End to End Encryption (E2EE) Support in 4D Payments SDK

Chapter Listing

  1. Overview
  2. Heartland
  3. FDMS Rapid Connect
  4. TSYS
  5. Paymentech


4D Payments SDK supports E2EE for the following processors:

  • Heartland
  • FDMS Rapid Connect
  • TSYS (Terminal and Host Capture)
  • Paymentech

When using End to End Encryption, sensitive (Credit Card) information is encrypted before being sent to the payment processor. Encryption can happen at hardware or component level. In E2EE, data is encrypted on the sender’s system or device and only the recipient is able to decrypt it, making the communication between the Point Of Sale (POS) and the Payment Processor more secure.

The following sections detail how to submit Encrypted data for a transaction with the corresponding processor.

Heartland – E3

Data Encryption when using Heartland payment processor happens at the hardware level which contains the E3 Encryption software. E3 Encryption requires a Magnetic Stripe Reader that is capable of encrypting cards (please contact Heartland directly to obtain more information about the available devices). Once you have an E3 capable device, the component can be setup to begin processing transactions using E3 encryption. The first thing you will need to do is set the “HeartlandEncryptionMode” to the available encryption mode. When retrieving card data via an E3 device, the card data (i.e. Track 1, Track 2, or Card Number) will be encrypted. The component handles this card data the same as if it was not encrypted. Thus you can set it using the Card property (just as you would if it was not encrypted). In addition to the card data, an E3 secure card swipe response (received from the E3 device) will contain base-64 encoded “Key transmission blocks”. This key block is required and is used by Heartland to decrypt the card data. Therefore you will need to parse this value from the magnetic stripe reader response and set the base-64 encoded value to the “HeartlandKeyBlock” configuration setting. Below are some code examples demonstrating how to set E3 encrypted card data:

  • HeartlandEncryptionMode – Specifies the encryption mode to use in Heartland transactions.
  • HeartlandKeyBlock – Specifies the key block used to encrypt the data.

Below is a basic E2EE transaction with Heartland.

Tsysretail CCRetail1 = new Tsysretail();

//Setting the processor to Heartland
CCRetail1.Config("Processor=1"); // 1 = Heartland

//This is your Encryption Mode
CCRetail1.Config("HeartlandEncryptionMode=3"); //Card Data Only

//This is your Key Block for the below card examples

//This is a Track 1 example
CCRetail1.Card.EntryDataSource = EntryDataSources.edsTrack1;
CCRetail1.Card.MagneticStripe = "S8pm5APZta7OupWZgbPz41b2zNguCmueZKOsWxdOw9SbjKsJwk4anBNHZ"; 

//This is a Track 2 example
CCRetail1.Card.EntryDataSource = EntryDataSources.edsTrack2;
CCRetail1.Card.MagneticStripe = "DG+grdoyZaOExQ9Q5p44QQ5FhwD"; 

//This is a manual card data example
CCRetail1.Card.EntryDataSource = EntryDataSources.edsManualEntryTrack1Capable;
CCRetail1.Card.Number = "+++++++ZsUazr6xV";
CCRetail1.Card.CVVData = "123";
CCRetail1.Card.ExpMonth = 1;
CCRetail1.Card.ExpYear = 2020;


FDMS Rapid Connect – TransArmor

First Data provides an advanced mode of payment card security service through its TransArmor (TA) solution. When using First Data, encryption happens at the component level through the help of few configuration settings that can be found below.

  • TransArmorMode – Specifies the TransArmor Security Level to use.
  • TransArmorTokenType – The FDMS assigned token type.
  • TransArmorKeyId – Specifies the Id of the TransArmor key used to perform the encryption.
  • TransArmorKey – Specifies the TransArmor key used to perform the encryption.

Below is a basic TransArmor transaction for FDMS Rapid Connect.

Fdmsrcretail retail = new Fdmsrcretail();
retail.URL = "https://stg.dw.us.fdcnet.biz/rc";

retail.MerchantId = "MerchantId";
retail.MerchantTerminalNumber = "00000001";
retail.DatawireId = "DatawireId";
retail.GroupId = "GroupId";
retail.TPPID = "TPPID";
retail.IndustryType = FdmsrcretailIndustryTypes.fritRetail;
retail.STAN = "STAN";

retail.TransactionNumber = "1234";
retail.OrderNumber = "123";
retail.ReferenceNumber = "123456";
retail.TransactionAmount = "1200";

retail.Card.MagneticStripe = "B4012000033330026^FDCS TEST CARD   /VISA^170410054321000000000000000  150  A";
retail.Card.EntryDataSource = EntryDataSources.edsTrack1;


TSYS – Voltage

E2EE transactions are supported in both TSYS Host Capture and TSYS Terminal Capture platforms. Encryption happens at the hardware level which contains the Voltage encryption software.

Below is a basic E2EE transaction with TSYS.

  • TsysETB – The Encryption Transmission Block TSYS uses to decrypt encrypted data.
  • GenKey – A randomly generated string of alphanumeric characters identifying the terminal.

TSYSRetail1.Merchant.Zip = "27709";
TSYSRetail1.Merchant.BankId = "999995";
TSYSRetail1.Merchant.CategoryCode = "5999";
TSYSRetail1.Merchant.Name = "TESTMERCHANT";
TSYSRetail1.Merchant.Number = "888000002447";
TSYSRetail1.Merchant.City = "800-1234567";
TSYSRetail1.Merchant.State = "NC";
TSYSRetail1.Merchant.StoreNumber = "5999";
TSYSRetail1.Merchant.TerminalNumber = "1514";
TSYSRetail1.Merchant.Zip = "27709";

TSYSSettle1.TerminalId = "71129182";
TSYSRetail1.IndustryType = DPayments.DPaymentsSDK.TsysretailIndustryTypes.sitRetail;  

//This is a randomly generated string of alphanumeric characters identifying the terminal.
string genkey = "1AFFBF04C4B4236A361B44D1";

//This is the Encryption Transmission Block TSYS uses to decrypt encrypted data
string swipeKeyBlock  = "/wECAQEEAoE9AgEH3QodTdcg4w1ob3N0QHRzeXMuY29t9S7D/lseZ/k67BZVH3z2+WF4Tdg6JkKQwgQ/eEyd19RFHHd+YeKy1sCtMFd2NU+asRWyPxIK/9oFNqAwsdthK7ppHq/AGHsmCQwj+pS1lkUuQP5xvNDaguuD5P7wm9K5axFLF0qsjyCoLDpBPFoqkVgDp+z/irX2MLnNgXi8X7sA4xtV/HdXe1e5MxnEHOLQl5mtrYu/m799MDdw/vxC8F+FtmPT";

TSYSRetail1.TransactionAmount = "1100";
TSYSRetail1.Config("TSYSETB=" + swipeKeyBlock);
TSYSRetail1.Config("GenKey=" + genkey);

TSYSRetail1.TransactionNumber = TSYSRetail1.TransactionNumber + 1;
TSYSRetail1.Card.EntryDataSource = EntryDataSources.edsTrack1;

//This is the Encrypted Track 1 Data
TSYSRetail1.Card.MagneticStripe = "B4212004061203^Edward Ochi^1005101Q3YPP6oS";

Note: GenKey is only required when using TSYS Terminal Capture.


When using Paymentech as a payment processor credit card encryption is performed at the hardware level and there are no additional settings that need to be set when using 4D Payments SDK. Encrypted Track Data is simply passed as regular track data.

We appreciate your feedback. If you have any questions, comments, or suggestions about this entry please contact our support team at support@4dpayments.com.