Sign devices in and out of storage using the Storage Access Log described in the “Securing POI devices in storage”...
-
Page 16: Poi Device Transit
4. POI Device Transit 4.1 Instructions for securing POI devices intended for, and during, transit Securely transporting POI devices to any location: trusted shipping couriers When shipping POI devices to any location, establish a strict chain of custody to maintain security of the device at all times. - Page 17 ● Recipient’s name ● Tamper-evident bag serial number(s) ● POI device serial number(s) ● Merchant location the device is being shipped from The devices must only be transported and received by the identified custodians. Before shipping, if a device has no tamper-evident packaging, enclose each POI device individually in tamper-evident packaging to provide visual clues of a tampering event, and because tamper-evident packaging has serialized numbering that is unique for each bag.
-
Page 18: Instructions For Ensuring Poi Devices Originate From, And Are Only Shipped To, Trusted Sites/Locations
4.2 Instructions for ensuring POI devices originate from, and are only shipped to, trusted sites/locations Ensuring POI devices originate from trusted locations The merchant must receive POI devices only from trusted locations. If tampering is suspected at any point, immediately STOP and refer to Section 5.2 of this document for instructions. Observe the following guidance for all shipments, regardless of whether the POI device will be deployed immediately or placed into secure storage: ●... -
Page 19: Poi Device Tamper Monitoring And Skimming Prevention
Use industry-standard resources to educate your employees on the risk of skimmers and tampering, and instruct them on what to look for. One resource for familiarizing your employees with skimmers is available at: https://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimmers. The merchant should log all inspection activities in the Merchant Inventory Log, including the identity of the person performing the inspection, the date of inspection, devices inspected, and the inspection result. - Page 20 ● Examine the device from all angles and compare with the images in the user guide provided by Ingenico. Any variation may indicate substitution or tampering. Without privacy shield With privacy shield ● Check the condition of the seals and stickers on the POI device. Make sure that additional stickers are not present, which may be used to disguise damage from tampering activities.
- Page 21 Secure the POI device in the secure storage area. Restrict unauthorized access to the secure storage area at all times. For additional information, refer to “Securing POI devices in storage” in Section 3.3 of this document. Desk 3500: ● If the device is to be deployed immediately: ●...
- Page 22 “Alert Irruption!” if any form of physical tampering has been detected. ● Examine the device from all angles and compare with the images in the user guide provided by Ingenico. Any variation may indicate substitution or tampering. Without privacy shield With privacy shield ●...
- Page 23 covered by a sticker. Model name ● Examine the cables provided for POI device connectivity. Look for extra wires, loose wires, or bulges in the cabling. Device cabling ● Check the seams on the POI device housing for damage and for a uniform seam all the way around the device.
- Page 24 Device keypad ● Compare the appearance of the screws with those in the images in the user guide. Look for differences in screw style and the presence of damage to the screw heads. ● If applicable, weigh the POI device on a digital scale. For the specific device weight, consult the manufacturer’s specifications.
- Page 25 ● Examine the device from all angles and compare with the images in the user guide provided by Ingenico. Any variation may indicate substitution or tampering. Front view Side view ● Check the condition of the seals and stickers on the POI device. Make sure that additional stickers are not present, which may be used to disguise damage from tampering activities.
- Page 26 Model name ● Examine the cables provided for POI device connectivity. Look for extra wires, loose wires, or bulges in the cabling. Device cabling ● Check the seams on the POI device housing for damage and for a uniform seam all the way around the device.
- Page 27 Side view ¾ view showing swipe and chip insert locations Rear view showing back door and stylus ● Check that the keypad is securely in place. Be aware that malicious skimming devices can be overlaid on your POI device. Ensure that your PIN-pad’s keypad looks like the following image, with nothing overlaid on the keys and the plastic molding clearly visible: Device keypad ●...
- Page 28 “Alert Irruption!” if any form of physical tampering has been detected. ● Examine the device from all angles and compare with the images in the user guide provided by Ingenico. Any variation may indicate substitution or tampering. Front view Affixed to device stand PIM Template for PCI P2PE v2.0 Payment Card Industry Point-to-Point Encryption Standard ©...
- Page 29 Side view ● Check the condition of the seals and stickers on the POI device. Make sure that additional stickers are not present, which may be used to disguise damage from tampering activities. The hardware version number is displayed on a label on the back of the terminal. This label must not be torn off, covered, or altered.
- Page 30 Device keypad ● Compare the appearance of the screws with those in the images in the user guide. Look for differences in screw style and the presence of damage to the screw heads. ● If applicable, weigh the POI device on a digital scale. For the specific device weight, consult the manufacturer’s specifications.
- Page 31 ● Examine the device from all angles and compare with the images in the user guide provided by Ingenico. Any variation may indicate substitution or tampering. Front view Affixed to device stand Side view Affixed to device stand with stylus in use ●...
- Page 32 Model name ● Examine the cables provided for POI device connectivity. Look for extra wires, loose wires, or bulges in the cabling. ● Check the seams on the POI device housing for damage and for a uniform seam all the way around the device.
- Page 33 Primary screw locations ● If applicable, weigh the POI device on a digital scale. For the specific device weight, consult the manufacturer’s specifications. Ideally, the merchant should weigh the device with a digital scale upon initial deployment and then record the weight for comparison against the manufacturer’s specification.
- Page 34 ● Examine the device from all angles and compare with the images in the user guide provided by Ingenico. Any variation may indicate substitution or tampering. Front view without privacy shield Side view with privacy shield Rear view 3D model ●...
- Page 35 Model name ● Examine the cables provided for POI device connectivity. Look for extra wires, loose wires, or bulges in the cabling. ● Check the seams on the POI device housing for damage and for a uniform seam all the way around the device.
- Page 36 Use industry-standard resources to educate your employees on the risk of skimmers and tampering, and instruct them on what to look for. One resource for familiarizing your employees with skimmers is available at: https://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimmers/ . The merchant should keep a log of the inspection activities, including the identity of the person performing the inspection, the date, devices inspected, and the inspection result.
-
Page 37: Instructions For Responding To Evidence Of Poi Device Tampering
● Examine the cables leading into the POI device. Look for extra wires, loose wires, or bulges in the cabling. ● Check the seams on the POI device housing for damage and for a uniform seam all the way around the device. -
Page 38: Instructions For Confirming Device And Packaging Were Not Tampered With, And For Establishing Secure, Confirmed Communications With The Solution Provider
Please be prepared to provide this information in an effort to maintain the most secure payment solution for you and your customers. ● Record the status of the POI device as “Tampered” in the Merchant Inventory Log. Secure the log book when finished. -
Page 39: Device Encryption Issues
● Contact the company the individual represents using an independent source of contact information to verify the legitimacy of the visit. ● If the individual’s identity cannot be authenticated, access to all merchant POI devices must be denied. ● Once a visitor’s identity has been authenticated, enter their information into the Visitor’s Log. ●... -
Page 40: Poi Device Troubleshooting
technicalsupport@nabancard.com with the signed documentation attached. After receiving the required documentation, EPX Management will authenticate the request through the following: 1. The P2PE termination request email must be sent from the email address on file for the Owner's account. 2. The merchant's signature on the P2PE Merchant Opt-out Form must match the signature on the Merchant Agreement. - Page 41 Merchants and sales partners will be notified of any changes to the PIM through the use of the Help Center’s hot-spot feature. The red hot-spot dot will appear as a notification on the website until it is clicked. Clicking the hot-spot links directly to the updated version of the PIM, which will be posted and saved in the Help Center.
Need help?
Do you have a question about the Desk 3500 and is the answer not in the manual?
Questions and answers
how do i print a manual batch in the middle of the day. my machine runs one automatically at midnight and prints it, but it won't print it if I run it manually.
To manually print a batch on the Ingenico Desk 3500, you can use the X and Z reports. These reports allow you to print a statement of the transactions made on your card machine. The X report is typically used mid-shift, and the Z report is used at the end of the shift or day. These reports are separate from the automatic End of Day report and can be printed manually as needed.
This answer is automatically generated
how to cancel refund issued to customer instead of a sale
The provided context does not include instructions on canceling a refund issued to a customer on the Ingenico Desk 3500.
This answer is automatically generated
How do I print a monthly statement
hi we have a desk3500 when you batch out it reads every number not like it use to from1 tell then end numbers on the recti's and now it printing out every other number not like it was before it showed all the numbers and now its reading at the end double the numbers
HOW DO I REPLACE INK CATRIDGE? UNIT PUTTING OUT BLANK STRIPS.