Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Magtek DynaFlex II PED
Summary of Contents for Magtek DynaFlex II PED
- Page 1 DynaFlex II PED PIN Entry Device PCI PTS POI v6.2 Security Policy March 2023 Document Number: D998200520-15 REGISTERED TO ISO 9001:2015 MagTek Inc | 1710 Apollo Court | Seal Beach, CA 90740 | Phone: (562) 546-6400 | Technical Support: (888) 624-8350 www.magtek.com...
- Page 2 Some device icons courtesy of https://icons8.com/, used under the Creative Commons Attribution- NoDerivs 3.0 license. All other system names and product names are the property of their respective owners. MagTek Inc | 1710 Apollo Court | Seal Beach, CA 90740 | Phone: (562) 546-6400 | Technical Support: (888) 624-8350 www.magtek.com...
- Page 3 Mar 22, 2023 update images to show correct HW ID. Table 2-1 and Table 2-2, change PCI ID Tag revision (position 11) to ‘B’. DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 3 of 24 (D998200520-15)
-
Page 4: Table Of Contents
Communications ..........................21 Key Management ........................... 21 Key Loading ............................. 22 Key Replacement ........................... 22 Acronyms ..............................23 Appendix A References ..........................24 DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 4 of 24 (D998200520-15) -
Page 5: Purpose
1 - Purpose Purpose This document describes how to use the DynaFlex II PED family of devices in a secure manner. This includes information about key-management responsibilities, administrative responsibilities, device functionality, identification, and environmental requirements. The use of the secure card reader in any manner not described in this security policy, will invalidate the PCI PTS POI v6.2 approval of the device. -
Page 6: General Description
Product Name and Appearance The front facing sides of the DynaFlex II PED and DynaFlex II PED with barcode reader (BCR) are shown in Figure 2-1 below. The different rear facing sides of all devices are shown in Figure 2-2. - Page 7 2 - General Description Figure 2-2 – DynaFlex II PED Bottom View, DynaFlex II (Kiosk) Bottom View, DynaFlex II PED (BCR) Bottom View DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 7 of 24 (D998200520-15)
-
Page 8: Product Type
(BCR) or wireless WLAN communications module. DynaFlex II PED can be used as desktop or handheld devices. The Kiosk version uses a back cover intended for secure mounting, suitable for use in an unattended environment. All are approved as a PIN Entry Device (PED) device class under PCI PTS POI v6.2 requirements. - Page 9 Figure 2-4 - DynaFlex II PED Device Label The label also contains other supporting information about the device. All DynaFlex II PED hardware configurations are listed in Table 2-1 - PCI Hardware Identifier: Table 2-1 - PCI Hardware Identifier PCI ID Tag...
- Page 10 B = as Certified minor fixes not adding functionality or related to security (e.g. change component value for antenna matching): 0 = as certified DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 10 of 24 (D998200520-15)
-
Page 11: 2.3.2 Firmware Identification
1000008593 = DynaFlex II PED Boot firmware part number A = Certified Version Minor revisions, bug fixes 15-17 PCI = PCI version of firmware DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 11 of 24 (D998200520-15) -
Page 12: 2.3.3 Device Information Page
Approved PTS Devices. Note that in PCI listings, lowercase “x” is a wildcard meaning ‘any single character.’ Figure 2-5 - Device Startup Screen DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 12 of 24 (D998200520-15) - Page 13 , and Settings Firmware Main To return to the screen, select Welcome Back Exit Figure 2-6 - Device Information Screen for WLAN option DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 13 of 24 (D998200520-15)
-
Page 14: Installation And User Guidance
ID is printed on the label. The Firmware ID is accessible via the device and displayed on the screen. Go to the PCI compliance web page and search for MagTek, and find the product name, DynaFlex II PED. Compare the Hardware ID and Firmware ID: https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices... -
Page 15: Installation
/ skimmers / tapping mechanisms, and their wires or antennas. Installation height is one factor in meeting this requirement. The DynaFlex II PED is designed to maximize visibility of all card paths. Assuming the solution design does not add features that obstruct the view of the slot, any practical mounting height fulfills the visibility requirement. -
Page 16: Communications And Security Protocols
PCI PTS approval. Configuration Settings DynaFlex II PED ships from the factory fully secure. The devices have no configuration settings that require modification by the user to meet PCI security requirements. DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy... -
Page 17: Operation And Maintenance
MagTek strongly recommends performing security inspections on a regular schedule. Additional information can be found in D998200524 DYNAFLEX II PED DEVICE INSPECTION. If any problems are detected, stop using the device, set it aside in a secure location, and contact the manufacturer or your acquirer for further advice. -
Page 18: Self-Test
Such services are managed through dedicated tools, using cryptographic authentication. Passwords and Certificates DynaFlex II PED ships from the factory fully secure. The devices have no security related default values (e.g., passwords/authentication codes/certificates) that require modification by the user to meet PCI security requirements. -
Page 19: Privacy Shield
4 - Operation and Maintenance Privacy Shield DynaFlex II PED has no privacy shield, therefore merchants must provide cardholders with the necessary privacy and guidance to enter PIN(s) safely and securely. One method is to include guidance messages and logos for the cardholder as part of a customer display driven by the host software. The figure below shows an example of a safe PIN entry logo that the host could display for the customer prior to, or in conjunction with, the PIN entry prompt message. -
Page 20: Patching And Updating
For help with updates to EMV configuration, contact Magensa Remote Services. Decommissioning Before DynaFlex II PED is permanently removed from service, all the keys and sensitive data must be erased. One way to accomplish this is by temporarily removing the bottom cover, which forces a tamper response. -
Page 21: Security
Firmware Protection Key ECC-DSA SHA-256 and authenticity of ECDSA Curve P-256 firmware Authenticate card EMV CA Public keys Varies per issuer data and keys DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 21 of 24 (D998200520-15) -
Page 22: Key Loading
NIST SP 800-57-1. DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 22 of 24 (D998200520-15) -
Page 23: Acronyms
Secure Hash Algorithm SRED Secure Reading and Exchange of Data TDEA Triple Data Encryption Algorithm Universal Serial Bus USB HID USB Human Interface Device DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 23 of 24 (D998200520-15) -
Page 24: Appendix A References
ANS X9.24 Part 3:2017, Retail Financial Services Symmetric Key Management, Part 3: Derived Unique Key Per Transaction Using Symmetric Techniques • X9 TR-31:2010, Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms DynaFlex II PED| PIN Entry Device | PCI PTS POI v6.2 Security Policy Page 24 of 24 (D998200520-15)
Need help?
Do you have a question about the DynaFlex II PED and is the answer not in the manual?
Questions and answers