Performing an Offline PIN Transaction Without a PEK on the VP3600

Owned by Richard Brooks
Last updated: Nov 14, 2022 by Chris Barton

EMV transactions can support two types of PIN verification: Online PIN and Offline PIN.

During an Online PIN transaction, the PIN entered by the cardholder is encrypted into a PIN Block inside the VP3600 using a PIN Encryption Key (PEK). This PIN Block is then transmitted through the payment gateway for the card issuer to validate that the entered PIN is correct.

During an Offline PIN transaction, the PIN entered by the cardholder is validated by the card itself. In this case, the PIN resides on the card, and the PIN does not leave the security of the payment device. This does not require a PEK to be injected in the VP3600.

To perform an Offline PIN transaction, the transaction just needs to be initiated. The L2 Contact Kernel in the payment device communicates with the card’s CVM preference, and will prompt (when required) for PIN entry. After the PIN is entered, it will be sent to the card to be validated and the transaction will proceed.

In summary, to support Offline PIN transactions only, a Data Encryption Key (DEK) alone is required to be injected in the reader. If Online PIN transactions are also to be supported, then both a DEK and PEK must be present in the device.