CAPK expired error messages on VeriFone EMV terminals

Looking for solutions to fix CAPK errors on credit card terminals? In 2016, 3D Merchant blog explained about CAPK expired error messages on VeriFone EMV terminals and how to fix them. With credit card terminal lifespans of about 5 years, primarily due to security enhancements, the answers are different in 2022. Computers cannot be upgraded at some point and neither can credit card terminals.

The old article referenced the VeriFone EMV Vx520, FD55, Vx510, Vx570, among other terminals. A later blog post explained Verifone PCI 3 End of Life Terminals, which includes those and others. Merchants using the related desktop terminals, which typically require a manual download from the merchant acquirer to update, are unlikely able to get new updates due to the end of life process.

Previously Visa extended the EMV Certification Authority Public Keys (CAPK) key’s expiration date from 12/31/2015 to 2022, which required a terminal software update. Chip cards contain the issuers private keys which need to be verified by the card issuer’s public keys during online authorization requests.  The keys come from the Certification Authority Public Keys (CAPK), and they expire periodically. Card readers reject transactions (decline) when an incorrect or expired CAPK is used. When a terminal reaches a certain point at end of life, they can’t be updated and the CAPK error is just another symptom of the current problem: it’s time to replace the credit card terminal.

VX520 emv NFC verifone terminal

CURRENT RECOMMENDATIONS:

  1. If you want to keep your current acquirer, and are interested in exploring technology solutions to enhance business operations, security and your customer experience, contact 3D Merchant Services for cloud technology solutions and compatible terminals. If your acquirer, refers you to 3D Merchant Services to solve your CAPK problem, this is how it will be done- equipment and processes WILL change. For 3D Merchant clients, the benefits far outweigh the cost to replace.
  2. If you want to keep your current acquirer and keep your equipment, only your current acquirer can help you resolve CAPK issue, if feasible. If you do not know how to reach your acquirer, a phone number is provided on your merchant statement.

How to identify if terminal is end of life?

  1. If it’s more than 5 years old, it almost certainly is. Look for date on the terminal.
  2. Look for PCI PTS version on the terminal.
  3. Call your acquirer.
  4. If your terminal uses PCI PTS, which is rquired certification for devices that accept pin code entry, 3.x (expired now) or 4.x (expires 2023), the time to plan for their replacement is NOW. Do not wait. The sources below are not that great because PCI web site now says to refer to manufacturers for research and limits which are listed on their web site.
  5. Google your “terminal name specifications”. A PDF spec sheet will have the PCI PTS version or their might be a sticker on the terminal with a date and or P
  6. Search for devices here on the Official PCI Security Standards web site https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices?agree=true
  7. On manufacturer web sites, look up the terminal security specifications. For example, this shows PCI PTS 4.x approved for the MX 915 currently for sale. https://www.verifone.com/en/us/devices/multilane/mx-915. PCI PTS 4.x expires in April 2023.
    COVID ALERT: Due to supply chain problems, terminals are nationally in short supply for all manufacturers. 3D Merchant Services offers equipment sales only to customers. All terminals ship direct from certified facilities and are billed by the recommended solutions provider.

Call Christine Speedy, 3D Merchant Services owner and Authorized Reseller. Call for simple solutions to payment transaction problems. 954-942-0483, 9-5 ET.

Verifone PCI 3 End of Life Terminals

Did you know terminals have their own Payment Card Industry or PCI certification? The standards are part of the overall merchant requirements to maintain the security of cardholder data. Those rules change over time and a bunch of Verifone equipment is expiring, including the popular Vx520 countertop terminal and Vx820 pinpad.

Last August, Verifone issued end of life notification on their PCI 3 range of payment devices in compliance with the PCI Security Standards Council PCI 3 expiration date of April 30, 2020. Often merchants will get notifications like this from their acquirer on their merchant statement.

Which Verifone terminals are impacted?

  • Vx520, VX510, VX570
  • Vx805 – M280-703-0X-XXX-X
  • Vx820 pin pad
  • Vx675, Vx680, Vx685, Optimum M5
  • Mx915 (PN 132-XX…), Mx925 (PN 132-XX…)
  • H5000
  • This list does not include all devices! Merchants should check with their providers especially if using a non-EMV device or if you were an early EMV chip adopter.
  • verifone vx510

What does End of Life mean?

  • Final date for new terminal sales (fall 2019)
  • End of Development- Improvements or changes have stopped
  • End of Support Date- Verifone will not issue software updates after April 2020, except that, until April 2023 they will continue to provide error corrections for Severity 1 (Critical) software errors, including security vulnerabilities.
  • End of Service Date- April 2023. Verifone will honor any extended support contracts to their term. Subject to component availability and other factors, Verifone will also continue to provide repair.

(PCI) PIN Transaction Security (PTS) v4 expires April 30, 2023. PCI PTS v5 expires April 30, 2026.

Are merchants PCI Compliant if they continue to use PCI 3 terminals after April 2020? The PCI Council urges but does not mandate merchants use approved PTS devices in their payment environments. However, in our experience, between payment brand and acquirer requirements, merchants generally need to use only approved PTS devices or risk getting shut down. Research expiration dates of terminals on the PCI Council web site. I’d be concerned about liability and the ability to prove PCI compliance, especially in the event of a data breach. Verifone will not issue software updates or provide development support after April 2020. If security vulnerabilities or exploits are identified by the processors after April 2020, and you’re using the terminals, who’s to say when or even if a solution could be found to fix it?

How disruptive would it be for your business to have to shut down using them and get another solution? There are always people who procrastinate making changes. And when something goes wrong, phone calls to processors explode, so change is usually not as swift as you’d like.

Note, only employees and PCI QIR certified individuals can install or touch your credit card terminals. Terminals are one of the most important factors determining rates you pay and chargeback risk. Why? Call now to learn more. This is the perfect time for an external account review by a payments expert.

TIP for Christine Speedy Verifone Mx915 customers: If you have a part number that starts with this “PN 132”, replace the terminal. If you were an early adopter and had your terminals deployed prior to the EMV chip liability shift in October 2015, there’s no need to check part numbers; They need to be replaced. Please contact me directly to consult on replacement options.

Call Christine Speedy , PCI QIR certified, for new PCI 5 terminals, technology review and or merchant account review to maximize profits and improve your customer experience. 954-942-0483, 9-5 ET

Verifone VX terminal reboot: urgent update

All Verifone VX terminals must be updated by June 25, 2019 or merchants risk problems where the terminal is stuck in a reboot and cannot accept credit cards. Verifone posted an advisory on their support web site June 3. Hopefully owners will be notified by their acquirers before they have hard failure. The VX series is very popular so it could be problematic if many thousands of VX terminal owners try and download the update at the same time.

Action is required for all customers using VX (all VX) or e-Series Devices (limited to e315, e315m and e355) on any version of CommServer prior to 544 or 5441 who have not downloaded the recovery utility. This action is for both customers who have successfully recovered their devices from a reboot loop, those who may be in a reboot loop, and those that did not experience issues at all on or around May 25, 2019. Read the entire alert on the Verifone support web page here.

The advisory impacts all Verifone VX terminals, so per my search, that would include the VX 520, VX 680, VX 805, and VX 670. Are you in need of a new or replacement terminal?

The Christine Speedy difference. Find out what terminal is best for your credit card processing situation. Call someone who knows the rules and can help you optimize for the lowest interchange rate qualification. Terminal choice matters! B2B expert. 954-942-0483, 9-5 ET.

CenPOS Announces its Relationship Renewal with Verifone and the MX Line

CenPOS renews their relationship with Verifone and MX link by purchasing 5,000 Verifone MX 915 devices.

Integrated payment services and gateway provider, CenPOS, purchased 5,000 Verifone MX 915 devices and is deploying point-to-point encryption and advanced data security to auto dealers of all sizes, higher-education, law firms, insurance, manufacturing and distribution.

CenPOS SECURE is a suite of solutions designed to remove sensitive cardholder data from software applications like the merchant’s primary ERP, POS, PMS, DMS, etc. The suite consists of point-to-point encryption, tokenization and encrypted virtual PIN Pads that protect software systems by securing data in-flight and at rest.

When using CenPOS SECURE, merchants can reduce the time requirement and scope of their PCI DSS assessments. The Verifone MX line of products encrypts data at the point of interaction and facilitates a robust shopping experience for the consumer that includes secure PIN entry and signature capture.

“Merchants have enjoyed the CenPOS omni-channel shopping experience and the security that comes from it for the last 8 years. Verifone’s platform was the right choice for CenPOS. Their team of professionals have worked well with CenPOS to incorporate the next level of data security into the solution,” said Christopher Justice, CEO of CenPOS. “We’re pleased with the collaboration and diligence of the technology teams to launch these advancements.”

The Verifone MX line of products provides solid capabilities at the point-of-sale. Its design and attractive styling deliver a comfortable checkout experience while the state-of-the art technology provides added security.

“As a global payments and commerce solutions provider, Verifone’s goal is to create a world-class platform capable of supporting the ingenuity that’s constantly shaping the future of commerce. In a shared effort with CenPOS, we work to bring the highest level of security to transactions,” said Joe Mach, President, Verifone North America.

CenPOS Secure protects card present, eCommerce, mobile, mail order/phone order, and portable device transactions at the point of interaction with multiple layers of security. Integrated into the merchant’s software applications, no sensitive data is ever processed nor stored by those applications eliminating them from the scope of PCI DSS.

To better understand how CenPOS SECURE can help your business, call 877-630-7960 Or visit our website.

About CenPOS:
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.
| CenPOS | @CenPOS

About Verifone:
Verifone is transforming everyday transactions into opportunities for connected commerce. We’re connecting payment devices to the cloud—merging the online and in-store shopping experience and creating the next generation of digital engagement between merchants and consumers. We are built on a 35-year history of uncompromised security with approximately 30 million devices and terminals deployed worldwide. Our people are trusted experts that work with our clients and partners, helping to solve their most complex payments challenges. We have clients and partners in more than 150 countries, including the world’s best-known retail brands, financial institutions and payment providers.
Verifone.com | @verifone

###

Blog author Christine Speedy, CenPOS global sales and integrated solutions, can be reached at 954-942-0483.

US EMV Verifone MX 915 for BB&T TSYS

Yes, we provide US EMV with chip and pin for BB&T customers wanting to use Verifone MX 915 terminals. BB&T merchants are on the First Data platform. One unique benefit of our solution on First Data is we can process retail, MOTO (mail order/telephone order), and ecommerce, including electronic bill presentment and payment (EBPP), all in a single merchant account, with proper representment to mitigate chargeback risk and maximize profits.

The transaction process is different for EMV than magnetic swipe transaction, in order to support the different flow for processing chip cards.

To use CenPOS as shown in the video, merchants need high speed internet, web browser, Verifone MX 915, and CenPOS account. No other software is needed. CenPOS can be used standalone or integrated. Integrated solutions include Infor, SAP, Dynamics AX, Quickbooks etc. In all cases, CenPOS segregates payments from the application to reduce PCI Compliance scope and improve security.

TIP:  Having an EMV capable terminal does not mean a merchant is ready to accept chip cards. In the CenPOS environment, if a merchant installed a future proof, EMV capable terminal to get ready for EMV, the next step is to convert to EMV enabled. This always requires turning on EMV at the merchant account level, in addition to other steps.

If you do not own a Verifone terminal, do not purchase one on your own via EBAY or some other source. For PCI Compliance, and overall security, the purchasing and installation process must be tightly controlled.

If you’re not a current CenPOS customer, contact Christine Speedy for sales and integrations at 954-942-0483. Don’t just get ready, get EMV Compliant.