Devices overview
Learn the basics of using the Devices API to accept in-person payments
Payabli offers integrated P2PE (point-to-point encryption) cloud devices, also known as credit card terminals, that you can use to make sales via the Payabli API. Payabli has made setting up devices frictionless. First, order a device from Payabli, then register each new device with a single API call.
Point-to-point encryption (P2PE)
Point-to-point encryption (P2PE) provides the most secure and effective solution to protect sensitive cardholder data in combination with EMV and tokenization. P2PE can help reduce the cost and scope of PCI DSS and PA-DSS. Encrypted cardholder data has no value if stolen, as only Payabli and secured providers can decrypt the data.
P2PE ensures that no cardholder data is exposed during a transaction by encrypting the data inside the card reader, terminal, or payment device. This encryption makes the data useless in the event of a skimming attack. Using the payment industry standard encryption algorithm, DUKPT (Derived Unique Key Per Transaction), a key is injected securely into each card reader or payment device when it’s manufactured. This key is then used to encrypt every transaction. Each transaction remains encrypted until received by Payabli, where it’s decrypted, then passed to the bank or processor for authorization via Payabli’s secure payment gateway.
- At the point of card acceptance, within the card reader or payment device, the card data is securely encrypted.
- After the data is encrypted, it can then be passed over standard public networks to the payment gateway and processor.
- When the data arrives in the secure data zone of Payabli’s PCI DSS certified payment gateway, it’s decrypted and passed to the bank processor for authorization.
There are numerous benefits to using P2PE devices:
- Easy integration through the use of Payabli’s Quickstart Guide and Cloud Device API
- Reduce scope, complexity and compliance cost of PCI DSS
- Simplified PA-DSS for equipment manufacturers
- Mitigate the risk of cardholder data fraud
- Reduce financial liability
- Reduce software development cost
- Increased cardholder data protection
- Simplified payment processing architecture
This guide gives a high-level overview of device setup and making sales using a payment cloud device (also known as credit card terminals).
Devices quickstart
These next sections cover getting started with devices, including how to register a device, make a transaction, and handle asynchronous transactions with the PAX A920 device.
Step 1: Register a device
Register an Ingenico device
- Turn on the device and connect to the internet.
- After you configure WiFi, an activation code appears on the screen. This is the
registrationCodevalue you need for the next step. If you can’t find the activation code, consult the device’s documentation. - Register the device using the activation code via the API Register Hardware Device in Cloud Service.
Register a PAX A920 device
- Follow the PAX A920 Setup Guide
- Find the serial number on the back of the device. This is the
registrationCodevalue you need for the next step. - Register the device using the activation code via the API Register Hardware Device in Cloud Service.
If the API response is successful, you get a device identifier in the ResponseData field. Use this device identifier to make payments or store payment methods using the device.
Step 2: Make a transaction
Submit a payment request and include the device identifier in the field device inside the object paymentMethod and ensuring that the method field contains the value cloud.
For example, this transaction is using the device with the ID 6c361c7d-674c-44cc-b790-382b75d1xxx.