Magtek DynaFlex II PED, Manual

Page 1: ...ourt Seal Beach CA 90740 Phone 562 546 6400 Technical Support 888 624 8350 www magtek com DynaFlex II PED PIN Entry Device PCI PTS POI v6 2 Security Policy March 2023 Document Number D998200520 15 REG...

Page 2: ...tifiers containing ANSI are registered trademarks service marks and accreditation marks of the American National Standards Institute ANSI ISO is a registered trademark of the International Organizatio...

Page 3: ...3 Dec 16 2022 Remove no display option Add additional cryptographic algorithms Update screenshots for latest firmware 14 Feb 16 2023 Update PCI version to 6 2 Add extra info about HW ID Add pictures o...

Page 4: ...4 3 1 Initial Inspection 14 3 2 Installation 15 3 3 Environmental Conditions 15 3 4 Communications and Security Protocols 16 3 5 Configuration Settings 16 4 Operation and Maintenance 17 4 1 Periodic I...

Page 5: ...key management responsibilities administrative responsibilities device functionality identification and environmental requirements The use of the secure card reader in any manner not described in this...

Page 6: ...200520 15 2 General Description 2 1 Product Name and Appearance The front facing sides of the DynaFlex II PED and DynaFlex II PED with barcode reader BCR are shown in Figure 2 1 below The different re...

Page 7: ...l Description DynaFlex II PED PIN Entry Device PCI PTS POI v6 2 Security Policy Page 7 of 24 D998200520 15 Figure 2 2 DynaFlex II PED Bottom View DynaFlex II Kiosk Bottom View DynaFlex II PED BCR Bott...

Page 8: ...es a back cover intended for secure mounting suitable for use in an unattended environment All are approved as a PIN Entry Device PED device class under PCI PTS POI v6 2 requirements Usage in any othe...

Page 9: ...are Identifier PCI ID Tag Configuration Description 40PCI4SU0xBx DynaFlex II PED TOUCHSCREEN DISPLAY USB 40PCI5SU0xBx DynaFlex II PED TOUCHSCREEN DISPLAY BCR USB 40PCI4SW0xBx DynaFlex II PED TOUCHSCRE...

Page 10: ...4 0 P C I 4 K U 0 x B x 4 0 P C I 5 K U 0 x B x 4 0 P C I 4 K W 0 x B x 4 0 P C I 5 K W 0 x B x Fixed Position Variable X Position Description of Fixed or Variable X in the Selection Position 1 2 40 D...

Page 11: ...erties within the device The host can retrieve these properties at any time using Command 0xD101 Get Property as described in D998200383 DynaFlex Products Programmer s Manual COMMANDS Table 2 3 Main F...

Page 12: ...ule firmware part number 12 A Certified Version 13 Minor revisions bug fixes 15 17 PCI PCI version of firmware 2 3 3 Device Information Page While powering up the display briefly shows a page of infor...

Page 13: ...e device s PCI certification status including the installed firmware part numbers and versions and other identifying information see Figure 2 6 on the Welcome screen press the Pushbutton for 3 beeps t...

Page 14: ...ion check the Hardware and Firmware ID Hardware ID is printed on the label The Firmware ID is accessible via the device and displayed on the screen Go to the PCI compliance web page and search for Mag...

Page 15: ...immers tapping mechanisms and their wires or antennas Installation height is one factor in meeting this requirement The DynaFlex II PED is designed to maximize visibility of all card paths Assuming th...

Page 16: ...Flex II PED supports a USB interface using the USB HID protocol and optionally 802 11 WLAN using TLS 1 2 secure WebSocket Transactions configuration firmware updates and key injection can all be perfo...

Page 17: ...er on the secure card reader and check that the firmware runs well as the startup will inspect the hardware security authenticity and integrity of firmware Only the leftmost LED should be on and blink...

Page 18: ...ated default values e g passwords authentication codes certificates that require modification by the user to meet PCI security requirements A custom signed trust configuration file with the customer C...

Page 19: ...the device to protect the cardholder s PIN during PIN entry Table 4 1 Observation Corridors Method Observation Corridors Cashier Customer Queue Customer Elsewhere On Site Cameras Remote Cameras Deskto...

Page 20: ...g update tools available from the MagTek web site The device verifies each update is newer than the installed version and cryptographically authenticates the file If version checking or authentication...

Page 21: ...Wireless connections to access points require WPA2 Both personal and enterprise modes user id and password are supported 5 4 Key Management The device implements AES TDEA DUKPT as its only key manage...

Page 22: ...with key management requirements and cryptographic methods specifically TR 31 can be used for key loading Use of any other methods will invalidate PCI approval 5 6 Key Replacement Keys should be repla...

Page 23: ...Curve Cryptography ICCR Integrated Circuit Card Reader MAC In cryptography Message Authentication Code In networking Media Access Control address MSR Magnetic Stripe Reader NFC Near Field Communicati...

Page 24: ...naFlex Products Programmer s Manual COMMANDS D998200524 DynaFlex II DynaFlex II PED Device Inspection D998200525 DynaFlex II DynaFlex II PED Package Inspection D998200526 DynaFlex II DynaFlex II PED Q...